CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794

CVE-2025-62794 affects the GitHub Workflow Updater VS Code extension. Before version 0.0.7, the extension stored provided GitHub tokens in plaintext JSON in editor configuration on disk instead of using securestorage. This allowed a local attacker with read access to the user’s home directory to ...

PT-2025-44215

Name of the Vulnerable Software and Affected Versions GitHub Workflow Updater versions prior to 0.0.7 Description The GitHub Workflow Updater VS Code extension had a security issue where GitHub tokens were stored in plaintext within the editor configuration as JSON on disk, instead of utilizing t...

GitHub Workflow Updater 安全漏洞

GitHub Workflow Updater is a VS Code extension by Richard Tweed Personal Developer. A security vulnerability exists in GitHub Workflow Updater versions prior to 0.0.7, which stems from storing Github tokens in cleartext, which could lead to token disclosure...