VYPR

npm package

deepseek-tui

pkg:npm/deepseek-tui

Vulnerabilities (2)

  • CVE-2026-45311CriMay 28, 2026
    affected >= 0.3.0, < 0.8.23fixed 0.8.23

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries,

  • CVE-2026-45310HigMay 28, 2026
    affected < 0.8.22fixed 0.8.22

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to prevent SSRF attacks against internal services (cloud metadata endpoints, localho