Critical
CVSS: 9.8
GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exp…
Critical
CVSS: 9.8
GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authenticatio…
High
CVSS: 8.1
GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAA…
Medium
CVSS: 5.3
A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument…
Medium
CVSS: 5.4
A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the `debug_log.html` file generate…
Medium
CVSS: 6.5
A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit…
Medium
CVSS: 6.5
A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain r…
High
CVSS: 8.8
A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symli…
High
CVSS: 8.8
A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guara…
Medium
CVSS: 6.5
A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain cr…
Medium
CVSS: 6.5
A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into…
High
CVSS: 8.8
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt_academic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by…
Medium
CVSS: 6.5
A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive information such as the OpenAI API key. T…
Medium
CVSS: 6.5
A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker ca…
High
CVSS: 7.5
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin fun…
High
CVSS: 7.5
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper sanitization. This allows attack…
High
CVSS: 8.8
GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, th…
High
CVSS: 7.1
GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and…
High
CVSS: 8.8
In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper…
High
CVSS: 8.8
In binary-husky/gpt_academic version