CVE-2025-58401

Published September 5th, 2025

View on NVD ↗

CVSS v3

N/A

CVSS v2

N/A

Affected

PROJECT

Description

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.

Pierrad/obsidian-github-copilot

A bridge between Obsidian and Github Copilot

GitHub

484