CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.2%

CVSS Severity

CVSS v3 Score 5.0

References

https://kibty.town/blog/mintlify/
https://news.ycombinator.com/item?id=46317098
https://www.mintlify.com/blog/working-with-security-researchers-november-2025
https://www.mintlify.com/docs/changelog

Products affected by CVE-2025-67844

Mintlify » Mintlify » Version: Any

cpe:2.3:a:mintlify:mintlify:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67844

Products

Pricing

Contact Us