GPT Academic Code Issues and Vulnerabilities

GPT Academic is an interface developed by binary-husky developers, designed to provide practical interactions for large language models like GPT/GLM. There are code vulnerabilities in GPT Academic; these vulnerabilities stem from the runinsubprocesswrapperfunc function, which lacks validation of...

EUVD-2024-32904

Malicious code in bioql PyPI...

EUVD-2025-7004

Malicious code in bioql PyPI...

EUVD-2025-7018

Malicious code in bioql PyPI...

EUVD-2025-6830

Malicious code in bioql PyPI...

EUVD-2025-7086

Malicious code in bioql PyPI...

EUVD-2024-33574

Malicious code in bioql PyPI...

EUVD-2025-7014

Malicious code in bioql PyPI...

EUVD-2025-7048

Malicious code in bioql PyPI...

EUVD-2025-7046

Malicious code in bioql PyPI...

EUVD-2025-7017

Malicious code in bioql PyPI...

EUVD-2025-7056

Malicious code in bioql PyPI...

EUVD-2025-7020

Malicious code in bioql PyPI...

CVE-2025-10236

A vulnerability has been found in binary-husky gptacademic up to 3.91. Impacted is the function mergetexfiles of the file crazyfunctions/latexfns/latextoolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input leads to path traversal. The attack may be launched...

CVE-2025-10236

CVE-2025-10236 affects binary-husky gpt_academic up to version 3.91. The vulnerability resides in the LaTeX File Handler’s merge_tex_files_ function inside crazy_functions/latex_fns/latex_toolbox.py, where untrusted input passed to the \

PT-2025-37110

Name of the Vulnerable Software and Affected Versions: binary-husky gpt academic versions up to 3.91 Description: A path traversal issue exists in the LaTeX File Handler component of binary-husky gpt academic. The merge tex files function within the crazy functions/latex fns/latex toolbox.py file...

CVE-2024-10101

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2024-12392

A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

CVE-2024-12388

A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...