deepseek-tui
crates.io4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting deepseek-tuipage 1 of 1
- CVE-2026-45310HIGHCVSS 7.4EG 7.4✓ Fixed in 0.8.222026-05-28
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to prevent SSRF attacks against internal se…
- CVE-2026-45311CRITICALCVSS 9.6EG 9.6✓ Fixed in 0.8.232026-05-28
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles an…
- CVE-2026-45373HIGHCVSS 7.4EG 7.4✓ Fixed in 0.8.262026-05-28
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as http://[::1], the SSRF defenses do no…
- CVE-2026-45374CRITICALCVSS 9.6EG 9.6✓ Fixed in 0.8.262026-05-28
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) an…
Check whether deepseek-tui is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for deepseek-tui CVEs against the assets you own.
Start Free Scan →