VYPR
Vendor

Learningcircuit

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-57806MedSep 3, 2025
    risk 0.38cvss epss 0.00

    Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database…

  • CVE-2026-46526MedMay 28, 2026
    risk 0.26cvss 5.0epss 0.00

    Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate_url to validate…

  • CVE-2026-43979MedMay 28, 2026
    risk 0.26cvss 5.0epss 0.00

    Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and…

  • CVE-2025-67743Dec 23, 2025
    risk 0.00cvss epss 0.00

    Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection…