CVE-2024-7048

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulne...

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform sensitive actions by simply ...

CVE-2024-7041

An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/{id}/update, where the decentralization design is flawed, allowing attackers to edit other users' memories withou...

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open the...

CVE-2025-46719

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be execut...