Local Deep Research achieves ~95% on SimpleQA benchmark (tested with GPT-4.1-mini). Supports local and cloud LLMs (Ollama, Google, Anthropic, ...). Searches 10+ sources - arXiv, PubMed, web, and your private documents. Everything Local & Encrypted.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"local-deep-research": {
"env": {
"LDR_LLM_PROVIDER": "openai",
"LDR_LLM_OPENAI_API_KEY": "sk-..."
},
"command": "ldr-mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
AI-powered research assistant for deep, agentic research
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'local-deep-research' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
local-deep-research has an SSRF bypass in `safe_get`
### Summary The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. ### Details The current project uses `validate_url` to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks. <img width="1173" height="1107" alt="QQ20260430-212334-30-1" src="https://github.com/user-attachments/assets/52b356aa-9ad3-4b1d-a472-39a2ada3ea23" /> Howeve
local-deep-research is Vulnerable to HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
## Summary `PDFService._markdown_to_html()` constructs an HTML document by interpolating user-controlled values — specifically `title` (sourced from `research.title` or `research.query`) and `metadata` key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Serv
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
## Summary The download service (`download_service.py`) makes HTTP requests using raw `requests.get()` without utilizing the application's SSRF protection (`safe_requests.py`). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. **CWE**: CWE-918 (Server-Side Request Forger
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in search / ai-ml
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
Production ready MCP server with real-time search, extract, map & crawl.
Dynamic problem-solving through sequential thought chains
Web and local search using Brave Search API
MCP Security Weekly
Get CVE alerts and security updates for Local Deep Research and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.