Package impact
npm / @backstage/plugin-scaffolder-backend
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-32237 | medium | 6.5 | 6.5 | 3mo ago | @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint | |
| CVE-2026-29184 | unknown | — | — | 3mo ago | @backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass | |
| CVE-2026-24046 | unknown | — | — | 4mo ago | Backstage has a Possible Symlink Path Traversal in Scaffolder Actions | |
| CVE-2025-55285 | unknown | — | — | 10mo ago | Template Secret leakage in logs in Scaffolder when using `fetch:template` | |
| CVE-2023-35926 | unknown | — | — | 3y ago | Backstage Scaffolder plugin has insecure sandbox | |
| CVE-2021-43783 | unknown | — | — | 5y ago | Path Traversal in @backstage/plugin-scaffolder-backend | |
| CVE-2021-41151 | unknown | — | — | 5y ago | Path Traversal in @backstage/plugin-scaffolder-backend |