Search for packages
| purl | pkg:npm/%40backstage/plugin-techdocs-node@1.13.11 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-f9zu-z698-tyca | @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. |
CVE-2026-25153
GHSA-6jr7-99pf-8vgf |
| VCID-y8ht-zmnx-3fdd | @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with `techdocs.generator.runIn: local`. When processing documentation from untrusted sources, symlinks within the docs directory are followed by MkDocs during the build process. File contents are embedded into generated HTML and exposed to users who can view the documentation. |
CVE-2026-25152
GHSA-w669-jj7h-88m9 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T01:07:04.995622+00:00 | GHSA Importer | Fixing | VCID-f9zu-z698-tyca | https://github.com/advisories/GHSA-6jr7-99pf-8vgf | 38.6.0 |
| 2026-05-31T01:07:04.437819+00:00 | GHSA Importer | Fixing | VCID-y8ht-zmnx-3fdd | https://github.com/advisories/GHSA-w669-jj7h-88m9 | 38.6.0 |
| 2026-05-30T21:06:13.496142+00:00 | GitLab Importer | Fixing | VCID-f9zu-z698-tyca | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-node/CVE-2026-25153.yml | 38.6.0 |
| 2026-05-30T21:06:13.355598+00:00 | GitLab Importer | Fixing | VCID-y8ht-zmnx-3fdd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-node/CVE-2026-25152.yml | 38.6.0 |