VYPR
Vendor

Wandb

Products
3
CVEs
7
Across products
8
Status
Private

Products

3

Recent CVEs

7
  • CVE-2024-7340HigJul 31, 2024
    risk 0.51cvss 8.8epss 0.05

    The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server…

  • CVE-2024-10649MedFeb 10, 2025
    risk 0.40cvss 6.1epss 0.00

    wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information…

  • CVE-2025-0192MedMar 20, 2025
    risk 0.35cvss 5.4epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload…

  • CVE-2026-4992MedMar 27, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed…

  • CVE-2026-4995LowMar 28, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be…

  • CVE-2026-4994LowMar 28, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error…

  • CVE-2026-4993LowMar 28, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has…