VYPR

npm package

@backstage/plugin-catalog-unprocessed-entities-common

pkg:npm/%40backstage/plugin-catalog-unprocessed-entities-common

Vulnerabilities (1)

  • CVE-2026-44374MedMay 14, 2026
    affected < 0.0.15fixed 0.0.15

    Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity rec