@backstage/techdocs-common is vulnerable to information disclosure. An attacker is able bypass sanitization by uploading documentation content with malicious scripts that would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitization will be bypassed and the attacker may gain access to confidential data.