2991 matches found
CVE-2026-27026 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-2Q4J-M29V-HQ73 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-27025 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-27024 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-29VQ-49WR-VM6X vulnerabilities
Vulnerabilities for packages: airflow, superset, kubeflow-volumes-web-app, open-webui, emissary, tensorflow-cpu-jupyter, mlflow, kubeflow-pipelines-visualization-server...
CVE-2026-27199 vulnerabilities
Vulnerabilities for packages: airflow, superset, kubeflow-volumes-web-app, open-webui, emissary, tensorflow-cpu-jupyter, mlflow, kubeflow-pipelines-visualization-server...
CVE-2026-27205 vulnerabilities
Vulnerabilities for packages: airflow, kubeflow-volumes-web-app, open-webui, mitmproxy, mlflow, emissary...
GHSA-68RP-WP8R-4726 vulnerabilities
Vulnerabilities for packages: airflow, kubeflow-volumes-web-app, open-webui, mitmproxy, mlflow, emissary...
CVE-2026-26193
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...
CVE-2026-26192
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...
GHSA-WGVP-VG3V-2XQ3 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-9MVC-8737-8J8H vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-27026 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-27024 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-68RP-WP8R-4726 vulnerabilities
Vulnerabilities for packages: open-webui, kubeflow-volumes-web-app, emissary, mlflow, airflow-core, airflow, mitmproxy...
GHSA-29VQ-49WR-VM6X vulnerabilities
Vulnerabilities for packages: open-webui, litellm, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, tensorflow-gpu-jupyter, azure-functions-python-worker, mlflow, airflow-core, tensorflow-cpu-jupyter, localstack, airflow, emissary, superset...
CVE-2026-27199 vulnerabilities
Vulnerabilities for packages: open-webui, litellm, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, tensorflow-gpu-jupyter, azure-functions-python-worker, mlflow, airflow-core, tensorflow-cpu-jupyter, localstack, airflow, emissary, superset...
VulnCheck KEV: CVE-2024-6250
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2026-26193
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...
CVE-2026-26192
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...