Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

backstage — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting backstage. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by backstage:backstage
CVE IDTitleCVSSSeverityPublished
CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution — backstageCWE-434 7.7 High2026-03-07
CVE-2026-29184 @backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass — backstageCWE-532 2.0 Low2026-03-07
CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token — backstageCWE-22 2.7 Low2026-03-07
CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator — backstageCWE-22 5.3 Medium2026-01-30
CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks — backstageCWE-94 7.7 High2026-01-30
CVE-2026-24048 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` — backstageCWE-918 3.5 Low2026-01-21
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass — backstageCWE-59 6.3 Medium2026-01-21
CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions — backstageCWE-22 7.1 High2026-01-21
CVE-2025-55285 @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template` — backstageCWE-532 2.6 Low2025-08-15
CVE-2025-32791 Permission policy information leakage in Backstage permission system — backstageCWE-213 4.3 Medium2025-04-16
CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin — backstageCWE-918 5.4 Medium2024-11-29
CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend — backstageCWE-440 5.8 Medium2024-10-03
CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend — backstageCWE-1321 6.5 Medium2024-09-17
CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend — backstageCWE-23 6.5 Medium2024-09-17
CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend — backstageCWE-693 6.5 Medium2024-09-17
CVE-2024-26150 `@backstage/backend-common` vulnerable to path traversal through symlinks — backstageCWE-22 8.7 High2024-02-23
CVE-2023-35926 Insecure sandbox in Backstage Scaffolder plugin — backstageCWE-94 8.1 High2023-06-22
CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog — backstageCWE-84 6.8 Medium2023-02-14
CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend — backstageCWE-22 8.5 High2021-11-29
CVE-2021-43776 XSS vulnerability in @backstage/plugin-auth-backend — backstageCWE-79 7.4 High2021-11-26
CVE-2021-41151 Path Traversal in @backstage/plugin-scaffolder-backend — backstageCWE-22 6.8 Medium2021-10-18
CVE-2021-32662 TechDocs mkdocs.yml path traversal — backstageCWE-22 6.5 Medium2021-06-03
CVE-2021-32661 TechDocs object element script injection — backstageCWE-77 6.8 Medium2021-06-03
CVE-2021-32660 TechDocs content sanitization bypass — backstageCWE-77 6.8 Medium2021-06-03

This page lists every published CVE security advisory associated with backstage. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.