- Description
- The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code. This vulnerability is fixed in 4.0.0.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-53624 (CVSS:10.0, CRITICAL) is Awaiting Analysis. The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docus..https://t.co/gk4If2wRY3 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53624 The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4… https://t.co/0TabzTMjJM
@CVEnew
10 Jul 2025
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53624 GitHub Personal Access Token Exposure in Docusaurus Gists Plugin ... https://t.co/fXojLNWFkj Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
10 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CRITICAL CVE-2025-53624 in docusaurus-plugin-content-gists (<4.0.0): GitHub PATs exposed in client JS! Upgrade now to protect your code. 🔒 https://t.co/hQYOnt9tQG #OffSeq #CVE2025 #GitHubSecurity https://t.co/ZV6XxAgNy7
@offseq
10 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-53624: CRITICAL] Docusaurus plugin vulnerability alert: docusaurus-plugin-content-gists < 4.0.0 exposes GitHub Personal Access Tokens in production builds. Update to version 4.0.0 to fix. #cybersec...#cve,CVE-2025-53624,#cybersecurity https://t.co/UPcyOZIuOT https://
@CveFindCom
9 Jul 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes