pkg:npm/@backstage/backend-defaults

All known vulnerabilities

• HIGH7.1CVE-2026-24046Backstage has a Possible Symlink Path Traversal in Scaffolder Actions
  from 0, < 0.12.2
• LOW3.5CVE-2026-24048Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`
  from 0, < 0.12.2