Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Open_webui
(Openwebui)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-16 | CVE-2024-30256 | Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117. | Open_webui | N/A | ||
| 2025-05-05 | CVE-2025-46571 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files uploaded by low-privileged users can only be viewed by admins or themselves, limiting... | Open_webui | 5.4 | ||
| 2025-05-05 | CVE-2025-46719 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's access token and gain full control over their account. Chat transcripts can be shared... | Open_webui | 5.4 | ||
| 2025-04-21 | CVE-2025-29446 | open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. | Open_webui | N/A | ||
| 2024-08-07 | CVE-2024-6706 | Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | Open_webui | 6.1 | ||
| 2024-08-07 | CVE-2024-6707 | Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | Open_webui | 8.8 | ||
| 2024-10-09 | CVE-2024-7038 | An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. | Open_webui | 2.7 | ||
| 2024-10-10 | CVE-2024-7049 | In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process. | Open_webui | 5.4 |