Affected versions of `airbrake` default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information.

## Recommendation

Update to version 0.4.0 or later, or upgrade from the now-deprecated `airbrake` module to its replacement, [`airbrake-js`](https://www.npmjs.com/package/airbrake-js).

Affected Packages

npm airbrake

Affected versions: 0 (fixed in 0.4.0)

Related CVEs

CVE-2016-10530

Key Information

GHSA ID

GHSA-856x-cp3q-47vg

Published

February 18, 2019 11:58 PM

Last Modified

August 31, 2020 6:10 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

airbrake

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.