Open Webui Security Vulnerabilities and Issues — Open Webui CVE List

Lucene search

OpenwebuiOpen Webui

5 matches found

CVE•added 2024/08/07 11:15 p.m.•63 views

CVE-2024-6707

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.

8.8CVSS6.7AI score0.00099EPSS

CVE•added 2024/04/16 3:15 p.m.•51 views

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.

6.4CVSS6.5AI score0.00172EPSS

CVE•added 2024/08/07 11:15 p.m.•44 views

CVE-2024-6706

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.

6.3CVSS6.6AI score0.00048EPSS

CVE•added 2024/10/09 7:15 p.m.•38 views

CVE-2024-7038

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence ...

2.7CVSS3.2AI score0.00082EPSS

CVE•added 2024/10/10 8:15 a.m.•30 views

CVE-2024-7049

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.

5.4CVSS5.4AI score0.00074EPSS