@backstage/plugin-scaffolder-backend vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-32237Medium@backstage/plugin-scaffolder-backend: @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpointCVE-2026-29184Low@backstage/plugin-scaffolder-backend: @backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction BypassCVE-2026-24046High@backstage/backend-defaults: Backstage has a Possible Symlink Path Traversal in Scaffolder ActionsCVE-2025-55285Low@backstage/plugin-scaffolder-backend: Template Secret leakage in logs in Scaffolder when using `fetch:template`CVE-2023-35926High@backstage/plugin-scaffolder-backend: Backstage Scaffolder plugin has insecure sandboxGHSA-2G8G-63J4-9W3RHigh@backstage/plugin-scaffolder-backend: RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backendCVE-2021-43783High@backstage/plugin-scaffolder-backend: Path Traversal in @backstage/plugin-scaffolder-backendCVE-2021-41151Medium@backstage/plugin-scaffolder-backend: Path Traversal in @backstage/plugin-scaffolder-backend

Stop the waste.
Protect your environment with Kodem.