apk package

wolfi/open-webui

pkg:apk/wolfi/open-webui

Vulnerabilities (84)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-42284	Hig	8.1	< 0.9.2-r0	0.9.2-r0	May 7, 2026	GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (st
CVE-2026-42215	Hig	8.8	< 0.9.2-r0	0.9.2-r0	May 7, 2026	GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass tha
CVE-2026-41481	Med	6.5	< 0.9.2-r0	0.9.2-r0	Apr 24, 2026	LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but then performed the fetch with requests.get() with redirects en
CVE-2026-41425	Med	5.4	< 0.9.2-r0	0.9.2-r0	Apr 24, 2026	Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.
CVE-2026-41066	Hig	7.5	< 0.8.12-r3	0.8.12-r3	Apr 24, 2026	lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv
CVE-2026-41205	Hig	7.5	< 0.9.2-r0	0.9.2-r0	Apr 23, 2026	Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable
CVE-2026-41182	Med	5.3	< 0.9.2-r0	0.9.2-r0	Apr 23, 2026	LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming
CVE-2026-41314	Med	6.5	< 0.9.2-r0	0.9.2-r0	Apr 22, 2026	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fi
CVE-2026-41313	Med	6.5	< 0.9.2-r0	0.9.2-r0	Apr 22, 2026	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed
CVE-2026-41312	Med	6.5	< 0.9.2-r0	0.9.2-r0	Apr 22, 2026	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1
CVE-2026-41168	Med	5.3	< 0.9.2-r0	0.9.2-r0	Apr 22, 2026	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large
CVE-2026-40260	Med	5.3	< 0.9.2-r0	0.9.2-r0	Apr 17, 2026	pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadat
CVE-2026-40087	Med	5.3	< 0.8.12-r3	0.8.12-r3	Apr 9, 2026	LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforc
CVE-2026-39892	Cri	9.8	< 0.8.12-r3	0.8.12-r3	Apr 8, 2026	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner
CVE-2026-34525	Med	5.3	< 0.8.12-r3	0.8.12-r3	Apr 1, 2026	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
CVE-2026-34520	Cri	9.1	< 0.8.12-r3	0.8.12-r3	Apr 1, 2026	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.
CVE-2026-34519	Med	5.3	< 0.8.12-r3	0.8.12-r3	Apr 1, 2026	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.
CVE-2026-34518	Med	5.3	< 0.8.12-r3	0.8.12-r3	Apr 1, 2026	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in
CVE-2026-34517	Med	5.3	< 0.8.12-r3	0.8.12-r3	Apr 1, 2026	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.
CVE-2026-34516	Hig	7.5	< 0.8.12-r3	0.8.12-r3	Apr 1, 2026	AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched

CVE-2026-42284HigMay 7, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (st
CVE-2026-42215HigMay 7, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass tha
CVE-2026-41481MedApr 24, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but then performed the fetch with requests.get() with redirects en
CVE-2026-41425MedApr 24, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.
CVE-2026-41066HigApr 24, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv
CVE-2026-41205HigApr 23, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable
CVE-2026-41182MedApr 23, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming
CVE-2026-41314MedApr 22, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fi
CVE-2026-41313MedApr 22, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed
CVE-2026-41312MedApr 22, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1
CVE-2026-41168MedApr 22, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large
CVE-2026-40260MedApr 17, 2026
affected < 0.9.2-r0fixed 0.9.2-r0
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadat
CVE-2026-40087MedApr 9, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforc
CVE-2026-39892CriApr 8, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner
CVE-2026-34525MedApr 1, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
CVE-2026-34520CriApr 1, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.
CVE-2026-34519MedApr 1, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.
CVE-2026-34518MedApr 1, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in
CVE-2026-34517MedApr 1, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.
CVE-2026-34516HigApr 1, 2026
affected < 0.8.12-r3fixed 0.8.12-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched

Page 1 of 5