VYPR

npm package

@backstage/plugin-techdocs-node

pkg:npm/%40backstage/plugin-techdocs-node

Vulnerabilities (3)

  • CVE-2026-29186Mar 7, 2026
    affected < 1.14.3fixed 1.14.3

    Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys

  • CVE-2026-25152Jan 30, 2026
    affected >= 1.14.0, < 1.14.1fixed 1.14.1

    Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs loca

  • CVE-2026-25153Jan 30, 2026
    affected >= 1.14.0, < 1.14.1fixed 1.14.1

    Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a