Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

120 matches found

NVD
NVDadded yesterday4 views

CVE-2026-54014

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00038EPSS
Exploits0References1
Cvelist
Cvelistadded yesterday15 views

CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00038EPSS
Exploits0References1
Cvelist
Cvelistadded 6 days ago20 views

CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00368EPSS
Exploits0References1
Wolfi
Wolfiadded 2026/06/15 8:35 p.m.7 views

GHSA-248M-82V9-Q6G6 vulnerabilities

Vulnerabilities for packages: open-webui...

5.2AI score
Exploits0
Wolfi
Wolfiadded 2026/06/15 8:35 p.m.6 views

GHSA-CJ93-CHG6-VGV8 vulnerabilities

Vulnerabilities for packages: open-webui...

5.2AI score
Exploits0
Circl
Circladded 2026/06/11 7:14 p.m.9 views

CVE-2026-54022

creationtimestamp| type| source ---|---|--- 2026-06-11 19:14:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8788-j68r-3cgh...

5.3CVSS5AI score0.00045EPSS
Exploits0References1
Circl
Circladded 2026/06/11 7:9 p.m.7 views

CVE-2026-54019

creationtimestamp| type| source ---|---|--- 2026-06-11 19:09:52+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-p5cp-r7rg-qpxc...

6.5CVSS5AI score0.0003EPSS
Exploits0References1
Circl
Circladded 2026/06/11 7:6 p.m.5 views

CVE-2026-54016

creationtimestamp| type| source ---|---|--- 2026-06-11 19:06:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6...

4.3CVSS5AI score0.00022EPSS
Exploits0References1
Circl
Circladded 2026/06/11 7:5 p.m.6 views

CVE-2026-54015

creationtimestamp| type| source ---|---|--- 2026-06-11 19:05:34+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4r4w-2wgp-w7cj...

6.4CVSS5AI score0.00038EPSS
Exploits0References1
Circl
Circladded 2026/06/11 7:4 p.m.4 views

CVE-2026-54014

creationtimestamp| type| source ---|---|--- 2026-06-11 19:04:46+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c...

4.3CVSS5AI score0.00038EPSS
Exploits0References1
Circl
Circladded 2026/06/11 7:2 p.m.5 views

CVE-2026-54013

creationtimestamp| type| source ---|---|--- 2026-06-11 19:02:12+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-v2qm-5wxj-qhj7...

7.6CVSS5AI score0.00057EPSS
Exploits0References1
Circl
Circladded 2026/06/11 6:58 p.m.4 views

CVE-2026-54012

creationtimestamp| type| source ---|---|--- 2026-06-11 18:58:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-vjqm-6gcc-62cr...

7.1CVSS5AI score0.00031EPSS
Exploits0References1
Circl
Circladded 2026/06/11 6:56 p.m.5 views

CVE-2026-54008

creationtimestamp| type| source ---|---|--- 2026-06-11 18:56:45+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-226f-f24g-524w...

8.5CVSS5AI score0.00028EPSS
Exploits0References1
Circl
Circladded 2026/06/11 6:55 p.m.6 views

CVE-2026-54006

creationtimestamp| type| source ---|---|--- 2026-06-11 18:55:57+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-f3g7-59qc-pqg6...

4.3CVSS5AI score0.00022EPSS
Exploits0References1
Chainguard
Chainguardadded 2026/06/04 1:18 a.m.5 views

GHSA-62Q4-447F-WV8H vulnerabilities

Vulnerabilities for packages: open-webui...

5.8AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/05/19 1:56 p.m.9 views

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/19 1:58 a.m.10 views

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References1
CVE
CVEadded 2026/05/15 9:46 p.m.19 views

CVE-2026-45338

Open WebUI CVE-2026-45338 describes an SSRF in _process_picture_url() (oauth.py) where the server fetches URLs from OAuth picture claims without validate_url(), enabling requests to internal resources and exfiltration of the full response. Affected software before the fix: Open WebUI prior to ver...

7.7CVSS6AI score0.00381EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/15 9:3 p.m.30 views

CVE-2026-44569 Open WebUI: Insecure Message Access Breaks Authorization

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS0.00266EPSS
Exploits1References1
CVE
CVEadded 2026/05/15 8:40 p.m.19 views

CVE-2026-45400

CVE-2026-45400 relates to Open WebUI SSRF bypass in validate_url caused by a mismatch between urlparse and requests hostname handling. Before version 0.9.5, URLs like http://127.0.0.1:[email protected] could pass validation because hostname parsing treated the public IP (1.1.1.1) as the target, while ...

8.5CVSS5.8AI score0.00292EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder