bbot

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting bbotpage 1 of 1

CVE-2025-10281MEDIUMCVSS 4.7EG 4.7✓ Fixed in 2.7.0
2025-10-09
vulnerable: 1.0.0 ... 2.6.1.6915rc0 (625 versions)
BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.
CVE-2025-10282MEDIUMCVSS 4.7EG 4.7✓ Fixed in 2.7.2
2025-10-09
vulnerable: 2.7.0.6919rc0 ... 2.7.1.7212rc0 (36 versions)
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.
CVE-2025-10283CRITICALCVSS 9.6EG 9.6✓ Fixed in 2.7.0
2025-10-09
vulnerable: 1.0.0 ... 2.6.1.6915rc0 (625 versions)
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
CVE-2025-10284CRITICALCVSS 9.6EG 9.6✓ Fixed in 2.7.0
2025-10-09
vulnerable: 1.0.0 ... 2.6.1.6915rc0 (625 versions)
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

Check whether bbot is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bbot CVEs against the assets you own.

Start Free Scan →