astrbot

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting astrbotpage 1 of 1

CVE-2025-55449HIGHCVSS 7.3EG 7.3✓ Fixed in 3.5.18
2026-05-08
vulnerable: 3.4.39 ... 3.5.9 (12 versions)
AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.
CVE-2026-6984MEDIUMCVSS 4.7EG 4.7
2026-04-25
vulnerable: 3.4.39 ... 4.9.2 (113 versions)
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralizat…
CVE-2026-7579HIGHCVSS 7.3EG 7.3
2026-05-01
vulnerable: 3.4.39 ... 4.9.2 (93 versions)
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded creden…
CVE-2026-8754MEDIUMCVSS 6.3EG 6.3✓ Fixed in 4.23.6
2026-05-17
vulnerable: 3.4.39 ... 4.9.2 (121 versions)
A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in pa…

Check whether astrbot is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for astrbot CVEs against the assets you own.

Start Free Scan →