Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

@backstage/plugin-scaffolder-backend

View on npm registry
8 Total advisories
8 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 4.4
npm

CVE-2026-32237

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
MEDIUM 6.8
npm

CVE-2021-41151

Path Traversal in @backstage/plugin-scaffolder-backend

HIGH 8.5
npm

CVE-2021-43783

Path Traversal in @backstage/plugin-scaffolder-backend
LOW 2.0
npm

CVE-2026-29184

@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
HIGH 7.1
npm

CVE-2026-24046

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions
LOW 2.6
npm

CVE-2025-55285

Template Secret leakage in logs in Scaffolder when using `fetch:template`
HIGH 8.0
npm

CVE-2023-35926

Backstage Scaffolder plugin has insecure sandbox
UNKNOWN
npm

GHSA-2g8g-63j4-9w3r

RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes