@backstage/plugin-catalog-backend (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @backstage/plugin-catalog-backend, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-25571 — CVSS 6.8 (medium): Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components…
CVE-2024-45815 — CVSS 6.5 (medium): Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the…