2898 matches found
CVE-2026-41168 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-41182 vulnerabilities
Vulnerabilities for packages: langfuse, open-webui...
CVE-2026-42215 vulnerabilities
Vulnerabilities for packages: checkov, mlflow, open-webui...
CVE-2026-42284 vulnerabilities
Vulnerabilities for packages: checkov, mlflow, open-webui...
CVE-2026-41425 vulnerabilities
Vulnerabilities for packages: airflow, mlflow, open-webui...
CVE-2026-41205 vulnerabilities
Vulnerabilities for packages: airflow, open-webui, jupyter-base-notebook, mlflow, superset...
PT-2026-38289
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description The WebUI returns full Python traceback details to clients when unhandled exceptions occur. This happens because the endpoint "/web/" is accessible without authentication and renders template...
CVE-2026-44565
creationtimestamp| type| source ---|---|--- 2026-05-05 13:19:17+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-j3fw-wc48-29g3 2026-05-15 01:35:17+00:00| seen|...
CVE-2026-44721
creationtimestamp| type| source ---|---|--- 2026-05-04 23:42:51+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928...
Pelican Web UI Affected by a Privilege Escalation Attack
Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...
GHSA-4PXV-J86V-MHCW vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-40260 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-7GW9-CF7V-778F vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-X284-J5P8-9C5P vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-3CRG-W4F6-42MX vulnerabilities
Vulnerabilities for packages: open-webui...
📄 Open WebUI 0.8.11 Information Disclosure
A potential access control issue was identified in Open WebUI where the Tools API and associated “valves” endpoints may expose sensitive configuration data when accessed with valid authentication tokens. The affected endpoints allow retrieval of tool metadata and configuration structures that may...
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...