openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-29070 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-29070 Source advisory: OSV:GHSA-26GM-93RW-CCHF...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-28788 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-28788 Source advisory: OSV:GHSA-JJP7-G2JW-WH3J...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-0765 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-0765 Source advisory: SNYK:PYTHON-OPENWEBUI-15092093...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-65958 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-65958 Source advisory: SNYK:PYTHON-OPENWEBUI-14190245...

CVE-2024-8060

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...