pkg:npm/@backstage/plugin-scaffolder-backend

All known vulnerabilities

• HIGH8.5CVE-2021-43783Path Traversal in @backstage/plugin-scaffolder-backend
  from 0, < 0.15.14
• HIGH8.0CVE-2023-35926Backstage Scaffolder plugin has insecure sandbox
  from 0, < 1.15.0
• HIGH7.1CVE-2026-24046Backstage has a Possible Symlink Path Traversal in Scaffolder Actions
  from 0, < 2.2.2
• MEDIUM6.8Path Traversal in @backstage/plugin-scaffolder-backend
  >= 0.9.4, < 0.15.9
• MEDIUM4.4@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
  >= 3.1.0, < 3.1.5
• LOW2.6Template Secret leakage in logs in Scaffolder when using `fetch:template`
  from 0, < 2.1.1
• LOW2.0@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
  from 0, < 3.1.4