openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-0765 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-0765 Source advisory: SNYK:PYTHON-OPENWEBUI-15092093...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-0766 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-0766 Source advisory: SNYK:PYTHON-OPENWEBUI-15091593...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2025-63391 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2025-63391 Source advisory: SNYK:PYTHON-OPENWEBUI-14535452...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-65959 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-65959 Source advisory: SNYK:PYTHON-OPENWEBUI-14189879...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-65958 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-65958 Source advisory: OSV:GHSA-C6XV-RCVW-V685...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-65958 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-65958 Source advisory: SNYK:PYTHON-OPENWEBUI-14190245...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-63681 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-63681 Source advisory: OSV:GHSA-FRV8-GFFC-37PX...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-63681 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-63681 Source advisory: SNYK:PYTHON-OPENWEBUI-14190592...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-64496 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-64496 Source advisory: OSV:GHSA-CM35-V4VP-5XVX...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-64495 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-64495 Source advisory: OSV:GHSA-W7XJ-8FX7-WFCH...

EUVD-2025-6918

Malicious code in bioql PyPI...

CVE-2024-8060

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2024-7044 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2024-7044 Source advisory: SNYK:PYTHON-OPENWEBUI-9684288...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2024-7039 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2024-7039 Source advisory: SNYK:PYTHON-OPENWEBUI-9680266...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2024-7043 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2024-7043 Source advisory: SNYK:PYTHON-OPENWEBUI-9680258...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2024-12537 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2024-12537 Source advisory: SNYK:PYTHON-OPENWEBUI-9680268...

CVE-2024-8060

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

CVE-2024-8060 Remote Code Execution in OpenWebUI via Arbitrary File Upload

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

CVE-2024-8060 Remote Code Execution in OpenWebUI via Arbitrary File Upload

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

CVE-2024-8060

OpenWebUI 0.3.0 is affected by a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows arbitrary file upload due to insufficient validation of file.content_type and user-controlled filenames, enabling path traversal. An authenticated user could overwrite critical files ...