Home > Vulnerability Database > CVE-2025-53624

Mend.io Vulnerability Database

CVE-2025-53624

Good to know:

Date: July 9, 2025

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code. This vulnerability is fixed in 4.0.0.

Severity Score

10.0

Related Resources (5)

Url: https://github.com/webbertakken/docusaurus-plugin-content-gists/commit/8d4230b82412edb215ddfa9e609d178510a5fe31

Url: https://github.com/webbertakken/docusaurus-plugin-content-gists/security/advisories/GHSA-qf34-qpr4-5pph

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-53624

Url: https://github.com/webbertakken/docusaurus-plugin-content-gists

Url: https://www.mend.io/vulnerability-database/CVE-2025-53624

Severity Score

10.0

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version docusaurus-plugin-content-gists - 4.0.0;https://github.com/webbertakken/docusaurus-plugin-content-gists.git - v4.0.0

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-53624

Good to know:

Date: July 9, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?