95 matches found
EUVD-2026-5002
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...
CVE-2026-25152
The CVE-2026-25152 entry concerns the Backstage @backstage/plugin-techdocs-node, where versions before 1.13.11 and 1.14.1 allow path traversal via the TechDocs local generator when techdocs.generator.runIn is set to local. This permits reading arbitrary host files as MkDocs follows symlinks in do...
CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...
@backstage/plugin-search-backend-module-techdocs (>=0.4.9-next.0 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20251222025103 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25152 via @backstage/plugin-techdocs-node (>=1.0.0 <=1.13.11-next.0)
@backstage/plugin-techdocs-node NPM version =1.0.0, =0.4.9-next.0, =0.0.0-nightly-20251222025103, =0.11.13, =0.0.0-nightly-20241120023536, =1.10.4-next.2 Source cves: CVE-2026-25152 Source advisory: SNYK:JS-BACKSTAGEPLUGINTECHDOCSNODE-15166605...
CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...
Directory Traversal
Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal via the TechdocsGenerator function when processing documentation from...
CVE-2026-25153
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
CVE-2026-25153
In CVE-2026-25153, versions of @backstage/plugin-techdocs-node before 1.13.11 and before 1.14.1 are vulnerable when TechDocs runs with runIn: local. A malicious actor who can submit or modify a repository’s mkdocs.yml can cause arbitrary Python code execution on the TechDocs build server via MkDo...
CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
Arbitrary Code Injection
Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured wit...
@backstage/plugin-search-backend-module-techdocs (>=0.4.9-next.0 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20251222025103 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25153 via @backstage/plugin-techdocs-node (>=1.0.0 <=1.13.11-next.0)
@backstage/plugin-techdocs-node NPM version =1.0.0, =0.4.9-next.0, =0.0.0-nightly-20251222025103, =0.11.13, =0.0.0-nightly-20241120023536, =1.10.4-next.2 Source cves: CVE-2026-25153 Source advisory: SNYK:JS-BACKSTAGEPLUGINTECHDOCSNODE-15166604...
EUVD-2026-5004
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
PT-2026-5463
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and versions prior to 1.14.1 Description Backstage’s @backstage/plugin-techdocs-node component, used for TechDocs, is susceptible to remote code execution. When TechDocs is configured to run locally runIn:...
PT-2026-5494
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and 1.14.1 Description Backstage is a framework for building developer portals, and @backstage/plugin-techdocs-node provides functionalities for TechDocs. A path traversal issue exists in the TechDocs local...
EUVD-2021-1324
Malware in sbrugna...
EUVD-2021-1373
Malware in sbrugna...
EUVD-2021-1371
Malware in sbrugna...
EUVD-2024-2702
Malicious code in bioql PyPI...