LOW 3.1 PyPI
GHSA-3mp7-vp6j-2mxx · CVE-2026-12566 BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
Modified: 6/18/2026
package
PyPI / bbot
pkg:pypi/bbot
MEDIUM 5.3 PyPI
GHSA-3vgw-585j-4m45 · CVE-2026-12565 BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
Modified: 6/18/2026
MEDIUM 4.7 PyPI
GHSA-63wh-p5fx-h4vc · CVE-2025-10281 BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Modified: 10/9/2025
CRITICAL 9.6 PyPI
GHSA-fhw8-8v9p-7jp7 · CVE-2025-10284 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Modified: 10/9/2025
CRITICAL 9.6 PyPI
GHSA-h6m2-r6h9-4c44 · CVE-2025-10283 BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
Modified: 10/9/2025
MEDIUM 6.5 PyPI
GHSA-m54h-vhf9-3w3m · CVE-2026-12568 BBOT: Arbitrary File Write in postman_download Module
Modified: 6/18/2026
MEDIUM 4.7 PyPI
GHSA-p3v4-c93g-cmhw · CVE-2025-10282 BBOT's gitlab.py exposes globally configured "gitlab" API key
Modified: 10/27/2025
LOW 2.2 PyPI
GHSA-rvp7-w75q-9fv2 · CVE-2026-12567 BBOT: Symlink-Following Arbitrary Write via github_workflows Module
Modified: 6/18/2026