pkg:PyPI/astrbot

7 total CVEsCRITICAL1HIGH2MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2025-55449AstrBot is vulnerable to RCE with hard-coded JWT signing keys
    from 0, < 3.5.18
  • HIGH7.5CVE-2025-48957AstrBot Has Path Traversal Vulnerability in /api/chat/get_file
    >= 3.4.4, < 3.5.13
  • HIGH7.3CVE-2026-7579AstrBot Makes Use of Hard-coded Password
    from 0, <= 4.16.0
  • MEDIUM6.3CVE-2026-8754AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py
    from 0, < 4.23.6
  • MEDIUM4.7CVE-2026-6984AstrBot has Incomplete Filtering of Special Elements
    from 0, <= 4.22.1
  • CVE-2025-57697AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
    from 0, <= 3.5.22
  • CVE-2025-57698AstrBot contains a directory traversal vulnerability
    from 0, <= 3.5.22