CVE-2025-53624 – Docusaurus GitHub Gists Plugin Exposes Personal Access Tokens

July 10, 2025

CVE ID : CVE-2025-53624

Published : July 9, 2025, 9:15 p.m. | 6 hours, 45 minutes ago

Description : The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website’s source code. This vulnerability is fixed in 4.0.0.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6376 – Rockwell Automation Arena® Remote Code Execution Vulnerability

Next Article CVE-2025-52357 – FiberHome FD602GW-DX-R410 Router Ping Diagnostic XSS

Highlights

CVE-2025-43560 – ColdFusion Arbitrary Code Execution Vulnerability

May 13, 2025

CVE ID : CVE-2025-43560

Published : May 13, 2025, 9:16 p.m. | 1 hour, 58 minutes ago

Description : ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-53624 – Docusaurus GitHub Gists Plugin Exposes Personal Access Tokens

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

CVE-2025-30322 – Substance3D Painter Out-of-Bounds Write Vulnerability

Essential Git Command Reference: The Core Operations Every Developer Needs

Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data

CVE-2025-2506 – EDB pglogical Replication Connection Verification Bypass

CVE-2025-43560 – ColdFusion Arbitrary Code Execution Vulnerability

The 13 best early Prime Day 2025 deals under $25

CVE-2025-51058 – Bottinelli Informatical Vedo Suite SSRF

How to use GitHub Copilot to level up your code reviews and pull requests

CVE-2025-53624 – Docusaurus GitHub Gists Plugin Exposes Personal Access Tokens

Related Posts