GHSA-mpx4-jmpr-vm8v

Source

https://github.com/advisories/GHSA-mpx4-jmpr-vm8v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-mpx4-jmpr-vm8v/GHSA-mpx4-jmpr-vm8v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mpx4-jmpr-vm8v

Aliases

CVE-2026-54711

Published

2026-06-18T15:05:20Z

Modified

2026-06-18T15:17:20.427771573Z

Severity

2.4 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

PGHoard: Password written to debug log

Details

Impact

When using .pgpass, database connection information including the username and password will be logged at the debug level.

Patches

Upgrade to version 2.7.1 or greater.

Workarounds

Filter out debug-level logs.

References

This issue was discovered by BugCrowd user DRAKOKORIAN.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T15:05:20Z",
    "nvd_published_at": null,
    "severity": "LOW",
    "cwe_ids": [
        "CWE-532"
    ]
}

References

Affected packages

PyPI / pghoard

Package

Name: pghoard; View open source insights on deps.dev
Purl: pkg:pypi/pghoard

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.1.0

Affected versions

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.7.0

2.*

2.0.0

2.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-mpx4-jmpr-vm8v/GHSA-mpx4-jmpr-vm8v.json"