GHSA-63wh-p5fx-h4vc

Suggest an improvement
Source
https://github.com/advisories/GHSA-63wh-p5fx-h4vc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-63wh-p5fx-h4vc/GHSA-63wh-p5fx-h4vc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-63wh-p5fx-h4vc
Aliases
  • CVE-2025-10281
Published
2025-10-09T22:29:33Z
Modified
2025-10-09T22:57:26.757599Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
Summary
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
Details

Summary

Due to unsafe URL handling, bbot's git_clone.py can be made to leak a user's github.com API key to an attacker-controlled webserver.

Impact

A user who has placed their github.com API key in the configuration for any of the following modules:

  • github_codesearch
  • github_workflows
  • gitlab
  • git_clone
  • github_usersearch
  • github_org

may leak it to an untrustworthy server.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-09T22:29:33Z",
    "nvd_published_at": "2025-10-09T16:15:42Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

PyPI / bbot

Package

Name
bbot
View open source insights on deps.dev
Purl
pkg:pypi/bbot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.3.512
1.0.3.521
1.0.3.545
1.0.3.583
1.0.3.696
1.0.3.777
1.0.3.780
1.0.3.919
1.0.4.922
1.0.4.1132rc0
1.0.4.1134rc0
1.0.4.1139rc0
1.0.4.1141rc0
1.0.4.1147rc0
1.0.4.1156rc0
1.0.4.1158rc0
1.0.4.1160rc0
1.0.4.1162rc0
1.0.4.1164rc0
1.0.4.1166rc0
1.0.4.1168rc0
1.0.4.1170rc0
1.0.4.1173rc0
1.0.4.1175rc0
1.0.4.1177rc0
1.0.4.1183rc0
1.0.4.1185rc0
1.0.4.1193rc0
1.0.4.1197rc0
1.0.4.1199rc0
1.0.4.1233rc0
1.0.4.1235rc0
1.0.4.1237rc0
1.0.4.1242rc0
1.0.4.1262rc0
1.0.4.1266rc0
1.0.4.1269rc0
1.0.4.1272rc0
1.0.4.1276rc0
1.0.4.1279rc0
1.0.4.1285rc0
1.0.4.1303rc0
1.0.4.1306rc0
1.0.4.1310rc0
1.0.5.1313rc0
1.0.5.1317rc0
1.0.5.1329rc0
1.0.5.1331rc0
1.0.5.1331
1.0.5.1333rc0
1.0.5.1336
1.0.5.1342rc0
1.0.5.1345rc0
1.0.5.1347rc0
1.0.5.1351rc0
1.0.5.1355
1.0.5.1356rc0
1.0.5.1358
1.0.5.1360rc0
1.0.5.1362rc0
1.0.5.1366rc0
1.0.5.1370rc0
1.0.5.1374rc0
1.0.5.1377rc0
1.0.5.1388rc0
1.0.5.1391
1.0.5.1393
1.0.5.1395rc0
1.0.5.1406rc0
1.0.5.1413rc0
1.0.5.1419rc0
1.0.5.1423rc0
1.0.5.1429rc0
1.0.5.1432rc0
1.0.5.1436rc0
1.0.5.1444rc0
1.0.5.1448rc0
1.0.5.1450rc0
1.0.5.1456rc0
1.0.5.1460rc0
1.0.5.1469rc0
1.0.5.1471rc0
1.0.5.1515rc0
1.0.5.1519rc0
1.0.5.1524rc0
1.0.5.1528rc0
1.0.5.1544rc0
1.0.5.1547rc0
1.0.5.1555rc0
1.0.5.1563rc0
1.0.5.1567rc0
1.0.5.1595rc0
1.0.5.1597rc0
1.0.5.1598
1.0.5.1612rc0
1.0.5.1614
1.0.5.1625rc0
1.0.5.1654rc0
1.0.5.1656rc0
1.0.5.1660rc0
1.0.5.1663rc0
1.0.5.1665rc0
1.0.5.1665
1.0.5.1793rc0
1.0.5.1796rc0
1.0.5.1798rc0
1.0.5.1800rc0
1.0.5.1802rc0
1.0.5.1804rc0
1.0.5.1815rc0
1.0.5.1817rc0
1.0.5.1821rc0
1.0.5.1833rc0
1.0.5.1839rc0
1.0.6.2
1.1.0.1903rc0
1.1.0.1905rc0
1.1.0.1908rc0
1.1.0.1924rc0
1.1.0.1936rc0
1.1.0.1954rc0
1.1.0.1958rc0
1.1.0.2024rc0
1.1.0.2034rc0
1.1.0.2036rc0
1.1.0.2039rc0
1.1.0.2043rc0
1.1.0.2083rc0
1.1.0.2090
1.1.0.2113rc0
1.1.0.2116rc0
1.1.0.2119rc0
1.1.0.2124
1.1.1
1.1.1.2135rc0
1.1.1.2137rc0
1.1.1.2148rc0
1.1.1.2167rc0
1.1.1.2175rc0
1.1.1.2191rc0
1.1.1.2196rc0
1.1.1.2204rc0
1.1.1.2229rc0
1.1.1.2234rc0
1.1.1.2265rc0
1.1.1.2269rc0
1.1.1.2276rc0
1.1.1.2297rc0
1.1.1.2300rc0
1.1.2
1.1.2.2311rc0
1.1.2.2315rc0
1.1.2.2317rc0
1.1.2.2321rc0
1.1.2.2326rc0
1.1.2.2330rc0
1.1.2.2336rc0
1.1.2.2338rc0
1.1.2.2343rc0
1.1.3
1.1.3.2348rc0
1.1.3.2367rc0
1.1.3.2372rc0
1.1.3.2386rc0
1.1.3.2411rc0
1.1.3.2417rc0
1.1.3.2430rc0
1.1.3.2446rc0
1.1.3.2458rc0
1.1.3.2488rc0
1.1.3.2497rc0
1.1.3.2499rc0
1.1.3.2524rc0
1.1.3.2542rc0
1.1.3.2553rc0
1.1.3.2555rc0
1.1.3.2564rc0
1.1.3.2570rc0
1.1.3.2578rc0
1.1.3.2580rc0
1.1.3.2603rc0
1.1.3.2605rc0
1.1.3.2612rc0
1.1.3.2614rc0
1.1.3.2616rc0
1.1.3.2636rc0
1.1.4
1.1.4.2638rc0
1.1.4.2640rc0
1.1.4.2642rc0
1.1.4.2669rc0
1.1.4.2672rc0
1.1.4.2699rc0
1.1.4.2703rc0
1.1.5
1.1.5.2705rc0
1.1.5.2707rc0
1.1.5.2714rc0
1.1.5.2718rc0
1.1.5.2731rc0
1.1.5.2733rc0
1.1.5.2742rc0
1.1.5.2746rc0
1.1.5.2748rc0
1.1.5.2750rc0
1.1.5.2753rc0
1.1.6
1.1.6.1
1.1.6.3
1.1.6.2756rc0
1.1.6.2759rc0
1.1.6.2762rc0
1.1.6.2767rc0
1.1.6.2769rc0
1.1.6.2772rc0
1.1.6.2777rc0
1.1.6.2785rc0
1.1.6.2787rc0
1.1.6.2792rc0
1.1.6.2795rc0
1.1.6.2797rc0
1.1.6.2801rc0
1.1.6.2804rc0
1.1.6.2826rc0
1.1.6.2832rc0
1.1.6.2834rc0
1.1.6.2879rc0
1.1.6.2886rc0
1.1.6.2888rc0
1.1.6.2891rc0
1.1.6.2896rc0
1.1.6.2902rc0
1.1.6.2910rc0
1.1.6.2913rc0
1.1.7
1.1.7.2rc0
1.1.7.6rc0
1.1.7.7rc0
1.1.7.2968rc0
1.1.7.2972rc0
1.1.7.2980rc0
1.1.7.2982rc0
1.1.7.2984rc0
1.1.7.2998rc0
1.1.7.3001rc0
1.1.7.3005rc0
1.1.7.3010rc0
1.1.7.3012rc0
1.1.7.3020rc0
1.1.7.3022rc0
1.1.7.3024rc0
1.1.7.3028rc0
1.1.7.3042rc0
1.1.7.3044rc0
1.1.7.3050rc0
1.1.7.3052rc0
1.1.7.3054rc0
1.1.7.3061rc0
1.1.7.3072rc0
1.1.7.3078rc0
1.1.7.3083rc0
1.1.7.3085rc0
1.1.7.3087rc0
1.1.7.3089rc0
1.1.7.3091rc0
1.1.7.3093rc0
1.1.7.3095rc0
1.1.7.3098rc0
1.1.7.3108rc0
1.1.7.3131rc0
1.1.7.3133rc0
1.1.7.3144rc0
1.1.7.3146rc0
1.1.7.3148rc0
1.1.7.3150rc0
1.1.7.3152rc0
1.1.7.3172rc0
1.1.7.3175rc0
1.1.7.3177rc0
1.1.7.3179rc0
1.1.7.3196rc0
1.1.7.3207rc0
1.1.7.3209rc0
1.1.7.3211rc0
1.1.7.3213rc0
1.1.7.3218rc0
1.1.7.3220rc0
1.1.7.3222rc0
1.1.7.3230rc0
1.1.7.3232rc0
1.1.7.3235rc0
1.1.7.3238rc0
1.1.7.3240rc0
1.1.7.3242rc0
1.1.7.3244rc0
1.1.7.3246rc0
1.1.7.3251rc0
1.1.7.3258rc0
1.1.7.3261rc0
1.1.7.3263rc0
1.1.7.3265rc0
1.1.7.3268rc0
1.1.7.3270rc0
1.1.7.3273rc0
1.1.7.3275rc0
1.1.7.3277rc0
1.1.7.3283rc0
1.1.7.3285rc0
1.1.7.3302rc0
1.1.7.3312rc0
1.1.7.3316rc0
1.1.8
1.1.8.3321rc0
1.1.8.3332rc0
1.1.8.3335rc0
1.1.8.3341rc0
1.1.8.3344rc0
1.1.8.3346rc0
1.1.8.3348rc0
1.1.8.3350rc0
1.1.8.3354rc0
1.1.8.3356rc0
1.1.8.3358rc0
1.1.8.3361rc0
1.1.8.3366rc0
1.1.8.3368rc0
1.1.9.3370rc0
1.1.9.3372rc0
1.1.9.3376rc0
1.1.9.3387rc0
1.1.9.3390rc0
1.1.9.3395rc0
1.1.9.3398rc0
1.1.9.3400rc0
1.1.9.3411rc0
1.1.9.3427rc0
1.1.9.3432rc0
1.1.9.3434rc0
1.1.9.3442rc0
1.1.9.3444rc0
1.1.9.3448rc0
1.1.9.3453rc0
1.1.9.3458rc0
1.1.9.3464rc0
1.1.9.3467rc0
2.*
2.0.0
2.0.0.4250rc0
2.0.0.4372rc0
2.0.0.4378rc0
2.0.0.4380rc0
2.0.0.4398rc0
2.0.0.4400rc0
2.0.0.4434rc0
2.0.0.4460rc0
2.0.0.4478rc0
2.0.0.4494rc0
2.0.0.4515rc0
2.0.0.4524rc0
2.0.0.4535rc0
2.0.0.4538rc0
2.0.0.4569rc0
2.0.0.4575rc0
2.0.0.4580rc0
2.0.0.4582rc0
2.0.0.4585rc0
2.0.0.4588rc0
2.0.0.4591rc0
2.0.0.4603rc0
2.0.0.4606rc0
2.0.0.4610rc0
2.0.1
2.0.1.4638rc0
2.0.1.4642rc0
2.0.1.4648rc0
2.0.1.4650rc0
2.0.1.4654rc0
2.0.1.4657rc0
2.0.1.4660rc0
2.0.1.4675rc0
2.0.1.4685rc0
2.0.1.4705rc0
2.0.1.4709rc0
2.0.1.4716rc0
2.0.1.4720rc0
2.0.1.4722rc0
2.0.1.4730rc0
2.0.1.4732rc0
2.0.1.4745rc0
2.0.1.4750rc0
2.0.1.4756rc0
2.0.1.4760rc0
2.0.1.4762rc0
2.0.1.4764rc0
2.0.1.4774rc0
2.0.1.4777rc0
2.0.1.4779rc0
2.0.1.4782rc0
2.0.1.4790rc0
2.0.1.4792rc0
2.1.0
2.1.0.4809rc0
2.1.0.4813rc0
2.1.0.4815rc0
2.1.0.4817rc0
2.1.0.4819rc0
2.1.0.4921rc0
2.1.0.4929rc0
2.1.0.4935rc0
2.1.0.4937rc0
2.1.0.4939rc0
2.1.0.4951rc0
2.1.0.4954rc0
2.1.0.4957rc0
2.1.0.4959rc0
2.1.0.4971rc0
2.1.0.4978rc0
2.1.0.4980rc0
2.1.0.4984rc0
2.1.0.4992rc0
2.1.0.4995rc0
2.1.0.4999rc0
2.1.0.5001rc0
2.1.0.5004rc0
2.1.0.5021rc0
2.1.0.5028rc0
2.1.0.5036rc0
2.1.0.5040rc0
2.1.0.5078rc0
2.1.0.5082rc0
2.1.0.5097rc0
2.1.1
2.1.1.5103rc0
2.1.1.5119rc0
2.1.1.5121rc0
2.1.1.5123rc0
2.1.1.5125rc0
2.1.1.5127rc0
2.1.1.5138rc0
2.1.2
2.1.2.5140rc0
2.1.2.5147rc0
2.1.2.5149rc0
2.1.2.5152rc0
2.1.2.5154rc0
2.1.2.5156rc0
2.1.2.5158rc0
2.1.2.5161rc0
2.1.2.5171rc0
2.1.2.5173rc0
2.1.2.5175rc0
2.1.2.5180rc0
2.1.2.5182rc0
2.1.2.5184rc0
2.1.2.5192rc0
2.1.2.5196rc0
2.1.2.5202rc0
2.1.2.5217rc0
2.1.2.5221rc0
2.1.2.5223rc0
2.1.2.5232rc0
2.1.2.5234rc0
2.1.2.5236rc0
2.1.2.5238rc0
2.1.2.5240rc0
2.2.0
2.2.0.5242rc0
2.2.0.5263rc0
2.2.0.5279rc0
2.2.0.5309rc0
2.2.0.5311rc0
2.3.0.5324rc0
2.3.0.5328rc0
2.3.0.5336rc0
2.3.0.5354rc0
2.3.0.5362rc0
2.3.0.5364rc0
2.3.0.5368rc0
2.3.0.5370rc0
2.3.0.5376rc0
2.3.0.5382rc0
2.3.0.5384rc0
2.3.0.5397rc0
2.3.0.5399rc0
2.3.0.5401rc0
2.3.0.5404rc0
2.3.0.5412rc0
2.3.0.5414rc0
2.3.0.5418rc0
2.3.0.5423rc0
2.3.0.5438rc0
2.3.0.5445rc0
2.3.0.5447rc0
2.3.0.5455rc0
2.3.0.5459rc0
2.3.0.5461rc0
2.3.0.5465rc0
2.3.0.5467rc0
2.3.0.5473rc0
2.3.0.5477rc0
2.3.0.5479rc0
2.3.0.5482rc0
2.3.0.5484rc0
2.3.0.5489rc0
2.3.0.5491rc0
2.3.0.5504rc0
2.3.0.5515rc0
2.3.0.5518rc0
2.3.0.5520rc0
2.3.0.5522rc0
2.3.0.5524rc0
2.3.0.5532rc0
2.3.0.5538rc0
2.3.0.5546rc0
2.3.0.5809rc0
2.3.1
2.3.1.5815rc0
2.3.1.5818rc0
2.3.1.5820rc0
2.3.2
2.3.2.5825rc0
2.3.2.5827rc0
2.3.2.5829rc0
2.3.2.5832rc0
2.3.2.5836rc0
2.3.2.5838rc0
2.3.2.5841rc0
2.3.2.5848rc0
2.3.2.5850rc0
2.3.2.5855rc0
2.3.2.5874rc0
2.3.2.5889rc0
2.3.2.5893rc0
2.3.2.5897rc0
2.3.2.5904rc0
2.3.2.5906rc0
2.3.2.5909rc0
2.3.2.5913rc0
2.3.2.5915rc0
2.3.2.5927rc0
2.3.2.5938rc0
2.3.2.5942rc0
2.3.2.5944rc0
2.3.2.5950rc0
2.3.2.5958rc0
2.3.2.5967rc0
2.3.2.5971rc0
2.4.0
2.4.0.5974rc0
2.4.0.5977rc0
2.4.0.5984rc0
2.4.0.5986rc0
2.4.0.5988rc0
2.4.0.5992rc0
2.4.0.5995rc0
2.4.0.5997rc0
2.4.0.5999rc0
2.4.0.6005rc0
2.4.0.6007rc0
2.4.0.6031rc0
2.4.0.6037rc0
2.4.0.6039rc0
2.4.0.6045rc0
2.4.0.6050rc0
2.4.0.6067rc0
2.4.0.6073rc0
2.4.1
2.4.1.6075rc0
2.4.1.6077rc0
2.4.1.6089rc0
2.4.1.6094rc0
2.4.1.6095rc0
2.4.1.6100rc0
2.4.1.6107rc0
2.4.2
2.4.2.6109rc0
2.4.2.6590rc0
2.4.2.6596rc0
2.4.2.6608rc0
2.4.2.6611rc0
2.4.2.6615rc0
2.4.2.6621rc0
2.4.2.6623rc0
2.4.2.6635rc0
2.4.2.6638rc0
2.4.2.6653rc0
2.4.2.6655rc0
2.4.2.6659rc0
2.4.2.6677rc0
2.4.2.6706rc0
2.5.0
2.5.0.6715rc0
2.5.0.6719rc0
2.5.0.6721rc0
2.5.0.6730rc0
2.5.0.6734rc0
2.5.0.6737rc0
2.5.0.6742rc0
2.5.0.6747rc0
2.5.0.6765rc0
2.5.0.6769rc0
2.5.0.6773rc0
2.5.0.6779rc0
2.5.0.6782rc0
2.5.0.6790rc0
2.5.0.6803rc0
2.5.0.6807rc0
2.5.0.6817rc0
2.5.0.6831rc0
2.6.0
2.6.0.6840rc0
2.6.0.6842rc0
2.6.0.6846rc0
2.6.0.6851rc0
2.6.0.6853rc0
2.6.0.6856rc0
2.6.0.6871rc0
2.6.0.6879rc0
2.6.1
2.6.1.6901rc0
2.6.1.6913rc0
2.6.1.6915rc0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-63wh-p5fx-h4vc/GHSA-63wh-p5fx-h4vc.json"