Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2025-53624 is a critical severity vulnerability with a CVSS score of 10.0. Exploits are available; patches have been released and should be applied urgently.
Lower probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code.
When using the affected versions with the recommended configuration pattern:
plugins: [
[
'docusaurus-plugin-content-gists',
{
personalAccessToken: process.env.GITHUB_PERSONAL_ACCESS_TOKEN,
},
],
]
The GitHub Personal Access Token is included in the webpack bundle and exposed in production builds at:
/build/assets/js/main.[hash].jsThis allows malicious actors to:
npm install docusaurus-plugin-content-gists@^4.0.0personalAccessToken from your plugin configurationGH_PERSONAL_ACCESS_TOKEN is set in your build environmentPlease cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.