Open Webui Security Vulnerabilities and Issues — Open Webui CVE List

Lucene search

OpenwebuiOpen Webui

4 matches found

CVE•added 2024/04/16 3:15 p.m.•51 views

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.

6.4CVSS6.5AI score0.00172EPSS

CVE•added 2024/08/07 11:15 p.m.•44 views

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.

6.3CVSS6.6AI score0.00048EPSS

CVE•added 2025/05/05 7:15 p.m.•43 views

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open the...

6.3CVSS6.4AI score0.0004EPSS

CVE•added 2025/05/05 7:15 p.m.•41 views

CVE-2025-46719

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be execut...

6.4CVSS6.5AI score0.0006EPSS