AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

PT-2025-47033

Name of the Vulnerable Software and Affected Versions AstrBot version 3.5.15 Description The software uses a hard-coded private key, "Advanced System for Text Response and Bot Operations Tool", to sign JSON Web Tokens JWT, which are compact, URL-safe means of representing claims to be transferred...

EUVD-2025-176271

Malicious code in spectron-commitizen-server-jwt npm...

EUVD-2025-178062

Malicious code in lithosphere-buffer-jwt-prettier npm...

EUVD-2025-175454

Malicious code in yaml-cache-sails-jwt npm...

EUVD-2025-178873

Malicious code in forever-cygnus-postcss-jwt npm...

MAL-2025-187009 Malicious code in forever-cygnus-postcss-jwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89fd6949db8f73f60ad61fd46e85a491a3d296a9479c600d2a79f928c0d66e92 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

GHSA-9MJ6-HXHV-W67J jose2go is vulnerable to a JWT bomb attack through its decode function

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

EUVD-2025-121074

Malicious code in typeorm-pipe-dynamo-jwt npm...

EUVD-2025-123873

Malicious code in pegasus-redis-jwt-semantic-ui npm...

EUVD-2025-123321

Malicious code in procyon-kastra-jwt-css-minimizer-webpack-plugin npm...

EUVD-2025-113439

Malicious code in foundation-sync-jwt-dependencies npm...

EUVD-2025-115684

Malicious code in carina-resolvers-jwt-xo npm...

EUVD-2025-116533

Malicious code in arcturus-fork-cassini-jwt npm...

EUVD-2025-112021

Malicious code in jwt-wolf-solis-query npm...

EUVD-2025-112032

Malicious code in jwt-nebula-module-colors npm...

EUVD-2025-112041

Malicious code in jwt-figures-ora-commitizen npm...

EUVD-2025-120937

Malicious code in update-chai-non-blocking-jwt npm...

MAL-2025-144070 Malicious code in jwt-bulma-private-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6440b82a3e373f0f05f339f463a887f1b1c5f60136c927d1d72f65b011de2bf1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112038

Malicious code in jwt-gravity-europa-hexo npm...