VYPR

Vendor CVEs

Openwebui

All CVEs

122 total · sorted by risk
  • CVE-2024-8053Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload,…

  • CVE-2024-7806Mar 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker…

  • CVE-2024-7039Mar 20, 2025
    risk 0.00cvss epss 0.01

    In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is…

  • CVE-2024-12534Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS)…

  • CVE-2024-7043Mar 20, 2025
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve…

  • CVE-2024-7983Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to…

  • CVE-2024-7044Mar 20, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the…

  • CVE-2024-7045Mar 20, 2025
    risk 0.00cvss epss 0.00

    In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve…

  • CVE-2024-7035Mar 20, 2025
    risk 0.00cvss epss 0.00

    In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform…

  • CVE-2024-7036Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as…

  • CVE-2024-7033Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations…

  • CVE-2024-7040Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of…

  • CVE-2024-7046Mar 20, 2025
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to…

  • CVE-2024-12537Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could…

  • CVE-2024-7959Mar 20, 2025
    risk 0.00cvss epss 0.24

    The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This…

  • CVE-2024-7990Mar 20, 2025
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to…

  • CVE-2024-7049Oct 10, 2024
    risk 0.00cvss epss 0.00

    In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.

  • CVE-2024-7048Oct 10, 2024
    risk 0.00cvss epss 0.00

    In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By…

  • CVE-2024-7041Oct 9, 2024
    risk 0.00cvss epss 0.00

    An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other…

  • CVE-2024-7037Oct 9, 2024
    risk 0.00cvss epss 0.01

    In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially…

  • CVE-2024-7038Oct 9, 2024
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages…

  • CVE-2024-30256Apr 16, 2024
    risk 0.00cvss epss 0.00

    Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.

Page 3 of 3