CVE-2025-46552

Name of the Vulnerable Software and Affected Versions KHC-INVITATION-AUTOMATION version 1.2

Description The issue concerns a GitHub automation script where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints.

Recommendations For KHC-INVITATION-AUTOMATION version 1.2, update to a later commit where the issue has been patched to resolve the problem. As a temporary workaround, consider restricting access to the API endpoints that expose user data until the update is applied.