@backstage/backend-defaults

This hub aggregates every CVE we track for @backstage/backend-defaults, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

LOW1HIGH1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 2 most recently published vulnerabilities affecting @backstage/backend-defaults.

CVE-2026-24048Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`3.5Jan 21, 2026
CVE-2026-24046Backstage has a Possible Symlink Path Traversal in Scaffolder Actions7.1Jan 21, 2026

Product normalization is registry-driven with AI assist and human review. How it works