cbcvebase.

Thinkinaixyz Deepchat vulnerabilities

6 known vulnerabilities affecting thinkinaixyz/deepchat.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6

Vulnerabilities

Page 1 of 1
CVE-2025-55733P2CRITICALCVSS 9.6fixed in 1.0.4-beta.12025-08-19
CVE-2025-55733 [CRITICAL] CWE-94 CVE-2025-55733: DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3 DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the
nvd
CVE-2025-66481P3CRITICALCVSS 9.6≤ 0.5.12025-12-09
CVE-2025-66481 [CRITICAL] CWE-79 CVE-2025-66481: DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attributes combined with HTML entity encoding. Remote Code Exec
nvd
CVE-2025-67744P3CRITICALCVSS 9.6fixed in 0.5.32025-12-16
CVE-2025-67744 [CRITICAL] CWE-94 CVE-2025-67744: DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and ag DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw esc
nvd
CVE-2025-58768P3CRITICALCVSS 9.6fixed in 0.3.52025-09-09
CVE-2025-58768 [CRITICAL] CWE-94 CVE-2025-58768: DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid c DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using `innerHTML` to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain, leading to command execution. This vulnerability is
nvd
CVE-2025-66222P3CRITICALCVSS 9.6fixed in 0.5.02025-12-03
CVE-2025-66222 [CRITICAL] CWE-94 CVE-2025-66222: DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC bridge, this XSS can be escalated to Remote Code Executi
nvd
CVE-2026-43900P3CRITICALCVSS 9.3fixed in 1.0.4-beta.12026-05-11
CVE-2026-43900 [CRITICAL] CWE-79 CVE-2026-43900: DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and ag DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (src/main/lib/svgSanitizer.ts) restricts script exec
nvd
Thinkinaixyz Deepchat vulnerabilities | cvebase