Go modules package
github.com/ossf/allstar
pkg:golang/github.com/ossf/allstar
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61926 | Med | — | < 0.0.0-20250721181116-e004ecb540d6 | 0.0.0-20250721181116-e004ecb540d6 | Oct 9, 2025 | Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the |
- affected < 0.0.0-20250721181116-e004ecb540d6fixed 0.0.0-20250721181116-e004ecb540d6
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the