@backstage/plugin-scaffolder-backend

6 known vulnerabilities · 0 critical · 2 high

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Published Jan 21, 2026

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Published Mar 12, 2026

Path Traversal in @backstage/plugin-scaffolder-backend

Published Dec 1, 2021

Backstage Scaffolder plugin has insecure sandbox

Published Jun 21, 2023

@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Published Mar 5, 2026

Path Traversal in @backstage/plugin-scaffolder-backend

Published Oct 19, 2021

Check your entire dependency tree at onceRun dependency scan →