Package impact
PyPI / astrbot
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7579 | high | 7.3 | 7.3 | 28d ago | AstrBot Makes Use of Hard-coded Password | |||
| CVE-2025-55449 | high | 7.3 | 7.3 | 7mo ago | AstrBot is vulnerable to RCE with hard-coded JWT signing keys | |||
| CVE-2026-8754 | medium | 6.3 | 6.3 | 12d ago | AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py | |||
| CVE-2026-6984 | medium | 4.7 | 4.7 | 1mo ago | AstrBot has Incomplete Filtering of Special Elements | |||
| CVE-2025-57697 | unknown | — | — | 7mo ago | AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 | |||
| CVE-2025-57698 | unknown | — | — | 7mo ago | AstrBot contains a directory traversal vulnerability | |||
| CVE-2025-48957 | unknown | — | — | 1y ago | AstrBot Has Path Traversal Vulnerability in /api/chat/get_file |