OsVault/npm/@backstage/backend-defaults
npm

@backstage/backend-defaults

2 known vulnerabilities · 0 critical · 0 high

CVE-2026-24046

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Published Jan 21, 2026
CVE-2026-24048

Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Published Jan 21, 2026
Check your entire dependency tree at onceRun dependency scan →