github.com/sourcegraph/sourcegraph is vulnerable to side channel attack. The attack is possible because the library does not properly exclude the private source code search results in ‘search_results.go’ , allowing an authenticated attacker to check specific string and API keys exists in private source code by using saved searches or code monitors.