MEDIUM · CVSS 5.0
Class vulnerability — Vercel env vars leaked via build logs
Vercel build logs are accessible to project members; env vars without 'Sensitive' flag appear in build output.
Affects
- Vercel deployments without Sensitive flag on env vars
What an attacker does
Attacker with project-read access (often via shared OAuth-app like Apr 2026 Vercel × Context.ai breach) reads build logs + extracts env vars.
How to detect
Vercel Dashboard → env vars → check Sensitive flag on every secret
How to fix
Mark every secret env var as Sensitive
Securie findingmedium · CVSS 5.0
CVE-2024-XXXXHow Securie catches CVE-2024-XXXX
Securie's static-rules + secret_scanner alert on missing Sensitive flag (when API access available).
Scan my repo for CVE-2024-XXXX →Securie scans every PR · free during early access