Open Webui@* Security Vulnerabilities and Issues — Open Webui@* CVE List

Lucene search

OpenwebuiOpen Webui*

6 matches found

CVE•added 2024/04/16 3:15 p.m.•51 views

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.

6.4CVSS6.5AI score0.00172EPSS

CVE•added 2025/05/05 7:15 p.m.•43 views

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open the...

6.3CVSS6.4AI score0.0004EPSS

CVE•added 2025/05/05 7:15 p.m.•41 views

CVE-2025-46719

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be execut...

6.4CVSS6.5AI score0.0006EPSS

CVE•added 2024/10/09 7:15 p.m.•38 views

CVE-2024-7038

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence ...

2.7CVSS3.2AI score0.00076EPSS

CVE•added 2025/03/20 10:15 a.m.•37 views

CVE-2024-7806

A vulnerability in open-webui/open-webui versions

8.8CVSS8.5AI score0.00245EPSS

CVE•added 2025/03/20 10:15 a.m.•28 views

CVE-2024-8017

An XSS vulnerability exists in open-webui/open-webui versions

9CVSS8.7AI score0.00077EPSS