open-webui Security Advisories - Pypi | Ecosyste.ms: Advisories

High

6 days ago

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events GSA_kwCzR0hTQS1jbTM1LXY0dnAtNXh2eM4ABOUA

pypi, npm open-webui

High

6 days ago

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE GSA_kwCzR0hTQS13N3hqLThmeDctd2ZjaM4ABOT2

pypi, npm open-webui

High

8 months ago

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability GSA_kwCzR0hTQS01Y2NmLTg4NHAtNGpqcc4ABFuM

pypi, npm open-webui

High

8 months ago

Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint GSA_kwCzR0hTQS05dmY4LXhnd20tOTdyOM4ABFul

pypi open-webui

High

8 months ago

Open WebUI denial of service through endpoint for converting markdown GSA_kwCzR0hTQS01djltLTU3bXEtcWM3Nc4ABFuU

pypi open-webui

High

8 months ago

Open WebUI stored cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS1najI3LTc2Z3EtNXYzcM4ABFuT

pypi open-webui

High

8 months ago

Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions GSA_kwCzR0hTQS1mZjVjLTU2bTctdmM3Nc4ABFuo

pypi open-webui

Moderate

8 months ago

Open WebUI Allows Viewing of Admin Details GSA_kwCzR0hTQS1ndjI2LXF3M2gtOHF2cM4ABFsQ

pypi open-webui

High

8 months ago

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file GSA_kwCzR0hTQS02d2o1LTVwZ3ItandxOM4ABFsa

pypi open-webui

Moderate

8 months ago

Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read GSA_kwCzR0hTQS1jN2ZxLXA2MnAtd3ZwY84ABFsX

pypi open-webui

High

8 months ago

Open WebUI has SSRF in /openai/models GSA_kwCzR0hTQS14NzU3LWh2NjktanI0Nc4ABFsb

pypi open-webui

Moderate

8 months ago

Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) GSA_kwCzR0hTQS1wNXZ4LTloajgtY2Y0aM4ABFuD

pypi open-webui

High

8 months ago

Open WebUI Vulnerable to a Session Fixation Attack GSA_kwCzR0hTQS00M2c0LTQ4N20tNXE2bc4ABFsV

pypi open-webui

High

8 months ago

Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability GSA_kwCzR0hTQS04NWpjLThoNXAtOHZ3OM4ABFsd

pypi open-webui

High

8 months ago

Open WebUI Allows Arbitrary File Reading and Deletion GSA_kwCzR0hTQS1qcmhjLTlxZzktNHFmcc4ABFtv

pypi open-webui

High

8 months ago

Open WebUI Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS13Y3dwLTlyY3AtanZmZ84ABFty

pypi open-webui

Moderate

8 months ago

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint GSA_kwCzR0hTQS1jcmg2LXBqOGMteHJoY84ABFts

pypi open-webui

High

8 months ago

Open WebUI Allows Admin Deletion via API Endpoint GSA_kwCzR0hTQS1wcXdyLXBodnYtdjQ5Zs4ABFt_

pypi open-webui

Moderate

8 months ago

Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint GSA_kwCzR0hTQS0zcDlxLTd3NjMtM2Y4cc4ABFuB

pypi open-webui

Moderate

8 months ago

Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload GSA_kwCzR0hTQS1qMjc0LW01NTktY2o0as4ABFuC

pypi open-webui

High

8 months ago

Open WebUI has vulnerable dependency on starlette via fastapi GSA_kwCzR0hTQS13NDY2LTJ3ZmMtOGc1OM4ABFsA

pypi open-webui

High

8 months ago

Open WebUI Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS1jaGY3LXE3bTUtZnE5Ms4ABFtX

npm, pypi open-webui

High

8 months ago

Open WebUI Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS1nM214LTgzbXAtM3J3Y84ABFtM

npm, pypi open-webui

Moderate

about 1 year ago

open-webui Insecure Direct Object Reference (IDOR) vulnerability GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF

pypi open-webui

Moderate

about 1 year ago

open-webui allows writing and deleting arbitrary files GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI

pypi open-webui

Low

about 1 year ago

open-webui allows enumeration of file names and traversal of directories by observing the error messages GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB

pypi open-webui

Moderate

over 1 year ago

Open WebUI Stored Cross-Site Scripting Vulnerability GSA_kwCzR0hTQS01anAzLXdwNXYtNTM2M84AA-fH

pypi open-webui

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

open-webui

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events GSA_kwCzR0hTQS1jbTM1LXY0dnAtNXh2eM4ABOUA

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE GSA_kwCzR0hTQS13N3hqLThmeDctd2ZjaM4ABOT2

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability GSA_kwCzR0hTQS01Y2NmLTg4NHAtNGpqcc4ABFuM

Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint GSA_kwCzR0hTQS05dmY4LXhnd20tOTdyOM4ABFul

Open WebUI denial of service through endpoint for converting markdown GSA_kwCzR0hTQS01djltLTU3bXEtcWM3Nc4ABFuU

Open WebUI stored cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS1najI3LTc2Z3EtNXYzcM4ABFuT

Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions GSA_kwCzR0hTQS1mZjVjLTU2bTctdmM3Nc4ABFuo

Open WebUI Allows Viewing of Admin Details GSA_kwCzR0hTQS1ndjI2LXF3M2gtOHF2cM4ABFsQ

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file GSA_kwCzR0hTQS02d2o1LTVwZ3ItandxOM4ABFsa

Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read GSA_kwCzR0hTQS1jN2ZxLXA2MnAtd3ZwY84ABFsX

Open WebUI has SSRF in /openai/models GSA_kwCzR0hTQS14NzU3LWh2NjktanI0Nc4ABFsb

Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) GSA_kwCzR0hTQS1wNXZ4LTloajgtY2Y0aM4ABFuD

Open WebUI Vulnerable to a Session Fixation Attack GSA_kwCzR0hTQS00M2c0LTQ4N20tNXE2bc4ABFsV

Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability GSA_kwCzR0hTQS04NWpjLThoNXAtOHZ3OM4ABFsd

Open WebUI Allows Arbitrary File Reading and Deletion GSA_kwCzR0hTQS1qcmhjLTlxZzktNHFmcc4ABFtv

Open WebUI Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS13Y3dwLTlyY3AtanZmZ84ABFty

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint GSA_kwCzR0hTQS1jcmg2LXBqOGMteHJoY84ABFts

Open WebUI Allows Admin Deletion via API Endpoint GSA_kwCzR0hTQS1wcXdyLXBodnYtdjQ5Zs4ABFt_

Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint GSA_kwCzR0hTQS0zcDlxLTd3NjMtM2Y4cc4ABFuB

Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload GSA_kwCzR0hTQS1qMjc0LW01NTktY2o0as4ABFuC

Open WebUI has vulnerable dependency on starlette via fastapi GSA_kwCzR0hTQS13NDY2LTJ3ZmMtOGc1OM4ABFsA

Open WebUI Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS1jaGY3LXE3bTUtZnE5Ms4ABFtX

Open WebUI Uncontrolled Resource Consumption vulnerability GSA_kwCzR0hTQS1nM214LTgzbXAtM3J3Y84ABFtM

open-webui Insecure Direct Object Reference (IDOR) vulnerability GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF

open-webui allows writing and deleting arbitrary files GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI

open-webui allows enumeration of file names and traversal of directories by observing the error messages GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB

Open WebUI Stored Cross-Site Scripting Vulnerability GSA_kwCzR0hTQS01anAzLXdwNXYtNTM2M84AA-fH

Filter by Severity