4976 matches found
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45331 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45331 Source advisory: OSV:GHSA-4V7R-F4W8-8972...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45331 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45331 Source advisory: SNYK:PYTHON-OPENWEBUI-16735448...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45317 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45317 Source advisory: SNYK:PYTHON-OPENWEBUI-16755218...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45316 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45316 Source advisory: SNYK:PYTHON-OPENWEBUI-16725014...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45316 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45316 Source advisory: OSV:GHSA-JX2X-J75F-XQ3J...
hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45314 via open-webui (>=0.6.0 <=0.8.8)
open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45314 Source advisory: SNYK:PYTHON-OPENWEBUI-16725449...
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...
openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45303 via open-webui (=0.6.0)
open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45303 Source advisory: OSV:GHSA-4VRC-M9CH-6M3R...
openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45299 via open-webui (=0.6.0)
open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45299 Source advisory: OSV:GHSA-6GH2-Q7CP-9QF6...
CVE-2026-20210 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...
PT-2026-41179
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An issue exists where a user can continue the conversation of another user if the target user's Chat ID is known. This occurs because the system fails to verify if the Chat ID matches the user who...
CVE-2026-0261
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
Hermes Web UI 路径遍历漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...
Authorization Bypass Through User-Controlled Key
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the memories API endpoints. An attacker can access, delete, restore, and view the contents of other users' data by sending crafted requests to endpoints suc...
GHSA-6XCP-7MPR-M7WM Open WebUI has a CORS misconfiguration and session validation issue
GitHub Security Lab GHSL Vulnerability Report, open-webui: GHSL-2024-174, GHSL-2024-175 The GitHub Security Lab team has identified potential security vulnerabilities in open-webui. We are committed to working with you to help resolve these issues. In this report you will find everything you need...
CVE-2026-45402
creationtimestamp| type| source ---|---|--- 2026-05-10 19:56:26+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f...
CVE-2026-45399
creationtimestamp| type| source ---|---|--- 2026-05-10 19:37:29+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22...
CVE-2026-45387
creationtimestamp| type| source ---|---|--- 2026-05-10 19:31:55+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr...
CVE-2026-45365
creationtimestamp| type| source ---|---|--- 2026-05-10 11:15:24+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m...
CVE-2026-45350
creationtimestamp| type| source ---|---|--- 2026-05-09 23:30:56+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-4pcg-253r-rf9w...