Skip to content

Possible exposed secret in this repo — responsible disclosure #5

Description

@Raffa-jarrl

Hi — I'm an independent security researcher (Lictor, https://lictor-ai.com).

While scanning public GitHub repositories, I found what looks like a live credential/secret committed to this repository. I'm intentionally NOT posting the file path or the value here, so I don't point anyone else at it.

Please:

  1. Rotate any API keys / tokens / secrets used in this project, and
  2. Remove them from the code and from git history (a secret stays in history even after you delete it from the latest commit — e.g. git filter-repo or BFG).

I did not use, validate, or store the credential — only its location and a short redacted fingerprint, which I'm happy to share privately so you can find the exact one. Is there an email or security contact I can use?

Good-faith, detect-only. Thanks!
— Refael Jana (Raffa), Lictor (https://lictor-ai.com)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions