Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-7429-hxcv-268m
  • PyPI/open-webui
 Open WebUI has Broken Access Control in Tool Valves 01 Apr
  • Fix available
  • Severity - 7.7 (High)
GHSA-w9f8-gxf9-rhvw
  • PyPI/open-webui
 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories 27 Mar
  • Fix available
  • Severity - 3.1 (Low)
GHSA-26gm-93rw-cchf
  • PyPI/open-webui
 Open WebUI has unauthorized deletion of knowledge files 27 Mar
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-jjp7-g2jw-wh3j
  • PyPI/open-webui
 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite 27 Mar
  • Fix available
  • Severity - 7.1 (High)
GHSA-vvxm-vxmr-624h
  • PyPI/open-webui
 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` 27 Mar
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-c6xv-rcvw-v685
  • PyPI/open-webui
 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web 04 Dec 2025
  • Fix available
  • Severity - 8.5 (High)
GHSA-frv8-gffc-37px
  • PyPI/open-webui
 open-webui is Vulnerable to Incorrect Access Control 04 Dec 2025
  • No fix available
  • Severity - 2.1 (Low)
GHSA-cm35-v4vp-5xvx
  • PyPI/open-webui
  • npm/open-webui
 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events 07 Nov 2025
  • Fix available
  • Severity - 7.3 (High)
GHSA-w7xj-8fx7-wfch
  • PyPI/open-webui
  • npm/open-webui
 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE 07 Nov 2025
  • Fix available
  • Severity - 8.7 (High)
GHSA-5ccf-884p-4jjq
  • PyPI/open-webui
  • npm/open-webui
 Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-5v9m-57mq-qc75
  • PyPI/open-webui
 Open WebUI denial of service through endpoint for converting markdown 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-9vf8-xgwm-97r8
  • PyPI/open-webui
 Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint 20 Mar 2025
  • No fix available
  • Severity - 7.5 (High)
GHSA-ff5c-56m7-vc75
  • PyPI/open-webui
 Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions 20 Mar 2025
  • Fix available
  • Severity - 8.1 (High)
GHSA-gj27-76gq-5v3p
  • PyPI/open-webui
 Open WebUI stored cross-site scripting (XSS) vulnerability 20 Mar 2025
  • No fix available
  • Severity - 8.4 (High)
GHSA-43g4-487m-5q6m
  • PyPI/open-webui
 Open WebUI Vulnerable to a Session Fixation Attack 20 Mar 2025
  • No fix available
  • Severity - 7.6 (High)
GHSA-6wj5-5pgr-jwq8
  • PyPI/open-webui
 Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file 20 Mar 2025
  • Fix available
  • Severity - 7.5 (High)
Load more...(2 pages left)