WordPress · Obsidian Github Copilot Plugin · CVE-2025-58401
**Name of the Vulnerable Software and Affected Versions**
Obsidian GitHub Copilot Plugin versions prior to 1.1.7
**Description**
The Obsidian GitHub Copilot Plugin stores Github API tokens in cleartext form. This allows an attacker to perform unauthorized operations on the linked Github account.
**Recommendations**
Update to version 1.1.7 or later.