CNNVD-202506-2557 Information

CNNVD ID

CNNVD-202506-2557

Related CVE

CVE-2025-52467

• CNNVD Published: 2025-06-18

Description (Chinese)

pgai是timescale开源的一套工具，可使用 PostgreSQL 更轻松地开发 RAG、语义搜索和其他 AI 应用程序。 pgai存在信息泄露漏洞，该漏洞源于允许攻击者窃取工作流中的所有秘密包括具有写入权限的GITHUB_TOKEN。

Description (English)

pgai is an open-source set of tools to develop RAG, semantic search and other AI applications more easily using PostgreSQL. There is a leak in pgai, which stems from allowing the assailants to steal all the secrets in the work stream, including GITHUB TOKEN, which has the right to write.

Hazard Level

Low

Vulnerability Type

信息泄露

Affected Vendor

Timescale

Published

2025-06-18

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-52467

Patch

https://github.com/timescale/pgai/releases