CVE-2025-0868: DocsGPT Allows Remote Code Execution
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.
This issue affects DocsGPT: from 0.8.1 through 0.12.0.
References
Detect and mitigate CVE-2025-0868 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →