Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/%40backstage/plugin-techdocs-node@1.14.1
purl pkg:npm/%40backstage/plugin-techdocs-node@1.14.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-44tf-rp9m-yqgm @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with `techdocs.generator.runIn: local`. When processing documentation from untrusted sources, symlinks within the docs directory are followed by MkDocs during the build process. File contents are embedded into generated HTML and exposed to users who can view the documentation. CVE-2026-25152
GHSA-w669-jj7h-88m9
VCID-a2ex-8at2-9yeu @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. CVE-2026-25153
GHSA-6jr7-99pf-8vgf

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:49:49.442320+00:00 GitLab Importer Fixing VCID-a2ex-8at2-9yeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-node/CVE-2026-25153.yml 38.6.0
2026-06-02T04:49:49.307543+00:00 GitLab Importer Fixing VCID-44tf-rp9m-yqgm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-node/CVE-2026-25152.yml 38.6.0