Description

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code. This vulnerability is fixed in 4.0.0.

INFO

Published Date :

2025-07-09T21:08:14.595Z

Last Modified :

2025-07-10T15:18:11.559Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53624 vulnerability.

Vendors Products
Webbertakken
  • Docusaurus-plugin-content-gists
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53624.

URL Resource
https://github.com/webbertakken/docusaurus-plugin-content-gists/commit/8d4230b82412edb215ddfa9e609d178510a5fe31 cve-icon cve-icon
https://github.com/webbertakken/docusaurus-plugin-content-gists/security/advisories/GHSA-qf34-qpr4-5pph cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact