Search for packages
| purl | pkg:npm/gatsby@2.3.23 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-79km-ke52-afhd
Aliases: CVE-2023-34238 GHSA-c6f8-8r25-c4gc |
Local File Inclusion vulnerability in Gatsby develop server Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `gatsby@5.9.1` and `gatsby@4.25.7` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rd53-bcvf-mkad
Aliases: CVE-2022-25863 GHSA-mj46-r4gr-5x83 |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-01T07:28:30.635131+00:00 | GitLab Importer | Affected by | VCID-79km-ke52-afhd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/gatsby/CVE-2023-34238.yml | 38.6.0 |
| 2026-06-01T06:56:21.883433+00:00 | GitLab Importer | Affected by | VCID-rd53-bcvf-mkad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/gatsby/CVE-2022-25863.yml | 38.6.0 |