Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,275
Quick preset (or use dates below)
Clear Filters
Showing 61 - 80 of 132 CVEs
CVE-2026-45317 MEDIUM - 4.6

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, ...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45318 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS (CVE-2026-44549). The same root cause โ€” XLSX.utils.sheet_to_html() output rendered via {@html excelHtml} without DOMPu...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling the is_pinned field) but only checks for read permission. Users with read-only access to a shared note can ...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45314 HIGH - 6.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profile_image_url values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves t...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45315 HIGH - 8.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/audio/transcriptions/.. The /cache/{path} route serve...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45303 HIGH - 7.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an iF...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45301 HIGH - 8.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerabi...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45299 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is fix...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-44570 HIGH - 8.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memori...

Vendor: pip
Product: open-webui
Published: May 11, 2026
Source: GitHub
CVE-2026-44571 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read ...

Vendor: pip
Product: open-webui
Published: May 11, 2026
Source: GitHub
CVE-2026-44569 HIGH - 7.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerabili...

Vendor: pip
Product: open-webui
Published: May 11, 2026
Source: GitHub
CVE-2026-44565 HIGH - 8.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with names ...

Vendor: pip
Product: open-webui
Published: May 11, 2026
Source: GitHub
CVE-2026-44566 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with na...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44567 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is set...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44549 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTM...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44568 MEDIUM - 4.8

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse() inside {@html} with an incorrect DOMPurify application ord...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44560 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare collection_name/collection_names paths in the get_sources_from_items function perfor...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44561 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but does not check the is_active field. When a user is deactivated from a group or DM channel (removed by t...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44564 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room (line 678) but does not verify that the sender has write per...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44563 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the us...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub