296 matches found
Malicious code in docusaurus-transform-achernar-cosmos (npm)
The package docusaurus-transform-achernar-cosmos was found to contain malicious code...
MAL-2025-33313 Malicious code in sirius-dione-sqlite-docusaurus (npm)
The package sirius-dione-sqlite-docusaurus was found to contain malicious code...
MAL-2025-34140 Malicious code in sublimation-docusaurus-hermes-avior (npm)
The package sublimation-docusaurus-hermes-avior was found to contain malicious code...
MAL-2025-18579 Malicious code in docusaurus-cladistics-version-lacerta (npm)
The package docusaurus-cladistics-version-lacerta was found to contain malicious code...
Malicious code in docusaurus-theme (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6714 Malicious code in docusaurus-theme (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in ifood-docusaurus-theme (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6728 Malicious code in ifood-docusaurus-theme (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-53624
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
CVE-2025-53624
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624
The CVE-2025-53624 entry concerns the Docusaurus plugin docusaurus-plugin-content-gists. Versions prior to 4.0.0 are vulnerable because a GitHub Personal Access Token passed via plugin configuration could be exposed in production build artifacts, embedding the token in client-side JavaScript bund...
Docusaurus gists plugin 信息泄露漏洞
Docusaurus gists plugin is an automation plugin by Webber Takken Personal Developer. An information disclosure vulnerability exists in Docusaurus gists plugin versions prior to 4.0.0, which stems from a GitHub token disclosure that could lead to credential disclosure...
PT-2025-28964 · Unknown · Docusaurus-Plugin-Content-Gists
Name of the Vulnerable Software and Affected Versions: docusaurus-plugin-content-gists versions prior to 4.0.0 Description: The Docusaurus gists plugin displays public gists of a GitHub user on a Docusaurus instance. Versions prior to 4.0.0 inadvertently include GitHub Personal Access Tokens in...
Malicious code in new-nav-docusaurus-2-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 056a07097ce29a75544b9e104af6e236c35ff7aeac79d48c35c1a208a779f41e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2391 Malicious code in new-nav-docusaurus-2-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 056a07097ce29a75544b9e104af6e236c35ff7aeac79d48c35c1a208a779f41e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...