gitsafehub
github.com/openai/chatgpt-retrieval-plugin ↗

openai/chatgpt-retrieval-plugin

scanned 2026-05-29 · git b28ddce
3 of 6 checks flagged a security issue
🔴 Needs attention
6 checks ran. Start with known oss vulnerabilities below.

Informational scan, not a security audit. How this is computed.

Leaked secrets4Vulnerable dependencies123Known OSS vulnerabilities157Risky code patternsMalicious dependenciesProject health10

Security checks

Leaked secrets — Gitleaks 4 found · 4 serious

API keys, passwords or tokens committed into the repo.

  • Serious jwt Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    examples/providers/azurecosmosdb/semantic-search.ipynb:84
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Serious jwt Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    docs/providers/supabase/setup.md:52
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Serious jwt Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    docs/providers/supabase/setup.md:53
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Serious jwt Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    docs/providers/supabase/setup.md:60
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.

via Gitleaks v8.21.2 · MIT

Vulnerable dependencies — Trivy 123 found · 8 serious

Packages you depend on that have known security holes (CVEs).

  • Serious CVE-2026-27962 authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability
    poetry.lock
    A package you depend on has a known security hole (CVE-2026-27962). Fix: Update that package to its patched version.
  • Serious CVE-2025-43859 h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-43859). Fix: Update that package to its patched version.
  • Serious CVE-2025-68664 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-68664). Fix: Update that package to its patched version.
  • Serious CVE-2023-39662 llama-index vulnerable to arbitrary code execution
    poetry.lock
    A package you depend on has a known security hole (CVE-2023-39662). Fix: Update that package to its patched version.
  • Serious CVE-2024-23751 SQL injection in llama-index
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-23751). Fix: Update that package to its patched version.
  • Serious CVE-2025-1793 llama_index vulnerable to SQL Injection
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-1793). Fix: Update that package to its patched version.
  • Serious CVE-2023-50447 Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2023-50447). Fix: Update that package to its patched version.
  • Serious CVE-2024-3829 qdrant input validation failure
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-3829). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-23334 aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-23334). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-30251 aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-30251). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-69223 aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-69223). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-23829 aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-23829). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-27306 aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-27306). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-52304 aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-52304). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-69227 aiohttp: aiohttp: Denial of Service via specially crafted POST request
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-69227). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-69228 aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-69228). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-69229 aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-69229). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-22815 aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling
    poetry.lock
    A package you depend on has a known security hole (CVE-2026-22815). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-34515 aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows
    poetry.lock
    A package you depend on has a known security hole (CVE-2026-34515). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-34516 aiohttp: AIOHTTP: Denial of Service via excessive multipart headers
    poetry.lock
    A package you depend on has a known security hole (CVE-2026-34516). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-34525 aiohttp: aiohttp: Security bypass via multiple Host headers
    poetry.lock
    A package you depend on has a known security hole (CVE-2026-34525). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-37568 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2024-37568). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-59420 Authlib is a Python library which builds OAuth and OpenID Connect serv ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-59420). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-61920 Authlib is a Python library which builds OAuth and OpenID Connect serv ...
    poetry.lock
    A package you depend on has a known security hole (CVE-2025-61920). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-28490 authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5
    poetry.lock
    A package you depend on has a known security hole (CVE-2026-28490). Fix: Update that package to its patched version.
… 98 more not shown

via Trivy v0.70.0 · Apache-2.0

Known OSS vulnerabilities — OSV-Scanner 157 found · 8 serious

Your dependencies cross-checked against the OSV vulnerability database.

  • Serious GHSA-wvwj-cvrp-7pv5 Authlib JWS JWK Header Injection: Signature Verification Bypass
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-vqfr-h8mv-ghfj h11 accepts some malformed Chunked-Encoding bodies
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-c67j-w6g6-q2cm LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-2jxw-4hm4-6w87 SQL injection in llama-index
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-2xxc-73fv-36f7 llama-index vulnerable to arbitrary code execution
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-v3c8-3pr6-gr7p llama_index vulnerable to SQL Injection
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-3f63-hfp8-52jq Arbitrary Code Execution in Pillow
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Serious GHSA-7m75-x27w-r52r qdrant input validation failure
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-5h86-8mv2-jq9f aiohttp is vulnerable to directory traversal
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-5m98-qgg9-wh84 aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-6mq8-rvhq-8wgg AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-5357-c2jx-v7qh Authlib has algorithm confusion with asymmetric public keys
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-7432-952r-cw78 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-9ggr-2464-2j32 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-m344-f55w-2m6j Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-pq5p-34cr-23v9 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-jm66-cg57-jjv5 Azure Core is vulnerable to deserialization of untrusted data
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-3ww4-gg4f-jr7f Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-6vqw-3v5j-54x4 cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-r6ph-v2qm-q3c2 cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-2mqj-m65w-jghx Untrusted search path under some conditions on Windows allows arbitrary code execution
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-7545-fcxq-7j24 GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-mv93-w799-cj2w GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-rpm5-65cw-6hj4 GitPython has Command Injection via Git options bypass
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-v87r-6q3f-2j67 GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath
    /workdirs/scan-120ddf6e-1e11-4902-8779-deb9a9e32753/poetry.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
… 132 more not shown

via OSV-Scanner v1.9.2 · Apache-2.0

Risky code patterns — Semgrep none found ✓

Code that can be exploited — injection, hardcoded credentials and similar.

Nothing found by this check. ✓

via Semgrep v1.147.0 · LGPL-2.1

Malicious dependencies — Guarddog none found ✓

Packages that look intentionally malicious — typosquats, sneaky install scripts.

Nothing found by this check. ✓

via Guarddog v2.10.0 · Apache-2.0

Project health

A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.

Project health — OpenSSF Scorecard 10 notes

Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.

  • Worth fixing scorecard-overall OpenSSF Scorecard overall: 2.6/10
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CI-Tests CI-Tests scored 0: 0 out of 25 merged PRs checked by a CI test -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Fuzzing Fuzzing scored 0: project is not fuzzed
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Security-Policy Security-Policy scored 0: security policy file not detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Vulnerabilities Vulnerabilities scored 0: 131 existing vulnerabilities detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.

via OpenSSF Scorecard v5.5.0 · Apache-2.0

About these results. Six open-source checks ran in parallel; every finding is tagged with the tool that produced it. The verdict follows a published rule. False positives and false negatives are normal — a clean scan does not mean the code is secure, and a red verdict does not mean the project is compromised.