VYPR

npm package

@astrojs/cloudflare

pkg:npm/%40astrojs/cloudflare

Vulnerabilities (2)

  • CVE-2026-41321LowApr 24, 2026
    affected < 13.1.10fixed 13.1.10

    @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Wo

  • CVE-2025-58179Sep 4, 2025
    affected >= 11.0.3, < 12.6.6fixed 12.6.6

    Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint does