
We found results for “”
CVE-2025-53624
Good to know:


Date: July 9, 2025
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code. This vulnerability is fixed in 4.0.0.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200Top Fix

Upgrade Version
Upgrade to version docusaurus-plugin-content-gists - 4.0.0;https://github.com/webbertakken/docusaurus-plugin-content-gists.git - v4.0.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |