Ecosystem	Package	Version

Vulnerabilities

CVE-2025-10281

CVE-2025-10281

BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.

Published Oct 11, 2025

https://github.com/blacklanternsecurity/bbot/security/advisories/GHSA-63wh-p5fx-h4vc

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


pypi	bbot	1.1.7.2rc0
pypi	bbot	1.1.7.3131rc0
pypi	bbot	1.1.7.3133rc0
pypi	bbot	1.1.7.3144rc0
pypi	bbot	1.1.7.3146rc0
pypi	bbot	1.1.7.3148rc0
pypi	bbot	1.1.7.3150rc0
pypi	bbot	1.1.7.3152rc0
pypi	bbot	1.1.7.3172rc0
pypi	bbot	1.1.7.3175rc0
pypi	bbot	1.1.7.3177rc0
pypi	bbot	1.1.7.3179rc0
pypi	bbot	1.1.7.3196rc0
pypi	bbot	1.1.7.3207rc0
pypi	bbot	1.1.7.3209rc0
pypi	bbot	1.1.7.3211rc0
pypi	bbot	1.1.7.3213rc0
pypi	bbot	1.1.7.3218rc0
pypi	bbot	1.1.7.3220rc0
pypi	bbot	1.1.7.3222rc0
pypi	bbot	1.1.7.3230rc0
pypi	bbot	1.1.7.3232rc0
pypi	bbot	1.1.7.3235rc0
pypi	bbot	1.1.7.3238rc0
pypi	bbot	1.1.7.3240rc0
pypi	bbot	1.1.7.3242rc0
pypi	bbot	1.1.7.3244rc0
pypi	bbot	1.1.7.3246rc0
pypi	bbot	1.1.7.3251rc0
pypi	bbot	1.1.7.3258rc0
pypi	bbot	1.1.7.3261rc0
pypi	bbot	1.1.7.3263rc0
pypi	bbot	1.1.7.3265rc0
pypi	bbot	1.1.7.3268rc0
pypi	bbot	1.1.7.3270rc0
pypi	bbot	1.1.7.3273rc0
pypi	bbot	1.1.7.3275rc0
pypi	bbot	1.1.7.3277rc0
pypi	bbot	1.1.7.3283rc0
pypi	bbot	1.1.7.3285rc0
pypi	bbot	1.1.7.3302rc0
pypi	bbot	1.1.7.3312rc0
pypi	bbot	1.1.7.3316rc0
pypi	bbot	1.1.7.6rc0
pypi	bbot	1.1.7.7rc0
pypi	bbot	1.1.7
pypi	bbot	1.1.8.3321rc0
pypi	bbot	1.1.8.3332rc0
pypi	bbot	1.1.8.3335rc0
pypi	bbot	1.1.8.3341rc0

CVE-2025-10281 | Components Impacted | Sonatype Guide | Sonatype Guide