📦 Gpt Academic
by Binary Husky
🔍 What is Gpt Academic?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2026-0763 is a critical deserialization vulnerability in GPT Academic's run_in_subprocess_wrapper_func that allows unauthenticated remote attackers to execute arbitrary code as root. All installat...
CVE-2026-0764 is a critical deserialization vulnerability in GPT Academic's upload endpoint that allows unauthenticated remote attackers to execute arbitrary code with root privileges. This affects al...
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of GPT Academic by sending malicious serialized data. Any device exposing GPT Academic servi...
This vulnerability allows remote attackers to execute arbitrary code with root privileges on GPT Academic installations by exploiting insecure deserialization in the stream_daas function. Attackers ca...
A path traversal vulnerability in binary-husky/gpt_academic allows attackers to write arbitrary files outside the intended extraction directory when processing user-provided 7z archives. This can lead...
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of binary-husky/gpt_academic. Attackers can exploit improper RAR file validation to write ma...
This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of binary-husky/gpt_academic by exploiting insecure pickle deserialization. Attackers ca...
This vulnerability allows attackers to execute arbitrary code on servers running vulnerable versions of binary-husky/gpt_academic through prompt injection in the CodeInterpreter plugin. Users running ...
This vulnerability allows remote code execution on servers running vulnerable versions of the gpt_academic manim plugin. Attackers can inject malicious code through LLM prompts, which gets executed wi...
CVE-2024-10956 is a Cross-Site WebSocket Hijacking vulnerability in GPT Academy version 3.83 that allows attackers to hijack WebSocket connections between users and the server. This enables unauthoriz...
GPT Academic version 3.83 contains a Local File Inclusion vulnerability in its HotReload function that allows attackers to read arbitrary files on the server. The vulnerability affects systems running...
GPT Academic version 3.83 contains a Server-Side Request Forgery (SSRF) vulnerability in its HotReload plugin function. Attackers can exploit this to make the Gradio web server access unauthorized int...
This SSRF vulnerability in GPT Academic allows attackers to make the server request arbitrary web resources using its credentials. It affects users running version 3.83 of binary-husky/gpt_academic wi...
A CSRF vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to trick authenticated users into uploading malicious files without their consent. This can lead to stored XSS attacks w...
CVE-2025-25185 is a path traversal vulnerability in GPT Academic that allows attackers to read arbitrary files on the server by exploiting improper symlink handling during archive extraction. Attacker...
A path traversal vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to read arbitrary files on the host system by manipulating the file parameter with URL encoding. This affects ...
This vulnerability allows attackers to perform path traversal attacks through the LaTeX file handler in gpt_academic. By manipulating the \input{} argument in LaTeX files, attackers can access files o...
A stored XSS vulnerability in binary-husky/gpt_academic's Latex Proof-Reading Module allows attackers to inject malicious scripts into debug_log.html files. When administrators view these debug report...
This vulnerability allows attackers to crash servers running the binary-husky/gpt_academic repository by uploading specially crafted zip bombs. When the server decompresses these malicious files, it a...
This vulnerability allows attackers to cause a denial of service by providing specially crafted regular expressions to the '解析项目源码(手动指定和筛选源码文件类型)' function in...
A Denial of Service vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to crash the server by uploading files with excessively long filenames. This affects all users running the ...
An open redirect vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to redirect users to malicious websites via the 'file' parameter. This affects users of the gpt_academic softw...