4 matches found
CVE-2025-63681
creationtimestamp| type| source ---|---|--- 2025-12-04 18:41:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m76mpsverh26...
openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-63681 via open-webui (=0.6.0)
open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-63681 Source advisory: OSV:GHSA-FRV8-GFFC-37PX...
CVE-2025-63681
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...
openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-63681 via open-webui (=0.6.0)
open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-63681 Source advisory: SNYK:PYTHON-OPENWEBUI-14190592...