Overview · blacklanternsecurity/bbot · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
GHSA-3vgw-585j-4m45 published Jun 17, 2026 by liquidsec

Moderate
Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
GHSA-3mp7-vp6j-2mxx published Jun 17, 2026 by liquidsec

Low
Symlink-Following Arbitrary Write via github_workflows Module in BBOT
GHSA-rvp7-w75q-9fv2 published Jun 17, 2026 by liquidsec

Low
Arbitrary File Write in postman_download Module
GHSA-m54h-vhf9-3w3m published Jun 17, 2026 by liquidsec

Moderate
git_clone.py can be made to expose a user's github.com API key to an attacker-controlled webserver
GHSA-63wh-p5fx-h4vc published Oct 9, 2025 by TheTechromancer

Moderate
gitlab.py exposes globally configured "gitlab" API key to on-premise GitLab instances, potentially threatening confidentiality of a gitlab.com API key
GHSA-p3v4-c93g-cmhw published Oct 9, 2025 by TheTechromancer

Moderate
Various issues in gitdumper.py can cause RCE
GHSA-h6m2-r6h9-4c44 published Oct 9, 2025 by TheTechromancer

Critical
Various issues in unarchive.py can cause arbitrary file write and RCE
GHSA-fhw8-8v9p-7jp7 published Oct 9, 2025 by TheTechromancer

Critical

Learn more about advisories related to blacklanternsecurity/bbot in the GitHub Advisory Database