Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,921 - 12,940 of 38,923 CVEs
CVE-2026-45365 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypass_filter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated use...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45351 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of avai...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45350 HIGH - 7.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chat_completion API, the...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45349 HIGH - 7.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key (generated in OWUI) and the Chat ID of another user to continue the conversation of the other use...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45348 HIGH - 8.7

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the...

Vendor: pip
Product: pyload-ng
Published: May 14, 2026
Source: GitHub
CVE-2026-42570 HIGH - 7.5

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when ...

Vendor: npm
Product: devalue
Published: May 14, 2026
Source: GitHub
CVE-2026-45347 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests,...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45346 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. This vulnerability is fixed in 0.6.31.

Vendor: npm
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45345 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerab...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45339 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-... head...

Vendor: pip
Product: open-webu
Published: May 14, 2026
Source: GitHub
CVE-2026-45338 HIGH - 7.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338). The function fetches arbitrary URLs from OAuth pic...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-42599 MEDIUM - 6.1

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker...

Vendor: npm
Product: svelte
Published: May 14, 2026
Source: GitHub
CVE-2026-45331 HIGH - 8.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip, private=True), but the validators library does NOT implement the private keyword for IPv6 โ€” the cal...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45317 MEDIUM - 4.6

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, ...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45318 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS (CVE-2026-44549). The same root cause โ€” XLSX.utils.sheet_to_html() output rendered via {@html excelHtml} without DOMPu...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling the is_pinned field) but only checks for read permission. Users with read-only access to a shared note can ...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45314 HIGH - 6.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profile_image_url values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves t...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45315 HIGH - 8.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/audio/transcriptions/.. The /cache/{path} route serve...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45306 MEDIUM - 6.5

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenticated attacker can set storage_folder to...

Vendor: pip
Product: pyload-ng
Published: May 14, 2026
Source: GitHub
CVE-2026-8634 CRITICAL - 9.1

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit ove...

Published: May 14, 2026
Source: NVD