trufflehog

v3.95.4 Feature

This release adds 6 notable features for engineering teams evaluating rollout.

Published 1d Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

credentials security dynamic-analysis precommit scanning secret

+4 more

secrets-management security-tools trufflehog verification

Affected surfaces

auth

Summary

AI summary

Updates github, twilio, and feat across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Low	Adds GitLab OAuth Detector. Adds GitLab OAuth Detector. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds AWS Appsync Detector. Adds AWS Appsync Detector. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds SpectralOps Personal API Key Detector. Adds SpectralOps Personal API Key Detector. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors. Adds feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds source config flags to SharePoint proto. Adds source config flags to SharePoint proto. Source: llm_adapter@2026-06-02 Confidence: high	—
Dependency	Medium	Updates Go security dependencies. Updates Go security dependencies. Source: llm_adapter@2026-06-02 Confidence: high	—
Dependency	Low	Pins GitHub Actions to SHA digests. Pins GitHub Actions to SHA digests. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes line numbers for duplicate secrets within a chunk. Fixes line numbers for duplicate secrets within a chunk. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes deduplication issue to prevent O(N×M) result explosion in Twilio detector. Fixes deduplication issue to prevent O(N×M) result explosion in Twilio detector. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes caching of repo info under original URL on GitHub redirect. Fixes caching of repo info under original URL on GitHub redirect. Source: llm_adapter@2026-06-02 Confidence: high	—

Full changelog

What's Changed

[INS-461] Add test to ensure new detectors are registered in defaults.go by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4915
[INS-455] Unify common logic in Atlassian Data Center detectors by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4907
fix(github): cache repo info under original URL on redirect by @kashifkhan0771 in https://github.com/trufflesecurity/trufflehog/pull/4958
Added GitLab OAuth Detector by @shahzadhaider1 in https://github.com/trufflesecurity/trufflehog/pull/4729
Box Detector: Extract Subject ID for Analyzer Integration by @shahzadhaider1 in https://github.com/trufflesecurity/trufflehog/pull/4761
[INS-346] SpectralOps Personal API Key Detector by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4770
[INS-335] Added AWS Appsync Detector by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4803
fix(twilio): deduplicate matches to prevent O(N×M) result explosion by @kashifkhan0771 in https://github.com/trufflesecurity/trufflehog/pull/4954
Automate corpora testing in CI by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4927
Enable errcheck and staticcheck for golangci-lint v2 and resolve all issues by @amanfcp in https://github.com/trufflesecurity/trufflehog/pull/4924
feat: add host, db and username to ExtraData for database detectors by @mariocj89 in https://github.com/trufflesecurity/trufflehog/pull/4849
Remove over speculation from Corpora CI workflow by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4974
Fix line numbers for duplicate secrets within a chunk by @amanfcp in https://github.com/trufflesecurity/trufflehog/pull/4910
Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors by @camgunz in https://github.com/trufflesecurity/trufflehog/pull/4961
Update Go security dependencies by @cursor[bot] in https://github.com/trufflesecurity/trufflehog/pull/4986
Pin GitHub Actions to SHA digests by @bryanbeverly in https://github.com/trufflesecurity/trufflehog/pull/4985
Update CODEOWNERS: replace 5 slugs with scanning + integrations by @bryanbeverly in https://github.com/trufflesecurity/trufflehog/pull/4983
Added source config flags to sharepoint proto by @MuneebUllahKhan222 in https://github.com/trufflesecurity/trufflehog/pull/4972
[SCAN-795] HTML decoder: ASPX and entity-encoded HTML support by @mustansir14 in https://github.com/trufflesecurity/trufflehog/pull/4981
adds some debugging info for APKs and fixes issues parsing obfuscated APKs by @johannestaas-trufflesec in https://github.com/trufflesecurity/trufflehog/pull/4991

New Contributors

@mariocj89 made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/4849
@cursor[bot] made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/4986
@johannestaas-trufflesec made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/4991

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.95.3...v3.95.4

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track trufflehog

Get notified when new releases ship.

About trufflehog

Find, verify, and analyze leaked credentials

All releases →