CWE-20043 advisories

Exposure of Sensitive Information

What it is

The system discloses sensitive data (tokens, paths, internals) to actors who should not see it.

How to fix it

Upgrade and remove the leak; rotate anything that was exposed.

How to avoid it

Return only what the caller needs; strip internal details from responses and errors.

Known Exposure of Sensitive Information vulnerabilities

CVE-2026-22555 — high · Go/code.gitea.io/gitea
APPSEC-SOURCEMAP-DISCLOSURE — medium · AppSec · Web/Client-side source maps in production
GHSA-g7r4-m6w7-qqqr — low · npm/esbuild
AI-CLAUDECODE-SOURCEMAP-2026 — high · npm/@anthropic-ai/claude-code
AI-COPILOT-CAMOLEAK-2025 — critical · GitHub Copilot/GitHub Copilot Chat
AI-SHADOWLEAK-2025 — high · ChatGPT/ChatGPT Deep Research connectors
AI-TEA-APP-BREACH-2025 — critical · Mobile · Firebase/Tea (dating-safety app) · exploited
AI-GEMINI-WORKSPACE-2025 — medium · Google Gemini/Gemini for Workspace email summarization · exploited
AI-AGENTSMITH-2025 — high · LangSmith/LangSmith Prompt Hub · exploited
CVE-2025-32711 — critical · Microsoft Copilot/Microsoft 365 Copilot · exploited
OPSEC-INTERNET-ARCHIVE-2024 — high · SaaS/Internet Archive
AI-SLACK-PROMPT-INJECTION-2024 — high · Slack AI/Slack AI
AI-SAPWNED-2024 — critical · SAP AI Core/SAP AI Core · exploited
OPSEC-MERCEDES-BENZ-2024 — high · Source control/Mercedes-Benz
CVE-2024-23897 — critical · Maven/org.jenkins-ci.main:jenkins-core · exploited
OPSEC-MIDNIGHT-BLIZZARD-2024 — critical · Identity/Microsoft 365 / Entra ID
SECRET-GIT-HISTORY — critical · Secrets · Git/Secrets persisting in git history · exploited
OPSEC-OKTA-2023 — high · Identity/Okta
OPSEC-23ANDME-2023 — critical · Consumer/genomics/23andMe
OPSEC-MICROSOFT-SAS-2023 — high · Cloud/Microsoft Azure Storage
OPSEC-MGM-CAESARS-2023 — critical · Hospitality/MGM Resorts and Caesars Entertainment
OPSEC-SOURCEGRAPH-2023 — high · Source control/Sourcegraph
SC-MOVEIT-CLOP-2023 — critical · Managed file transfer/Progress MOVEit Transfer
AI-CHATGPT-MARKDOWN-EXFIL-2023 — high · ChatGPT/ChatGPT Markdown image exfiltration · exploited
CLOUD-TOYOTA-2023 — medium · Cloud/Toyota Connected Corporation (cloud database)
OPSEC-CIRCLECI-2023 — critical · CI/CD/CircleCI
OPSEC-LASTPASS-2022 — critical · Identity/LastPass
CLOUD-BLUEBLEED-2022 — high · Cloud · Azure/Microsoft Azure Blob Storage
OPSEC-TWILIO-2022 — high · Communications/Twilio
OPSEC-GITHUB-OAUTH-2022 — high · Source control/GitHub / npm
CVE-2022-24348 — high · CI/CD · Argo CD/Argo CD · exploited
CVE-2021-41077 — high · CI/CD · Travis CI/travis-ci/travis-ci
SECRET-NISSAN-SOURCE-2021 — high · Secrets · Git/Nissan North America
OPSEC-TWITTER-2020 — high · Social media/Twitter
OPSEC-MARRIOTT-STARWOOD-2018 — critical · Hospitality/Marriott (Starwood)
APPSEC-EQUIFAX-2017 — critical · Web · Apache Struts/Equifax (Apache Struts 2)
CVE-2017-16074 — high · npm/crossenv (+ ~37 typosquat packages) · exploited
CLOUD-DEEPROOT-VOTERS-2017 — high · Cloud · AWS/Deep Root Analytics (Amazon S3)
OPSEC-YAHOO-2013 — critical · Web · Email/Yahoo
OPSEC-OPM-2015 — critical · Government/U.S. Office of Personnel Management
OPSEC-ANTHEM-2015 — critical · Healthcare/Anthem
OPSEC-SONY-PICTURES-2014 — critical · Entertainment/Sony Pictures Entertainment
OPSEC-TARGET-2013 — critical · Retail · POS/Target

Stateward flags Exposure of Sensitive Information in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.