Medium severity6.8OSV Advisory· Published Sep 5, 2025· Updated Apr 15, 2026
CVE-2025-58401
CVE-2025-58401
Description
Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.0.0, 1.0.1, 1.0.10, …+ 1 more
- (no CPE)range: 1.0.0, 1.0.1, 1.0.10, …
- (no CPE)range: <1.1.7
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.