VYPR

PyPI package

local-deep-research

pkg:pypi/local-deep-research

Vulnerabilities (2)

  • CVE-2026-43979MedMay 28, 2026
    affected < 1.6.0fixed 1.6.0

    Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metada

  • CVE-2025-67743Dec 23, 2025
    affected >= 1.3.0, < 1.3.9fixed 1.3.9

    Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests