Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

astro

Ecosystem:
npm
Package URL:
pkg:npm/astro
Total PRs:
34,429 Dependabot PRs
Latest PR:
about 14 hours ago
Unique Repositories:
7,643 repositories
Unique Repos (30 days):
523 repositories
Security Advisories
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
GHSA-ggxq-hp9w-j794 CVE-2025-64765 MODERATE published 6 months ago • updated 1 day ago
A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validati...
Atro CSRF Middleware Bypass (security.checkOrigin)
GHSA-c4pw-33h3-35xw CVE-2024-56140 MODERATE published over 1 year ago • updated about 1 month ago
### Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. ### Details When the `security.checkOrigin` confi...
Astro allows unauthorized third-party images in _image endpoint
GHSA-xf8x-j4p2-f749 CVE-2025-55303 MODERATE published 9 months ago • updated about 4 hours ago
### Summary In affected versions of `astro`, the image optimization endpoint in projects deployed with on-demand rendering allows images from unau...
Astro: XSS in define:vars via incomplete </script> tag sanitization
GHSA-j687-52p2-xcff CVE-2026-41067 MODERATE published about 1 month ago • updated 3 days ago
## Summary The `defineScriptVars` function in Astro's server-side rendering pipeline uses a case-sensitive regex `/<\/script>/g` to sanitize value...
Astro's `X-Forwarded-Host` is reflected without validation
GHSA-5ff5-9fcw-vg88 CVE-2025-61925 MODERATE published 8 months ago • updated 11 days ago
### Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an `X-Forwar...
View all 17 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps)(deps-dev): bump the astro group with 3 updates

hasegawa-101/hasegawa #119

6.3.7 → 6.3.8 Patch PR
Closed 1 day ago 1 comment
hasegawa-101
chore(deps): bump the minor-and-patch group across 1 directory with 4 updates

davidhfrost/dhfrost #97

6.3.3 → 6.3.8 Patch PR
Open 2 days ago 2 comments
davidhfrost
chore(deps): Bump astro from 6.3.3 to 6.3.6 in /docs

devantler-tech/ksail #4904

6.3.3 → 6.3.6 Patch PR
Open 2 days ago 1 comment
devantler-tech
build(deps): bump the patch-updates group across 1 directory with 11 updates

W-zeke/my_blog #10

6.3.1 → 6.3.8 Patch PR
Closed 2 days ago 2 comments
W-zeke
Bump astro from 6.3.3 to 6.3.8

FA-T-T/FA-T-T.github.io #20

6.3.3 → 6.3.8 Patch PR
Closed 2 days ago 1 comment
FA-T-T
Bump the patch-updates group across 1 directory with 3 updates

CCA8798/CCA8798_Blog_Astro_Fuwari #22

5.18.1 → 5.18.2 Patch PR
Closed 3 days ago 1 comment
CCA8798
Bump astro from 6.3.1 to 6.3.8

esphome/esphome-devices #1628

6.3.1 → 6.3.8 Patch PR
Open 3 days ago 1 comment
esphome
build(deps): bump the astro group across 1 directory with 2 updates

joeseverino/jseverino.com #8

6.3.5 → 6.3.8 Patch PR
Open 3 days ago 1 comment
joeseverino
Build(deps): Bump the patch-updates group across 1 directory with 7 updates

Yamrc/RC-Blog #138

5.18.1 → 5.18.2 Patch PR
Open 3 days ago 2 comments
Yamrc
build(deps): bump the patch-updates group across 1 directory with 3 updates

naranyinyun/NalanyinyunsLibrary #87

5.18.1 → 5.18.2 Patch PR
Open 3 days ago 1 comment
naranyinyun
deps(site): bump astro from 6.3.5 to 6.3.8 in /site

mcp-tool-shop-org/sovereign #13

6.3.5 → 6.3.8 Patch PR
Open 3 days ago 1 comment
mcp-tool-shop-org
chore(deps): bump the patch-updates group across 1 directory with 4 updates

Games55k/iBlog #47

6.3.7 → 6.3.8 Patch PR
Open 3 days ago 1 comment
Games55k
deps: bump the production-dependencies group with 2 updates

sitcon-tw/camp2026 #137

6.3.7 → 6.3.8 Patch PR
Open 3 days ago 1 comment
sitcon-tw
Bump the patch-updates group across 1 directory with 8 updates

wwwaaa123122/Starlr_blog #6

5.18.1 → 5.18.2 Patch PR
Open 3 days ago 2 comments
wwwaaa123122
Bump the patch-updates group across 1 directory with 8 updates

Hailuo4ever/Hailuo_blog #18

5.18.1 → 5.18.2 Patch PR
Open 3 days ago 1 comment
Hailuo4ever
chore(site): bump astro from 6.3.5 to 6.3.7 in /site in the astro-ecosystem group

jonathan-vella/azure-agentic-infraops #437

6.3.5 → 6.3.7 Patch PR
Open 4 days ago 1 comment
jonathan-vella
build(deps): bump the patch-updates group across 1 directory with 6 updates

qwc-ch/Firefly #24

6.3.5 → 6.3.7 Patch PR
Closed 4 days ago 3 comments
qwc-ch
yarn(deps): bump astro from 6.3.5 to 6.3.7 in the production-dependencies group

devparada/Portfolio #58

6.3.5 → 6.3.7 Patch PR
Closed 4 days ago 2 comments
devparada
Bump astro from 6.3.5 to 6.3.7 in /docs/starlight in the docs-dependencies group

ParleSec/ProtocolSoup #43

6.3.5 → 6.3.7 Patch PR
Open 4 days ago 1 comment
ParleSec
chore(deps): bump the npm-root group with 5 updates

aretw0/vault-seed #31

6.3.5 → 6.3.7 Patch PR
Open 4 days ago 1 comment
aretw0
chore(deps): bump astro from 6.3.5 to 6.3.7 in the astro group

subhan-f/personal-portfolio #10

6.3.5 → 6.3.7 Patch PR
Open 4 days ago 1 comment
subhan-f
Bump astro from 6.3.5 to 6.3.7

AzuraCast/azuracast.com #212

6.3.5 → 6.3.7 Patch PR
Open 4 days ago 1 comment
AzuraCast
chore(deps): bump astro from 6.3.1 to 6.3.7

javirojas988/clase-alan-turing #5

6.3.1 → 6.3.7 Patch PR
Open 4 days ago 2 comments
javirojas988
chore(deps-dev): bump astro from 6.3.1 to 6.3.7

colinvkim/capitalize #7

6.3.1 → 6.3.7 Patch PR
Open 4 days ago 1 comment
colinvkim
chore(deps): bump astro from 6.3.1 to 6.3.7

Ju4nmaFd3z/cert-dev-ops-personal-site #5

6.3.1 → 6.3.7 Patch PR
Open 4 days ago 2 comments
Ju4nmaFd3z
chore(deps): bump astro from 6.3.5 to 6.3.7

idcesares/Portfolio #71

6.3.5 → 6.3.7 Patch PR
Open 4 days ago 2 comments
idcesares
chore(deps): Bump the minor-and-patch group across 1 directory with 14 updates

MinistrarePL/SimpleInvesting #7

6.3.0 → 6.3.7 Patch PR
Open 4 days ago 2 comments
MinistrarePL
Bump the patch-updates group across 1 directory with 4 updates

TinyZzh/TinyZzh.github.io #22

6.3.5 → 6.3.7 Patch PR
Closed 5 days ago 1 comment
TinyZzh
chore(deps): bump astro from 6.3.1 to 6.3.7

jruiher341/personal-site-alan-turing #4

6.3.1 → 6.3.7 Patch PR
Open 5 days ago 2 comments
jruiher341
Bump the patch-updates group across 1 directory with 9 updates

vanutama/vanutamamenulis2026 #7

6.3.1 → 6.3.7 Patch PR
Closed 5 days ago 2 comments
vanutama
chore(deps): bump the minor-and-patch group across 1 directory with 3 updates

rizzutomatteo/gbdesign #15

6.3.1 → 6.3.7 Patch PR
Open 5 days ago 1 comment
rizzutomatteo
chore(deps): bump the npm-minor-patch group with 3 updates

rbetree/menav #75

6.3.3 → 6.3.7 Patch PR
Closed 5 days ago 1 comment
rbetree
chore(deps)(deps): bump astro from 6.3.3 to 6.3.7 in the astro group

cuberhaus/PersonalPortfolio #139

6.3.3 → 6.3.7 Patch PR
Open 5 days ago 1 comment
cuberhaus
設定(deps): Bump astro from 6.3.6 to 6.3.7

cho5butter/dtmf #47

6.3.6 → 6.3.7 Patch PR
Open 5 days ago 1 comment
cho5butter
chore(deps): bump the minor-and-patch group with 7 updates

fune-gaku/member-site-template-public #77

6.3.5 → 6.3.7 Patch PR
Open 5 days ago 2 comments
fune-gaku
chore(deps): Bump astro from 6.3.3 to 6.3.7 in the astro-ecosystem group

Hayato-Isagawa/edu-law #55

6.3.3 → 6.3.7 Patch PR
Closed 5 days ago 2 comments
Hayato-Isagawa
chore(deps): bump astro from 6.3.3 to 6.3.7 in the astro-ecosystem group

Hayato-Isagawa/edu-evidence #215

6.3.3 → 6.3.7 Patch PR
Closed 5 days ago 2 comments
Hayato-Isagawa
chore(deps): bump astro from 6.1.9 to 6.1.10 in /site in the npm_and_yarn group across 1 directory

marquetools/marque #785

6.1.9 → 6.1.10 Patch PR
Closed 5 days ago 2 comments
marquetools
chore(deps-dev): bump astro from 6.3.3 to 6.3.7

landelatech/pesakit #54

6.3.3 → 6.3.7 Patch PR
Closed 5 days ago 1 comment
landelatech
chore(deps): bump astro from 6.3.5 to 6.3.7 in the patch-updates group across 1 directory

prnmjpngst/panduan-kir #3

6.3.5 → 6.3.7 Patch PR
Closed 5 days ago 2 comments
prnmjpngst
build(pkg): bump astro from 6.3.3 to 6.3.7

DiscordLuau/docs #24

6.3.3 → 6.3.7 Patch PR
Open 6 days ago 1 comment
DiscordLuau
chore(deps): bump astro from 6.3.6 to 6.3.7

jagreehal/effect-analyzer #118

6.3.6 → 6.3.7 Patch PR
Closed 6 days ago 1 comment
jagreehal
build(deps): bump astro from 6.3.3 to 6.3.7 in the all-non-major group

dacrab/casa-serena #22

6.3.3 → 6.3.7 Patch PR
Open 6 days ago 2 comments
dacrab
Bump astro from 6.3.3 to 6.3.7 in the prod-minor-patch group

dupontcyborg/nico.codes #3

6.3.3 → 6.3.7 Patch PR
Open 6 days ago 1 comment
dupontcyborg
build(deps): bump astro from 6.3.1 to 6.3.7

schalkneethling/schalkneethling.com #1283

6.3.1 → 6.3.7 Patch PR
Open 6 days ago 2 comments
schalkneethling
build(deps): bump the astro group across 1 directory with 3 updates

navikt/sokos-utbetalingsportalen #887

6.3.1 → 6.3.3 Patch PR
Closed 6 days ago 3 comments
navikt
chore(deps): bump astro from 6.3.4 to 6.3.7

triggeryjs/triggery #17

6.3.4 → 6.3.7 Patch PR
Closed 6 days ago 4 comments
triggeryjs
npm: bump astro from 6.3.3 to 6.3.7

tresr-community/chatbot-frontend #625

6.3.3 → 6.3.7 Patch PR
Closed 6 days ago 2 comments
tresr-community
Bump the patch-updates group with 4 updates

Estrella-529/Estrella #1

6.3.5 → 6.3.7 Patch PR
Open 6 days ago 1 comment
Estrella-529
build(deps): bump the npm_and_yarn group across 2 directories with 6 updates

tsukasa-u/FUSOU #182

6.1.2 → 6.1.10 Patch PR
Open 6 days ago 3 comments
tsukasa-u
Package Details
Name: astro
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/astro
JSON API: View JSON
Security Advisories

17

Active advisories
HIGH 3
MODERATE 10
LOW 4
View All npm Advisories
Package Information
Description:

Astro is a modern site builder with web best practices, performance, and DX front-of-mind.

Repository: https://github.com/withastro/astro
Homepage: https://astro.build
Latest Release: 4.16.16
over 1 year ago
Dependent Repos: 18,705
Dependent Packages: 915
Downloads: 1,349,386
Ranking: Top 0.1941% by dependent repos Top 0.2899% by downloads Top 0.0943% by dependent pkgs
PR Status
Open 15,903 (46.2%)
Merged 3,432 (10.0%)
Closed 12,733 (37.0%)
PR Types
Major 2,397 (7.0%)
Minor 18,465 (53.6%)
Patch 11,189 (32.5%)