Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rd53-bcvf-mkad
Vulnerability ID VCID-rd53-bcvf-mkad
Aliases CVE-2022-25863
GHSA-mj46-r4gr-5x83
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-502 Deserialization of Untrusted Data
System Score Found at
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2022-25863
cvssv3.1 8.1 https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing
generic_textual HIGH https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-mj46-r4gr-5x83
cvssv3.1 8.1 https://github.com/gatsbyjs/gatsby
generic_textual HIGH https://github.com/gatsbyjs/gatsby
cvssv3.1 8.1 https://github.com/gatsbyjs/gatsby/pull/35830
generic_textual HIGH https://github.com/gatsbyjs/gatsby/pull/35830
cvssv3.1 8.1 https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e
generic_textual HIGH https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e
cvssv3.1 8.1 https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-mj46-r4gr-5x83
cvssv3.1_qr HIGH https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-mj46-r4gr-5x83
generic_textual HIGH https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-mj46-r4gr-5x83
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25863
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-25863
cvssv3.1 8.1 https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699
generic_textual HIGH https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-25863
https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing
https://github.com/gatsbyjs/gatsby
https://github.com/gatsbyjs/gatsby/pull/35830
https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e
https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699
CVE-2022-25863 https://nvd.nist.gov/vuln/detail/CVE-2022-25863
GHSA-mj46-r4gr-5x83 https://github.com/advisories/GHSA-mj46-r4gr-5x83
GHSA-mj46-r4gr-5x83 https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-mj46-r4gr-5x83
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://drive.google.com/file/d/1EoCzbwTWOM8-fjvwMbH3bqcZ2iKksxTW/view?usp=sharing
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/gatsbyjs/gatsby
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/gatsbyjs/gatsby/pull/35830
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/gatsbyjs/gatsby/pull/35830/commits/f214eb0694c61e348b2751cecd1aace2046bc46e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-mj46-r4gr-5x83
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-25863
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72617
EPSS Score 0.00712
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T22:17:13.317760+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0