apk package
wolfi/open-webui
pkg:apk/wolfi/open-webui
Vulnerabilities (105)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-54531 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 16, 2026 | ### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. ### Patches This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0). ### Workaroun | ||
| CVE-2026-54530 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 16, 2026 | ### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. ### Patches This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0). ### Workarounds If y | ||
| CVE-2026-54274 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. ### Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive m | ||
| CVE-2026-54275 | low | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary The `server_hostname` TLS SNI check can be bypassed when an existing connection is reused. ### Impact If an application makes multiple requests to the same domain, but with different per-request `server_hostname` parameters, then the later calls may succeed by reus | |
| CVE-2026-54280 | low | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. ### Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection | |
| CVE-2026-54273 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary No limit was present on the number of pipelined requests that could be queued. ### Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch: https://github.com/aio-libs/aiohttp/commit/dfd | ||
| CVE-2026-54278 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. ### Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip | ||
| CVE-2026-54277 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary It is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. ### Impact If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an exces | ||
| CVE-2026-54276 | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary ``DigestAuthMiddleware`` can send an authentication response after following a cross-origin redirect. ### Impact If the client follows a redirect (the default option) to an attacker controlled domain, the attacker may be able to extract the auth digest. This likel | ||
| CVE-2026-54279 | low | — | < 0.9.6-r5 | 0.9.6-r5 | Jun 15, 2026 | ### Summary Host-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status. ### Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disall | |
| CVE-2026-45409 | Med | 5.3 | < 0.9.6-r1 | 0.9.6-r1 | Jun 5, 2026 | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t | |
| CVE-2026-47265 | Hig | 7.5 | < 0.9.6-r3 | 0.9.6-r3 | Jun 2, 2026 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then | |
| CVE-2026-34993 | Med | 6.4 | < 0.9.6-r3 | 0.9.6-r3 | Jun 2, 2026 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is | |
| CVE-2026-48156 | Low | 3.3 | < 0.9.6-r4 | 0.9.6-r4 | May 28, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12 | |
| CVE-2026-48155 | Med | 5.5 | < 0.9.6-r4 | 0.9.6-r4 | May 28, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0. | |
| CVE-2026-45134 | Hig | 7.1 | < 0.9.6-r1 | 0.9.6-r1 | May 27, 2026 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize | |
| CVE-2026-46338 | — | < 0.9.6-r1 | 0.9.6-r1 | May 19, 2026 | # Summary `pymdownx.snippets` has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With `restrict_base_path: True` (the default), the current `filename.startswith(base)` containment check does not enforce a directory boundary. As a result, a markdown snippet directi | ||
| CVE-2026-44432 | Hig | 7.5 | < 0.9.6-r1 | 0.9.6-r1 | May 13, 2026 | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w | |
| CVE-2026-44431 | Med | 5.3 | < 0.9.6-r1 | 0.9.6-r1 | May 13, 2026 | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0. | |
| CVE-2026-42284 | Hig | 8.1 | < 0.9.2-r0 | 0.9.2-r0 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (st |
- CVE-2026-54531Jun 16, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. ### Patches This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0). ### Workaroun
- CVE-2026-54530Jun 16, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. ### Patches This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0). ### Workarounds If y
- CVE-2026-54274Jun 15, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. ### Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive m
- affected < 0.9.6-r5fixed 0.9.6-r5
### Summary The `server_hostname` TLS SNI check can be bypassed when an existing connection is reused. ### Impact If an application makes multiple requests to the same domain, but with different per-request `server_hostname` parameters, then the later calls may succeed by reus
- affected < 0.9.6-r5fixed 0.9.6-r5
### Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. ### Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection
- CVE-2026-54273Jun 15, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Summary No limit was present on the number of pipelined requests that could be queued. ### Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch: https://github.com/aio-libs/aiohttp/commit/dfd
- CVE-2026-54278Jun 15, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. ### Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip
- CVE-2026-54277Jun 15, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Summary It is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. ### Impact If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an exces
- CVE-2026-54276Jun 15, 2026affected < 0.9.6-r5fixed 0.9.6-r5
### Summary ``DigestAuthMiddleware`` can send an authentication response after following a cross-origin redirect. ### Impact If the client follows a redirect (the default option) to an attacker controlled domain, the attacker may be able to extract the auth digest. This likel
- affected < 0.9.6-r5fixed 0.9.6-r5
### Summary Host-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status. ### Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disall
- affected < 0.9.6-r1fixed 0.9.6-r1
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t
- affected < 0.9.6-r3fixed 0.9.6-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then
- affected < 0.9.6-r3fixed 0.9.6-r3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is
- affected < 0.9.6-r4fixed 0.9.6-r4
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12
- affected < 0.9.6-r4fixed 0.9.6-r4
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.
- affected < 0.9.6-r1fixed 0.9.6-r1
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize
- CVE-2026-46338May 19, 2026affected < 0.9.6-r1fixed 0.9.6-r1
# Summary `pymdownx.snippets` has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With `restrict_base_path: True` (the default), the current `filename.startswith(base)` containment check does not enforce a directory boundary. As a result, a markdown snippet directi
- affected < 0.9.6-r1fixed 0.9.6-r1
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w
- affected < 0.9.6-r1fixed 0.9.6-r1
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
- affected < 0.9.2-r0fixed 0.9.2-r0
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (st
Page 1 of 6