Lucene search
K

122 matches found

Chainguard
Chainguard
added 6 days ago9 views

GHSA-JM82-FX9C-MX94 vulnerabilities

Vulnerabilities for packages: open-webui...

5.8AI score
Exploits0
Wolfi
Wolfi
added 6 days ago8 views

CVE-2026-54531 vulnerabilities

Vulnerabilities for packages: open-webui...

6.9CVSS5.8AI score0.00123EPSS
Exploits0
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54014

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00244EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:45 p.m.33 views

CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00244EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/18 9:9 p.m.21 views

CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00349EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/06/15 8:35 p.m.7 views

GHSA-CJ93-CHG6-VGV8 vulnerabilities

Vulnerabilities for packages: open-webui...

5.2AI score
Exploits0
Wolfi
Wolfi
added 2026/06/15 8:35 p.m.7 views

GHSA-248M-82V9-Q6G6 vulnerabilities

Vulnerabilities for packages: open-webui...

5.2AI score
Exploits0
Circl
Circl
added 2026/06/11 7:14 p.m.9 views

CVE-2026-54022

creationtimestamp| type| source ---|---|--- 2026-06-11 19:14:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8788-j68r-3cgh...

5.3CVSS5AI score0.00268EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 7:9 p.m.7 views

CVE-2026-54019

creationtimestamp| type| source ---|---|--- 2026-06-11 19:09:52+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-p5cp-r7rg-qpxc...

6.5CVSS5AI score0.00281EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 7:6 p.m.6 views

CVE-2026-54016

creationtimestamp| type| source ---|---|--- 2026-06-11 19:06:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6...

4.3CVSS5AI score0.00226EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 7:5 p.m.9 views

CVE-2026-54015

creationtimestamp| type| source ---|---|--- 2026-06-11 19:05:34+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4r4w-2wgp-w7cj...

6.4CVSS5AI score0.00169EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 7:4 p.m.6 views

CVE-2026-54014

creationtimestamp| type| source ---|---|--- 2026-06-11 19:04:46+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c...

4.3CVSS5AI score0.00244EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 7:2 p.m.6 views

CVE-2026-54013

creationtimestamp| type| source ---|---|--- 2026-06-11 19:02:12+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-v2qm-5wxj-qhj7...

7.6CVSS5AI score0.00174EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 6:58 p.m.5 views

CVE-2026-54012

creationtimestamp| type| source ---|---|--- 2026-06-11 18:58:16+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-vjqm-6gcc-62cr...

7.1CVSS5AI score0.00198EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 6:56 p.m.8 views

CVE-2026-54008

creationtimestamp| type| source ---|---|--- 2026-06-11 18:56:45+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-226f-f24g-524w...

8.5CVSS5AI score0.00203EPSS
Exploits1References1
Circl
Circl
added 2026/06/11 6:55 p.m.6 views

CVE-2026-54006

creationtimestamp| type| source ---|---|--- 2026-06-11 18:55:57+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-f3g7-59qc-pqg6...

4.3CVSS5AI score0.00179EPSS
Exploits1References1
Chainguard
Chainguard
added 2026/06/04 1:18 a.m.6 views

GHSA-62Q4-447F-WV8H vulnerabilities

Vulnerabilities for packages: open-webui...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/19 1:56 p.m.10 views

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.12 views

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:46 p.m.22 views

CVE-2026-45338

Open WebUI CVE-2026-45338 describes an SSRF in _process_picture_url() (oauth.py) where the server fetches URLs from OAuth picture claims without validate_url(), enabling requests to internal resources and exfiltration of the full response. Affected software before the fix: Open WebUI prior to ver...

7.7CVSS6AI score0.00381EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder