PyPI package
local-deep-research
pkg:pypi/local-deep-research
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-43979 | Med | 5.0 | < 1.6.0 | 1.6.0 | May 28, 2026 | Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metada | |
| CVE-2025-67743 | — | >= 1.3.0, < 1.3.9 | 1.3.9 | Dec 23, 2025 | Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests |
- affected < 1.6.0fixed 1.6.0
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metada
- CVE-2025-67743Dec 23, 2025affected >= 1.3.0, < 1.3.9fixed 1.3.9
Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests