apk package
wolfi/open-webui
pkg:apk/wolfi/open-webui
Vulnerabilities (105)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54121 | Med | 5.3 | < 0.6.18-r1 | 0.6.18-r1 | Jul 21, 2025 | Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will bl | |
| CVE-2025-48379 | — | < 0.6.36-r0 | 0.6.36-r0 | Jul 1, 2025 | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only aff | ||
| CVE-2025-50182 | — | < 0.6.36-r0 | 0.6.36-r0 | Jun 19, 2025 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque | ||
| CVE-2025-3000 | — | < 0.9.6-r5 | 0.9.6-r5 | Mar 31, 2025 | A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||
| CVE-2024-28219 | — | < 0.6.36-r0 | 0.6.36-r0 | Apr 3, 2024 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. |
- affected < 0.6.18-r1fixed 0.6.18-r1
Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will bl
- CVE-2025-48379Jul 1, 2025affected < 0.6.36-r0fixed 0.6.36-r0
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only aff
- CVE-2025-50182Jun 19, 2025affected < 0.6.36-r0fixed 0.6.36-r0
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque
- CVE-2025-3000Mar 31, 2025affected < 0.9.6-r5fixed 0.9.6-r5
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
- CVE-2024-28219Apr 3, 2024affected < 0.6.36-r0fixed 0.6.36-r0
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Page 6 of 6