Vulnerability Report: GO-2025-4018
- CVE-2025-61926, GHSA-33f4-mjch-7fpr
- Affects: github.com/ossf/allstar
- Published: Oct 23, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar
For detailed information about this vulnerability, visit https://github.com/ossf/allstar/security/advisories/GHSA-33f4-mjch-7fpr or https://nvd.nist.gov/vuln/detail/CVE-2025-61926.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/ossf/allstar/security/advisories/GHSA-33f4-mjch-7fpr
- https://nvd.nist.gov/vuln/detail/CVE-2025-61926
- https://github.com/ossf/allstar/commit/e004ecb540d63ca6f5b1689b41af6c0040a82c73
- https://github.com/ossf/allstar/pull/713
- https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.go#L59
- https://vuln.go.dev/ID/GO-2025-4018.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.