296 matches found
Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2026-7788
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...
EUVD-2026-27161
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...
CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...
CVE-2026-7788
Summary: CVE-2026-7788 affects Axle-Bucamp MCP-Docusaurus. A path traversal vulnerability exists in the file path app/routes/document.py, specifically in the functions update_document, continue_document, delete_document, and get_content, triggered by manipulating the DOCS_DIR/path argument. This ...
CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...
MCP Docusaurus Toolkit 路径遍历漏洞
MCP Docusaurus Toolkit is a documentation management and semantic search platform developed by Bucamp Axle’s individual developers. The MCP Docusaurus Toolkit has a path traversal vulnerability, which stems from the operations on the parameter DOCSDIR/path in the functions updatedocument,...
Malicious Package
Overview docusaurus-plugin-launchdarkly is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
MAL-2026-735 Malicious code in docusaurus-plugin-launchdarkly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e875ce6b5b0d95c7100cdba68bed891c712b414716f07147e6a3f04f4f9b4789 The package docusaurus-plugin-launchdarkly was found to contain malicious code. Source: ghsa-malware...
Malicious code in docusaurus-plugin-launchdarkly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e875ce6b5b0d95c7100cdba68bed891c712b414716f07147e6a3f04f4f9b4789 The package docusaurus-plugin-launchdarkly was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190956 Malicious code in docusaurus-plugin-vanilla-extract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659e389b89fcdf1fe723b544962764d4f2881cae9694dc4107fbbb4ec077328 The package docusaurus-plugin-vanilla-extract was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199087
Malicious code in docusaurus-plugin-vanilla-extract npm...
Malicious code in docusaurus-plugin-vanilla-extract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659e389b89fcdf1fe723b544962764d4f2881cae9694dc4107fbbb4ec077328 The package docusaurus-plugin-vanilla-extract was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198903
Malicious code in posthog-docusaurus npm...
MAL-2025-190924 Malicious code in posthog-docusaurus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 317ab9fe546aa6930bf7fb3ee7c35c737d56963b41a4f3d4363abdb0ebfbfa49 The package posthog-docusaurus was found to contain malicious code. Source: google-open-source-security...
Malicious code in posthog-docusaurus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 317ab9fe546aa6930bf7fb3ee7c35c737d56963b41a4f3d4363abdb0ebfbfa49 The package posthog-docusaurus was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-179282
Malicious code in docusaurus-xml-proxima-luna npm...
Malicious code in docusaurus-xml-proxima-luna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4841cb7fbba4912212b6867a9ab9667021ec18b4781ff0fe00923b7377062a5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179288
Malicious code in docusaurus-hugo-uglify-js-dione npm...