CVE-2025-53624 – Docusaurus GitHub Gists Plugin Exposes Personal Access Tokens

CVE ID : CVE-2025-53624

Published : July 9, 2025, 9:15 p.m. | 51 minutes ago

Description : The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website’s source code. This vulnerability is fixed in 4.0.0.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…