GHSA-mpx4-jmpr-vm8vLow

PGHoard: Password written to debug log

Published
June 18, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

When using .pgpass, database connection information including the username and password will be logged at the debug level.

Patches

Upgrade to version 2.7.1 or greater.

Workarounds

Filter out debug-level logs.

References

This issue was discovered by BugCrowd user DRAKOKORIAN.

🎯 Affected products1

  • pip/pghoard:<= 2.1.0

🔗 References (2)