Browse all 4 CVE security advisories affecting gatsbyjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GatsbyJS is a React-based framework for building fast, secure websites and applications. Historically, it has faced vulnerabilities like cross-site scripting (XSS) and remote code execution (RCE), often stemming from improper input validation or insecure dependencies. The platform's static site generation approach inherently reduces certain attack surfaces, but its plugin ecosystem and build process have introduced security risks. Notable incidents include CVE-2021-23418 (XSS) and CVE-2022-23127 (RCE) through the gatsby-plugin-image package. While the project maintains a security-focused development lifecycle, its complexity and third-party integrations require careful dependency management to mitigate potential threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-34238 | Local File Inclusion vulnerability in Gatsby — gatsbyCWE-22 | 4.3 | Medium | 2023-06-07 |
| CVE-2023-30548 | Path traversal vulnerability in gatsby-plugin-sharp — gatsbyCWE-22 | 4.3 | Medium | 2023-04-17 |
| CVE-2023-22491 | gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection — gatsbyCWE-89 | 8.1 | High | 2023-01-13 |
| CVE-2021-32770 | Basic-auth app bundle credential exposure in gatsby-source-wordpress — gatsbyCWE-200 | 7.5 | High | 2021-07-15 |
This page lists every published CVE security advisory associated with gatsbyjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.