Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

astro

Ecosystem:
npm
Package URL:
pkg:npm/astro
Total PRs:
34,217 Dependabot PRs
Latest PR:
about 9 hours ago
Unique Repositories:
7,538 repositories
Unique Repos (30 days):
775 repositories
Security Advisories
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
GHSA-ggxq-hp9w-j794 CVE-2025-64765 MODERATE published 6 months ago • updated 19 days ago
A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validati...
Atro CSRF Middleware Bypass (security.checkOrigin)
GHSA-c4pw-33h3-35xw CVE-2024-56140 MODERATE published over 1 year ago • updated 21 days ago
### Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. ### Details When the `security.checkOrigin` confi...
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
GHSA-whqg-ppgf-wp8c CVE-2025-66202 MODERATE published 5 months ago • updated 5 days ago
# Authentication Bypass via Double URL Encoding in Astro ## Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- ### Summary A **double URL encod...
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
GHSA-m85w-3h95-hcf9 CVE-2024-47885 MODERATE published over 1 year ago • updated about 1 month ago
### Summary A DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting (XSS) in websites enable...
Astro: XSS in define:vars via incomplete </script> tag sanitization
GHSA-j687-52p2-xcff CVE-2026-41067 MODERATE published 27 days ago • updated 11 days ago
## Summary The `defineScriptVars` function in Astro's server-side rendering pipeline uses a case-sensitive regex `/<\/script>/g` to sanitize value...
View all 17 advisories
Recent PRs
RSS Feed
chore(deps): bump the minor-and-patch group with 17 updates

FusionBrah/StreamVault-website #94

6.3.1 → 6.3.3 Patch PR
Open about 9 hours ago 2 comments
FusionBrah
Bump astro from 6.1.6 to 6.3.3

MeonValleyWeb/meonvalleyweb2025 #57

6.1.6 → 6.3.3 Minor PR
Open about 12 hours ago 2 comments
MeonValleyWeb
chore(deps): bump the site-npm group across 1 directory with 3 updates

rpuls/my-own-suite #91

6.1.10 → 6.3.3 Minor PR
Open about 13 hours ago 1 comment
rpuls
deps(deps): bump the all-dependencies group across 1 directory with 66 updates

nabashi404/saas-test #3

5.17.2 → 6.3.3 Major PR
Open about 13 hours ago 1 comment
nabashi404
chore(deps): bump astro from 6.3.1 to 6.3.3 in the astro group

Skords-01/BACK_FUTURE #152

6.3.1 → 6.3.3 Patch PR
Open about 13 hours ago 1 comment
Skords-01
Bump astro from 6.0.8 to 6.3.3

dbeg/personal-website #17

6.0.8 → 6.3.3 Minor PR
Open about 14 hours ago 1 comment
dbeg
chore(deps): bump astro from 5.18.1 to 6.1.10

triggeryjs/triggery #10

5.18.1 → 6.1.10 Major PR
Open about 15 hours ago 3 comments
triggeryjs
chore(deps): Bump the astro-ecosystem group with 2 updates

Hayato-Isagawa/edu-law #22

6.3.1 → 6.3.3 Patch PR
Closed about 18 hours ago 2 comments
Hayato-Isagawa
chore(deps): bump the minor-and-patch group with 10 updates

fune-gaku/member-site-template-public #69

6.3.1 → 6.3.3 Patch PR
Open about 18 hours ago 2 comments
fune-gaku
chore(deps): bump the astro group with 2 updates

0-draft/chainscope #12

6.3.1 → 6.3.3 Patch PR
Open about 18 hours ago 1 comment
0-draft
chore(deps): bump the astro group across 1 directory with 2 updates

silasolla/my-website #50

6.1.9 → 6.3.3 Minor PR
Open about 18 hours ago 1 comment
silasolla
deps: bump astro from 6.1.8 to 6.3.3

matoous/wiki #42

6.1.8 → 6.3.3 Minor PR
Open about 19 hours ago 1 comment
matoous
Bump the npm_and_yarn group across 1 directory with 11 updates

candostdagdeviren/candost.blog-astro #56

6.1.8 → 6.3.3 Minor PR
Open about 21 hours ago 1 comment
candostdagdeviren
chore(deps): bump the astro group across 1 directory with 2 updates

EUDCH/cmdb #17

5.18.1 → 6.3.3 Major PR
Open about 21 hours ago 2 comments
EUDCH
chore(deps): bump the astro-ecosystem group with 2 updates

Ruthlessa/Mizuki #100

6.3.1 → 6.3.3 Patch PR
Open 1 day ago 3 comments
Ruthlessa
Bump astro from 6.3.1 to 6.3.3

Paul1404/astro-portfolio #70

6.3.1 → 6.3.3 Patch PR
Open 1 day ago 1 comment
Paul1404
chore(deps): bump the npm_and_yarn group across 4 directories with 5 updates

Wholiver/codemate #10

5.7.13 → 6.1.10 Major PR
Open 1 day ago 2 comments
Wholiver
chore(deps): bump astro from 5.7.13 to 6.1.10 in /packages/web in the npm_and_yarn group across 1 directory

Wholiver/codemate #7

5.7.13 → 6.1.10 Major PR
Closed 1 day ago 3 comments
Wholiver
deps(deps): bump the npm-security group across 1 directory with 6 updates

sustanza/stargarden #46

5.18.1 → 6.3.3 Major PR
Closed 1 day ago 4 comments
sustanza
deps(deps): bump astro from 5.18.1 to 6.3.1

sustanza/stargarden #41

5.18.1 → 6.3.1 Major PR
Open 1 day ago 2 comments
sustanza
chore(deps): bump astro from 6.2.1 to 6.3.3

nexailabs/NexAI-Website #73

6.2.1 → 6.3.3 Minor PR
Open 1 day ago 1 comment
nexailabs
build(deps): bump astro from 6.3.1 to 6.3.3 in the all-non-major group

dacrab/casa-serena #19

6.3.1 → 6.3.3 Patch PR
Closed 1 day ago 2 comments
dacrab
chore(deps): bump astro from 5.18.1 to 6.3.3 in /web

TeoSlayer/pilotprotocol #104

5.18.1 → 6.3.3 Major PR
Open 1 day ago 1 comment
TeoSlayer
chore(deps): bump the astro group with 2 updates

samui-build/samui-wallet #1077

6.2.2 → 6.3.1 Minor PR
Open 2 days ago 4 comments
samui-build
chore(deps): bump the all-dependencies group with 3 updates

gvdenbro/kumbengo-lab #5

6.3.1 → 6.3.3 Patch PR
Open 2 days ago 1 comment
gvdenbro
build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

jaypatrick/bloqr-landing #124

6.1.8 → 6.3.3 Minor PR
Closed 2 days ago 1 comment
jaypatrick
fix: bump astro from 6.1.10 to 6.3.1

noshiro-pf/synstate #108

6.1.10 → 6.3.1 Minor PR
Open 2 days ago 2 comments
noshiro-pf
chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates

schmug/loomwiki #47

5.18.1 → 6.1.10 Major PR
Open 2 days ago 1 comment
schmug
Bump the npm_and_yarn group across 3 directories with 3 updates

zebadee2kk/HamMediaLabs #70

4.16.19 → 6.1.10 Major PR
Open 2 days ago 1 comment
zebadee2kk
chore(deps): Bump astro from 5.18.1 to 6.3.3

martinopedal/opedal.tech #81

5.18.1 → 6.3.3 Major PR
Open 2 days ago 2 comments
martinopedal
chore(deps): bump astro from 6.3.1 to 6.3.3 in /docs

Enach/clockwise-like #50

6.3.1 → 6.3.3 Patch PR
Open 2 days ago 1 comment
Enach
chore(deps): bump astro from 6.1.9 to 6.3.3

EphyraSoftware/ordo-website #7

6.1.9 → 6.3.3 Minor PR
Open 3 days ago 1 comment
EphyraSoftware
chore(deps): bump the bun group with 3 updates

hagelstam/www #44

6.3.1 → 6.3.3 Patch PR
Open 3 days ago 2 comments
hagelstam
Bump astro from 5.18.1 to 6.1.10 in /site in the npm_and_yarn group across 1 directory

mgzwarrior/mgz-pkmn #148

5.18.1 → 6.1.10 Major PR
Closed 3 days ago 2 comments
mgzwarrior
Bump the dependencies group with 9 updates

peucastro/website #48

6.3.1 → 6.3.3 Patch PR
Open 3 days ago 1 comment
peucastro
chore(deps): bump astro from 6.2.1 to 6.3.3

morinokami/astro-slidev #19

6.2.1 → 6.3.3 Minor PR
Open 3 days ago 3 comments
morinokami
Bump astro from 6.2.1 to 6.3.3

proTcity/protcity-website #6

6.2.1 → 6.3.3 Minor PR
Open 3 days ago 1 comment
proTcity
chore(deps): Bump astro from 5.18.1 to 6.1.10

omaraalvarezo/landing-omar #7

5.18.1 → 6.1.10 Major PR
Open 3 days ago 1 comment
omaraalvarezo
chore(deps): bump the astro group across 1 directory with 2 updates

laichunpongben/foodbook #71

5.18.1 → 6.3.3 Major PR
Open 3 days ago 1 comment
laichunpongben
deps(deps): bump the minor-and-patch group across 1 directory with 29 updates

kjfsm/notion-headless-cms #272

6.2.2 → 6.3.3 Minor PR
Closed 3 days ago 5 comments
kjfsm
chore(deps): Bump the minor-and-patch group with 11 updates

MinistrarePL/SimpleInvesting #4

6.3.0 → 6.3.3 Patch PR
Open 3 days ago 2 comments
MinistrarePL
chore(deps): Bump the astro group with 2 updates

dossierhq/dossierhq #1656

6.2.2 → 6.3.1 Minor PR
Open 3 days ago 3 comments
dossierhq
chore(deps-dev): bump astro from 6.3.2 to 6.3.3

Mergifyio/docs #11494

6.3.2 → 6.3.3 Patch PR
Open 4 days ago 2 comments
Mergifyio
build(deps-dev): bump astro from 5.18.1 to 6.1.10

thraizz/chronicles-of-azeroth #2

5.18.1 → 6.1.10 Major PR
Open 4 days ago 1 comment
thraizz
build(deps): bump the patch-updates group across 1 directory with 10 updates

chnbsdan/astrohd-43024 #7

6.3.1 → 6.3.3 Patch PR
Open 4 days ago 1 comment
chnbsdan
build(deps): bump the patch-updates group across 1 directory with 10 updates

qwc-ch/Firefly #22

6.3.1 → 6.3.3 Patch PR
Open 4 days ago 2 comments
qwc-ch
build(deps): bump the npm_and_yarn group across 12 directories with 17 updates

cainbryce/bun #101

5.5.5 → 6.1.10 Major PR
Closed 4 days ago 1 comment
cainbryce
chore(deps): bump the npm_and_yarn group across 3 directories with 24 updates

anumethod/openai-agents-js #29

5.13.0 → 6.1.10 Major PR
Open 4 days ago 2 comments
anumethod
Bump the npm_and_yarn group across 12 directories with 20 updates

CaffeeLake/bun #337

6.1.6 → 6.1.10 Patch PR
Open 4 days ago 1 comment
CaffeeLake
chore(deps): bump the npm_and_yarn group across 22 directories with 6 updates

Kbro1989/cloudflare-code-agent #74

5.18.1 → 6.1.10 Major PR
Open 4 days ago 2 comments
Kbro1989
Package Details
Name: astro
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/astro
JSON API: View JSON
Security Advisories

17

Active advisories
HIGH 3
MODERATE 10
LOW 4
View All npm Advisories
Package Information
Description:

Astro is a modern site builder with web best practices, performance, and DX front-of-mind.

Repository: https://github.com/withastro/astro
Homepage: https://astro.build
Latest Release: 4.16.16
over 1 year ago
Dependent Repos: 18,705
Dependent Packages: 915
Downloads: 1,349,386
Ranking: Top 0.1941% by dependent repos Top 0.2899% by downloads Top 0.0943% by dependent pkgs
PR Status
Open 15,786 (46.2%)
Merged 3,432 (10.0%)
Closed 12,630 (36.9%)
PR Types
Minor 18,414 (53.8%)
Major 2,323 (6.8%)
Patch 11,094 (32.4%)