RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
Advisories for Pypi/RhodeCode package
2022