VYPR
Medium severity6.8OSV Advisory· Published Sep 5, 2025· Updated Apr 15, 2026

CVE-2025-58401

CVE-2025-58401

Description

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.