| CVE-2026-41488 | angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding | langchain-ai | langchain-openai | Low | 3.1 | 2026-04-24 20:57:26 | Deep Dive |
| CVE-2026-5803 | bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery | bigsk1 | openai-realtime-ui | Medium | 6.3 | 2026-04-08 20:15:21 | Deep Dive |
| CVE-2025-13922 | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause | stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | Medium | 6.5 | 2025-12-06 04:37:51 | Deep Dive |
| CVE-2025-13359 | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection | stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | Medium | 6.5 | 2025-12-03 13:52:46 | Deep Dive |
| CVE-2025-13354 | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation | stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | Medium | 4.3 | 2025-12-03 13:52:43 | Deep Dive |
| CVE-2025-12973 | S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload | oc3dots | S2B AI Assistant – ChatBot, AI Agents, ChatGPT API, Image Generator | High | 7.2 | 2025-11-21 16:28:14 | Deep Dive |
| CVE-2025-11972 | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.0 - Authenticated (Editor+) SQL Injection | stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | Medium | 4.9 | 2025-11-08 03:27:48 | Deep Dive |
| CVE-2025-59532 | Codex has sandbox bypass due to bug in path configuration logic | openai | codex | - | - | 2025-09-22 20:26:43 | Deep Dive |
| CVE-2025-7725 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-08-01 04:24:29 | Deep Dive |
| CVE-2025-54558 | OpenAI Codex CLI 安全漏洞 | OpenAI | Codex CLI | Medium | 4.1 | 2025-07-25 00:00:00 | Deep Dive |
| CVE-2025-6716 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-07-11 06:43:33 | Deep Dive |
| CVE-2025-7021 | OpenAI Operator - API Spoofing through Locking Operator on FullScreen | OpenAI | Operator | - | - | 2025-07-10 19:09:41 | Deep Dive |
| CVE-2025-31843 | WordPress OpenAI Tools for WordPress & WooCommerce plugin <= 2.2.1 - Broken Access Control vulnerability | Wilson | OpenAI Tools for WordPress & WooCommerce | Medium | 4.3 | 2025-04-01 14:51:56 | Deep Dive |
| CVE-2025-2334 | 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control | 274056675 | springboot-openai-chatgpt | Medium | 5.4 | 2025-03-15 23:00:09 | Deep Dive |
| CVE-2025-2323 | 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow | 274056675 | springboot-openai-chatgpt | Medium | 4.3 | 2025-03-15 17:00:40 | Deep Dive |
| CVE-2025-2322 | 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials | 274056675 | springboot-openai-chatgpt | High | 7.3 | 2025-03-15 13:31:08 | Deep Dive |
| CVE-2025-2321 | 274056675 springboot-openai-chatgpt addData logic error | 274056675 | springboot-openai-chatgpt | Medium | 6.3 | 2025-03-15 12:00:11 | Deep Dive |
| CVE-2025-2320 | 274056675 springboot-openai-chatgpt User submit improper authorization | 274056675 | springboot-openai-chatgpt | High | 7.3 | 2025-03-14 22:00:09 | Deep Dive |
| CVE-2024-11896 | Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | flippercode | Text Prompter – Unlimited chatgpt text prompts for openai tasks | Medium | 6.4 | 2024-12-24 08:22:03 | Deep Dive |
| CVE-2024-52384 | WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability | wpmonks | Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation | Critical | 9.9 | 2024-11-14 17:35:26 | Deep Dive |