VYPR
Vendor

Backstage

Products
2
CVEs
23
Across products
23
Status
Private

Products

2

Recent CVEs

23
View all 23 CVEs →
  • CVE-2026-24046HigJan 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read…

  • CVE-2024-53983MedNov 29, 2024
    risk 0.35cvss 5.4epss 0.00

    The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The…

  • CVE-2026-24047MedJan 21, 2026
    risk 0.34cvss 6.3epss 0.00

    Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in…

  • CVE-2024-47762MedOct 3, 2024
    risk 0.31cvss 5.8epss 0.00

    Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if…

  • CVE-2026-44374MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity…

  • CVE-2025-32791MedApr 16, 2025
    risk 0.21cvss 4.3epss 0.00

    The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed…

  • CVE-2025-55285LowAug 15, 2025
    risk 0.10cvss 2.6epss 0.00

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{…

  • CVE-2026-32235Mar 12, 2026
    risk 0.00cvss epss 0.00

    Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID…

  • CVE-2026-29186Mar 7, 2026
    risk 0.00cvss epss 0.00

    Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys…

  • CVE-2026-25152Jan 30, 2026
    risk 0.00cvss epss 0.00

    Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs…

  • CVE-2026-25153Jan 30, 2026
    risk 0.00cvss epss 0.00

    Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a…

  • CVE-2024-45815Sep 17, 2024
    risk 0.00cvss epss 0.01

    Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed…

  • CVE-2024-45816Sep 17, 2024
    risk 0.00cvss epss 0.01

    Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass…

  • CVE-2024-46976Sep 17, 2024
    risk 0.00cvss epss 0.00

    Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or…

  • CVE-2024-26150Feb 23, 2024
    risk 0.00cvss epss 0.01

    `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not…

  • CVE-2023-35926Jun 22, 2023
    risk 0.00cvss epss 0.02

    Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past…

  • CVE-2023-25571Feb 14, 2023
    risk 0.00cvss epss 0.00

    Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This…

  • CVE-2021-43783Nov 29, 2021
    risk 0.00cvss epss 0.01

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the…

  • CVE-2021-43776Nov 26, 2021
    risk 0.00cvss epss 0.01

    Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate…

  • CVE-2021-41151Oct 18, 2021
    risk 0.00cvss epss 0.01

    Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a…