1276 matches found
CVE-2026-59214
Open WebUI (self-hosted AI platform) is affected by a vulnerability described as a stored web worker XSS via Pyodide. Prior to version 0.10.0, the platform runs client-side Python with Pyodide inside a same-origin web worker, which could allow stored chat payloads using pyodide.http.pyfetch or th...
CVE-2026-59214 Open WebUI: Stored web worker XSS via Pyodide
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...
CVE-2026-59214
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...
PT-2026-56832
Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.6.16 through 0.9.x Description The Socket.IO server is configured with always connect=True, which allows the ydoc:awareness:update and ydoc:document:leave Socket.IO handlers to accept collaborative-document events without...
PT-2026-56884
Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.9.0 through 0.9.x Description When Redis is configured, the authentication process for Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message uses the decode token function withou...
EUVD-2026-22188
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...
EUVD-2025-13498
Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions...
EUVD-2026-40451
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...
CVE-2026-56399
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...
CVE-2026-56399 Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...
CVE-2026-56399
Open WebUI (pre-0.6.27) contains a server-side request forgery in the /api/v1/retrieval/process/web endpoint. The vulnerability allows authenticated users to bypass SSRF protections by manipulating URL parameters with location redirect headers, enabling access to internal services and potentially...
GHSA-M2V9-299J-RV96 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-GR75-JV2W-4656 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-54531 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-52X6-GQ3R-VPF4 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-54530 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-RRMF-RVHW-RF47 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2025-3000 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-M2V9-299J-RV96 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-JM82-FX9C-MX94 vulnerabilities
Vulnerabilities for packages: open-webui...