{"id":"CVE-2020-26226","details":"In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.","aliases":["GHSA-r2j6-p67h-q639"],"modified":"2026-02-22T01:28:23.690536Z","published":"2020-11-18T22:15:12.197Z","related":["GHSA-r2j6-p67h-q639"],"references":[{"type":"ADVISORY","url":"https://github.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5a"},{"type":"ADVISORY","url":"https://github.com/semantic-release/semantic-release/security/advisories/GHSA-r2j6-p67h-q639"},{"type":"FIX","url":"https://github.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/semantic-release/semantic-release","events":[{"introduced":"0"},{"fixed":"c8d38b62588622d96f637e47f9962f5183b72af3"}]}],"versions":["8.0.1","v10.0.0","v10.0.1","v11.0.0","v11.0.1","v11.0.2","v11.0.3","v11.1.0","v11.2.0","v12.0.0","v12.1.0","v12.1.1","v12.2.0","v12.2.1","v12.2.2","v12.2.3","v12.2.4","v12.2.5","v12.3.0","v12.4.0","v12.4.1","v13.0.0","v13.0.1","v13.0.2","v13.1.0","v13.1.1","v13.1.2","v13.1.3","v13.1.4","v13.1.5","v13.2.0","v13.3.0","v13.3.1","v13.4.0","v13.4.1","v14.0.0","v14.0.1","v14.0.2","v14.0.3","v14.0.4","v15.0.0","v15.0.1","v15.0.2","v15.0.3","v15.0.4","v15.1.0","v15.1.1","v15.1.10","v15.1.11","v15.1.2","v15.1.3","v15.1.4","v15.1.5","v15.1.6","v15.1.7","v15.1.8","v15.1.9","v15.10.0","v15.10.1","v15.10.2","v15.10.3","v15.10.4","v15.10.5","v15.10.6","v15.10.7","v15.10.8","v15.11.0","v15.12.0","v15.12.1","v15.12.2","v15.12.3","v15.12.4","v15.12.5","v15.13.0","v15.13.1","v15.13.10","v15.13.11","v15.13.12","v15.13.13","v15.13.14","v15.13.15","v15.13.16","v15.13.17","v15.13.18","v15.13.19","v15.13.2","v15.13.20","v15.13.21","v15.13.22","v15.13.23","v15.13.24","v15.13.25","v15.13.26","v15.13.27","v15.13.28","v15.13.29","v15.13.3","v15.13.30","v15.13.31","v15.13.32","v15.13.4","v15.13.5","v15.13.6","v15.13.7","v15.13.8","v15.13.9","v15.14.0","v15.2.0","v15.3.0","v15.3.1","v15.3.2","v15.4.0","v15.4.1","v15.4.2","v15.4.3","v15.4.4","v15.5.0","v15.5.1","v15.5.2","v15.5.3","v15.5.4","v15.5.5","v15.6.0","v15.6.1","v15.6.2","v15.6.3","v15.6.4","v15.6.5","v15.6.6","v15.7.0","v15.7.1","v15.7.2","v15.8.0","v15.8.1","v15.9.0","v15.9.1","v15.9.10","v15.9.11","v15.9.12","v15.9.13","v15.9.14","v15.9.15","v15.9.16","v15.9.17","v15.9.2","v15.9.3","v15.9.4","v15.9.5","v15.9.6","v15.9.7","v15.9.8","v15.9.9","v16.0.0","v16.0.0-beta.1","v16.0.0-beta.10","v16.0.0-beta.11","v16.0.0-beta.12","v16.0.0-beta.13","v16.0.0-beta.14","v16.0.0-beta.15","v16.0.0-beta.16","v16.0.0-beta.17","v16.0.0-beta.18","v16.0.0-beta.19","v16.0.0-beta.2","v16.0.0-beta.20","v16.0.0-beta.21","v16.0.0-beta.22","v16.0.0-beta.23","v16.0.0-beta.24","v16.0.0-beta.25","v16.0.0-beta.26","v16.0.0-beta.27","v16.0.0-beta.28","v16.0.0-beta.29","v16.0.0-beta.3","v16.0.0-beta.30","v16.0.0-beta.31","v16.0.0-beta.32","v16.0.0-beta.33","v16.0.0-beta.34","v16.0.0-beta.35","v16.0.0-beta.36","v16.0.0-beta.37","v16.0.0-beta.38","v16.0.0-beta.39","v16.0.0-beta.4","v16.0.0-beta.40","v16.0.0-beta.41","v16.0.0-beta.42","v16.0.0-beta.43","v16.0.0-beta.44","v16.0.0-beta.45","v16.0.0-beta.46","v16.0.0-beta.47","v16.0.0-beta.5","v16.0.0-beta.6","v16.0.0-beta.7","v16.0.0-beta.8","v16.0.0-beta.9","v16.0.1","v16.0.2","v16.0.3","v16.0.4","v17.0.0","v17.0.1","v17.0.2","v17.0.3","v17.0.4","v17.0.5","v17.0.6","v17.0.7","v17.0.8","v17.1.0","v17.1.1","v17.1.2","v17.2.0","v17.2.1","v17.2.2","v4.0.0","v4.0.1","v4.0.2","v4.0.3","v4.1.0","v4.1.1","v4.2.0","v4.2.1","v5.0.0","v5.0.1","v6.0.0","v6.0.1","v6.0.2","v6.0.3","v6.1.0","v6.2.0","v6.2.1","v6.2.2","v6.3.0","v6.3.1","v6.3.2","v6.3.3","v6.3.4","v6.3.5","v6.3.6","v7.0.0","v7.0.1","v7.0.2","v8.0.0","v8.0.2","v8.0.3","v8.0.4","v8.1.0","v8.1.1","v8.1.2","v8.2.0","v8.2.1","v8.2.2","v8.2.3","v9.0.0","v9.0.1","v9.0.2","v9.0.3","v9.1.0","v9.1.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26226.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}