Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    GHSA-MPX4-JMPR-VM8V

    Vulnerability from github – Published: 2026-06-18 15:05 – Updated: 2026-06-18 15:05
    VLAI
    Summary
    PGHoard: Password written to debug log
    Details

    Impact

    When using .pgpass, database connection information including the username and password will be logged at the debug level.

    Patches

    Upgrade to version 2.7.1 or greater.

    Workarounds

    Filter out debug-level logs.

    References

    This issue was discovered by BugCrowd user DRAKOKORIAN.

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pghoard"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "last_affected": "2.1.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-54711"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-532"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-06-18T15:05:20Z",
        "nvd_published_at": null,
        "severity": "LOW"
      },
      "details": "### Impact\nWhen using .pgpass, database connection information including the username and password will be logged at the debug level.\n\n### Patches\nUpgrade to version 2.7.1 or greater.\n\n### Workarounds\nFilter out debug-level logs.\n\n### References\nThis issue was discovered by BugCrowd user DRAKOKORIAN.",
      "id": "GHSA-mpx4-jmpr-vm8v",
      "modified": "2026-06-18T15:05:20Z",
      "published": "2026-06-18T15:05:20Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-mpx4-jmpr-vm8v"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/Aiven-Open/pghoard"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "PGHoard: Password written to debug log"
    }

    PYSEC-2026-2872

    Vulnerability from pysec - Published: 2026-07-13 15:46 - Updated: 2026-07-13 16:05
    VLAI
    Details

    Impact

    When using .pgpass, database connection information including the username and password will be logged at the debug level.

    Patches

    Upgrade to version 2.7.1 or greater.

    Workarounds

    Filter out debug-level logs.

    References

    This issue was discovered by BugCrowd user DRAKOKORIAN.

    Impacted products
    Name purl
    pghoard pkg:pypi/pghoard

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pghoard",
            "purl": "pkg:pypi/pghoard"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "last_affected": "2.1.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "1.0.0",
            "1.1.0",
            "1.2.0",
            "1.3.0",
            "1.4.0",
            "1.5.0",
            "1.7.0",
            "2.0.0",
            "2.1.0"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-54711",
        "GHSA-mpx4-jmpr-vm8v"
      ],
      "details": "### Impact\nWhen using .pgpass, database connection information including the username and password will be logged at the debug level.\n\n### Patches\nUpgrade to version 2.7.1 or greater.\n\n### Workarounds\nFilter out debug-level logs.\n\n### References\nThis issue was discovered by BugCrowd user DRAKOKORIAN.",
      "id": "PYSEC-2026-2872",
      "modified": "2026-07-13T16:05:31.456984Z",
      "published": "2026-07-13T15:46:21.090761Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-mpx4-jmpr-vm8v"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/Aiven-Open/pghoard"
        },
        {
          "type": "PACKAGE",
          "url": "https://pypi.org/project/pghoard"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-mpx4-jmpr-vm8v"
        },
        {
          "type": "ADVISORY",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54711"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "PGHoard: Password written to debug log"
    }