Impacted versions 7–10. Patches available now.

Storybook is an open-source tool for developing UI components in isolation for React, Vue, and Angular applications. Readers can learn about component-driven development, UI testing, and design systems. With documentation, tutorials, and community contributions, Storybook offers  guidance and tools for building modular and reusable UI components.

Storybook

Storybook versions 7-10 contain a vulnerability where environment variables from .env files could be unexpectedly bundled into published builds, potentially exposing secrets. The issue affects projects that build Storybook with .env files present and publish to the web. Patches are available for versions 7.6.21+, 8.6.15+, 9.1.17+, and 10.1.10+. Users should rotate any exposed secrets and upgrade immediately before publishing again.

Security advisory