pkg:npm/@backstage/backend-defaults
2 total CVEsHIGH1LOW1
✅ Check your installed version
All known vulnerabilities
HIGH7.1CVE-2026-24046Backstage has a Possible Symlink Path Traversal in Scaffolder Actions from 0, < 0.12.2
LOW3.5CVE-2026-24048Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` from 0, < 0.12.2