VYPR

Deepchat

by Thinkinaixyz

Source repositories

CVEs (7)

  • CVE-2026-43899CriMay 11, 2026
    risk 0.55cvss 9.6epss 0.00

    DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass (RCE). While the patch correctly…

  • CVE-2026-43900CriMay 11, 2026
    risk 0.53cvss 9.3epss 0.00

    DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering…

  • CVE-2025-67744Dec 16, 2025
    risk 0.00cvss epss 0.01

    DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the…

  • CVE-2025-66481Dec 9, 2025
    risk 0.00cvss epss 0.00

    DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using…

  • CVE-2025-66222Dec 3, 2025
    risk 0.00cvss epss 0.01

    DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the…

  • CVE-2025-58768Sep 9, 2025
    risk 0.00cvss epss 0.01

    DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using `innerHTML` to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger…

  • CVE-2025-55733Aug 19, 2025
    risk 0.00cvss epss 0.01

    DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a…