Arc53 Docsgpt vulnerabilities
4 known vulnerabilities affecting arc53/docsgpt.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-0868P1CRITICALCVSS 9.3ExploitedPoC≥ 0.8.1, ≤ 0.12.02025-02-20
CVE-2025-0868 [CRITICAL] CWE-95 CVE-2025-0868: A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint..
This issue affects DocsGPT: from 0.8.1 through 0.12.0.
ghsanvdosv
CVE-2026-26015P2CRITICALCVSS 9.8v0.15.0v>= 0.15.0, < 0.16.02026-04-29
CVE-2026-26015 [CRITICAL] CWE-77 CVE-2026-26015: DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an at
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
nvd
CVE-2024-31451P4MEDIUMCVSS 5.3fixed in 0.8.12024-04-16
CVE-2024-31451 [MEDIUM] CWE-22 CVE-2024-31451: DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited fi
DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.
nvd
CVE-2026-13483P4LOWCVSS 3.1v0.1v0.2+16 more2026-06-28
CVE-2026-13483 [LOW] CWE-345 CVE-2026-13483: A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_cr
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The complexity of an attack is rather h
nvd