Vulnerability in Learningcircuit Local-deep-research

CVE-2025-57806

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not cl…

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

Learningcircuit Local-deep-research — versions >= 0.2.0, < 1.0.0

Weakness classification (CWE)

References

https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-4h8c-qrcq-cv5c (x_refsource_CONFIRM)
https://github.com/LearningCircuit/local-deep-research/pull/578 (x_refsource_MISC)
http://github.com/LearningCircuit/local-deep-research/releases/tag/v1.0.0 (x_refsource_MISC)