@backstage/plugin-scaffolder-backend

This hub aggregates every CVE we track for @backstage/plugin-scaffolder-backend, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting @backstage/plugin-scaffolder-backend.

• CVE-2026-32237@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint4.4Mar 12, 2026
• CVE-2026-29184@backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass2.0Mar 7, 2026
• CVE-2026-24046Backstage has a Possible Symlink Path Traversal in Scaffolder Actions7.1Jan 21, 2026
• CVE-2025-55285@backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template`2.6Aug 15, 2025
• CVE-2023-35926Insecure sandbox in Backstage Scaffolder plugin8.0Jun 22, 2023
• CVE-2021-43783Path Traversal in @backstage/plugin-scaffolder-backend8.5Nov 29, 2021
• CVE-2021-41151Path Traversal in @backstage/plugin-scaffolder-backend6.8Oct 18, 2021