VYPR

gpt_academic

by Gpt Academic

Source repositories

CVEs (4)

  • CVE-2024-10986HigMar 20, 2025
    risk 0.57cvss 8.8epss 0.01

    GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip…

  • CVE-2024-11030HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper sanitization. This allows attackers to exploit the vulnerability to…

  • CVE-2024-31224CriApr 8, 2024
    risk 0.00cvss 9.8epss 0.01

    GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT…

  • CVE-2023-33979MedMay 31, 2023
    risk 0.00cvss 6.5epss 0.01

    gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure.…