repository icon
open-webui / open-webui Project repository

User-friendly AI Interface (Supports Ollama, OpenAI API, ...)

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN26 DAYS

FIX

WITHINN/A DAYS

Command injection via frontmatter requirements in pip install
lewiswigmore
self closed
SSRF Filter Bypass via HTTP Redirect in /api/v1/retrieval/process/web (bypasses...
zeetop1v
duplicate
High
Systemic SSRF via Multiple Bypass Vectors in RAG URL Processing
saifullahsayyed
duplicate
High
Systemic SSRF Bypasses (TOCTOU, DNS Rebinding, Parse Confusion) in RAG Pipeline...
saifullahsayyed
self closed
CRITICAL: Multiple SSRF Bypasses in RAG Web Retrieval via Parse Confusion, HTTP...
saifullahsayyed
self closed
Calendar event update can move events into read-only shared calendars in open-we...
76embiid21
self closed
open-webui: SSRF via redirect-following bypass in URL retrieval — validate_url c...
mr-white-hat
duplicate
High
Authenticated Remote Code Execution via Tool Creation exec() in Open WebUI
dorkerdevil
duplicate
Critical
Missing message ownership check allows any group/DM channel member to edit and d...
vuvannam-sec
self closed
Privilege escalation in channel access control: public read access grants unauth...
dralexharrison
self closed
Unauthenticated access to embedding endpoint allows resource abuse without rate...
radikhoroshev
self closed
SSRF to Cloud Instance Metadata via HTTP Redirect and Blocklist Bypass
seory0
duplicate
High
SSRF via DNS rebinding in URL validation bypass (developer-acknowledged)
eistee82
self closed
Un sandboxed exec() on user-supplied Python code in tool creation enables non-ad...
hkhan0
duplicate
Critical
SSRF via DNS rebinding in retrieval endpoints allows access to internal services
egegoker35
duplicate
Medium
SSRF via User-Controlled Webhook URL in Channel Notifications
optimus-fulcria
pending
Authenticated IDOR in /api/v1/chats/{id} allows unauthorized deletion of user co...
ayhan8286
pending
Cloud Metadata SSRF Blocklist Bypass
seory0
duplicate
Medium
Full-read SSRF via DNS rebinding in /api/v1/retrieval/process/web — acknowledged...
iiviel
pending
Remote Code Execution via exec() in plugin.py Tool/Function Loading
222n5
pending
Users can invoke code interpreter via api after code execution is disabled
eliyastein
pending
Server-Side Request Forgery (SSRF) in Image URL Processing allows authenticated...
alearner12
pending
Unauthorized access to User Notes
python4004
pending
Leak of sensitive information
haoami
self closed
XSS vulnerability in model loading of open-webui/open-webui
zzc-river
pending
Stored XSS in Artifact Rendering
xqrt
pending
Administrator permission Remote command execution
hyperlyz
pending
RCE in load_tool_module_by_id Function Due to unsafe code injection
hyperlyz
pending
DoS: Normal User Kicks Out Anyone Including Admin's Use of LLM Answer
pricx
pending
Stored XSS via unescaped markdown token
choket
pending
Unauthorized File Access on api/v1/retrieval/process/file
bcur1ous
pending
Privilege Escalation through the OpenAI API endpoint on open-webui
bcur1ous
pending
Full response ssrf in https://github.com/open-webui/open-webui/
bcur1ous
pending
Model file upload involves path traversal(/ollama/models/upload)
kyo-w
duplicate
Critical
Unexpected startup script causing JWT forgery
ch1y4n
pending
Unauthenticated Denial of Service `api/v1/utils/markdown`
keanu-k
self closed
Unauthenticated Denial of Service (DoS) due to the absence of filename validatio...
c2an1
pending
User can bypass chat deletion prevention by deleting chat folder instead
bober182
pending
Stored XSS in due get_html_file_content_by_id function lead to Privilage Esclati...
omidxrz
duplicate
High
Data leakage occurs due to CORS misconfiguration
glmgbj233
duplicate
High
Forced downloading of database by Client-Side Path Traversal
szarny
informative
Medium
Improper Access control to edit another user controls
ralph13
informative
Medium
Concurrent Login
ralph13
spam
Denial of service through memory exhaustion
patrik-ha
High
$600CVE-2024-12868
Code Injection
quyenheu
duplicate
Critical
Denial of service through code-formatting endpoint
patrik-ha
duplicate
High
Denial of Service (DoS) Due to No Character Limit on Email and Password Fields D...
mnqazi
High
$600CVE-2024-12534
Unauthenticated Denial of Service `api/v1/utils/code/format`
mnqazi
High
$600CVE-2024-12537
Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability Across...
mnqazi
High
$600CVE-2024-9840
Privilege escalation in Allow Chat Editing
hainguyen0207
informative
Medium
Privilege escalation in Admin Panel - Chats
hainguyen0207
duplicate
Medium
IDOR in chats
hainguyen0207
informative
High
Stored XSS in model's response allows attacker to steal API token.
keeper772
duplicate
High
Cross User File Access
jamoski3112
duplicate
Medium
Stored XSS In File Uploads
jamoski3112
duplicate
High
Blind SSRF To Internal Port Scan
minhquan202
informative
Medium
Remote code execution caused by pipeline feature in open-webui
startr4ck
self closed
Admin User Can Delete/Update Information of Other Admin Users
0xanis
informative
High
Unauthorized File Access and Deletion
0xanis
duplicate
Critical
open-webui race competion upload
muzai
duplicate
High
Stored XSS in Functions Funding URL metadata
rook1337
informative
Medium
Unauthorized users can delete files and reset databases in OpenWeb UI, greatly a...
startr4ck
duplicate
High
File upload traversal Causing RCE Delete/replace any file
startr4ck
duplicate
High
Low Privilege is able to Update memory of admin users
rook1337
duplicate
Medium
Stealing Open_API Key through SSRF in open-webui v0.3.10 (latest)
bugdisclose
duplicate
Medium
Administrator permission Remote command execution
jiang-niao
informative
High
RCE: While uploading the GGUF model, leads to Create/Overwrite any system files....
mnqazi
duplicate
High
Broken Access Control
githubuser843205
informative
Medium
No Authentication at `api/v1/utils/pdf` endpoint, can leads to unauthenticated D...
mnqazi
High
$600CVE-2024-8053
Delete All The Uploaded Files via Missing Authorization
0xe2d0
duplicate
High
Unrestricted File upload through /transcriptions endpoint
rook1337
duplicate
Medium
CSRF at `api_key` endpoint, leads to reveal the user API key
mnqazi
duplicate
Medium
Unauthorized Modification of User Memory
dan-xzero
duplicate
High
Unauthorized Access and Deletion of User Chats
dan-xzero
duplicate
High
Unauthorized Workspace Access
dan-xzero
not applicable
Path traversal case arbitrary *py file delete in open-webui
n0el4kls
duplicate
High
XSS to Account Takeover
williwollo
duplicate
Critical
SSRF in many endpoints
nduy2110
informative
Critical
Stored XSS
nduy2110
duplicate
Critical
Base64 Data URI XSS in Profile Picture Functionality
saimanikanta1992
duplicate
High
File upload leads to Stored XSS
0xe2d0
duplicate
High
Unauthen Information disclosure
nduy2110
informative
Medium
(RBAC issue) Any user can delete the files uploaded by the other users, includin...
mnqazi
duplicate
High
CORS misconfiguration leads to data leak
mnqazi
duplicate
High
Data leak through CORS misconfiguration
dan-xzero
duplicate
Medium
Any user can read files uploaded by other users, including the admin
mnqazi
duplicate
High
Stored XSS via file upload, can affect admin
mnqazi
duplicate
Critical
CSRF lead to Reset Vector Storage, DB, Uploads
meme-dm
duplicate
Medium
Server-Side Request Forgery (SSRF) Vulnerability
dan-xzero
duplicate
Critical
Server-Side Template Injection (SSTI) in Chat Description Field
dan-xzero
not applicable
Server Side Request Forgery (SSRF) in open-webui / open-webui
virusday
not applicable
Stored XSS via file upload
web-hacker-team
duplicate
Critical
Remote Code Execution
mvlttt
informative
Critical
Arbitrary file write to RCE
mvlttt
duplicate
High
Server-Side Request Forgery SSRF
mvlttt
informative
Critical
Arbitrary file delete
mvlttt
duplicate
High
XSS via chat information tooltip
lambdasawa
Critical
$1200CVE-2024-8017
Stored Cross Site Scripting in model description Due to Sanitization Bypass
m0kr4n3
High
$600CVE-2024-7990
Unrestricted File Upload Leading to XSS and Other Attacks in Chat
dan-xzero
duplicate
Critical
Unauthorized Access to Uploaded Files by Any User
dan-xzero
duplicate
Medium
Cross-Site Scripting (XSS) via Unsanitized Profile Image URL in Registration
dan-xzero
informative
Critical
SSRF Vulnerability Allowing Internal Service Enumeration
saimanikanta1992
duplicate
High
Denial of Service in multipart/form-data while uploading a file in chat
srivallikusumba
High
$600CVE-2024-7999
CSRF to Delete Uploaded Rag Files
zpbrent
duplicate
High
Delete arbitrary files via file upload (/ollama/models/upload)
pyozzi-toss
duplicate
Medium
RCE by Non-Admin Users via CSRF
lambdasawa
High
$600CVE-2024-7806
Directory Removal Without Confirmation
syed-ghufran-hassan
spam
Zero-Click Unauthenticated ( < 0.3.6 ) RCE via path traversal
patchyst
duplicate
Critical
SSRF in /openai/models
ouxs-19
High
$600CVE-2024-7959
Stored XSS via file upload
lambdasawa
duplicate
Critical
CSRF on endpoints due to overly permissive CORS headers
patrik-ha
duplicate
High
Administrator Account Takeover via Lax Session Cookie
mblunt
High
$600CVE-2024-7053
Users can view the content of uploaded files in other people's chats
hainguyen0207
duplicate
Medium
SSRF Controlled Race Condition leading to RCE in Pipeline Upload API
mblunt
informative
Medium
Stored XSS in file upload
ouxs-19
duplicate
Critical
Denial of service through endpoint for converting markdown
patrik-ha
High
$600CVE-2024-7983
Arbitrary file overwrite by model upload
patrik-ha
duplicate
High
Low Privilege user can upload documents in Workspace document upload feature
rook1337
duplicate
Medium
Store Open Redirect at Profile Image
hainguyen0207
informative
Medium
CSRF leads to reset memories
ngductung
duplicate
Medium
DDOS and SSRF at Images URL Update endpoint
rook1337
duplicate
Medium
No Rate limiting on Login page leads to credentials bruteforce
rook1337
informative
Medium
IDOR view+delete all file in aplication
duongli99
duplicate
High
Improper access control-allow view any prompts
fewword
Medium
$100CVE-2024-7045
Improper access control-allow view any tools info
fewword
informative
High
Token returned when the user account logs in - with Role as Pending. Waiting for...
hainguyen0207
Medium
$100CVE-2024-7049
Security issue in session
hainguyen0207
informative
High
Improper access control-allow view any functions info
fewword
informative
Medium
CVE-2024-7051
Improper access control-allow view/delete any files
fewword
High
$600CVE-2024-7043
Stored XSS via upload file in chat
ngductung
Medium
$100CVE-2024-7044
Arbitrary file writing lead to Remote Code Execution
j0ok34n
duplicate
Critical
Improper access control-allow view admin details
fewword
Medium
$100CVE-2024-7046
IDOR- allow to update any memory
fewword
duplicate
High
Limited SSRF via Speech-to-Text Engine Configuration
mblunt
informative
Medium
Privilege Escalation Vulnerability to update default model
fewword
informative
Medium
Arbitrary File Delete
vn-ncvinh
duplicate
Critical
RCE in OpenWebUI v0.3.0 via Arbitrary File Upload
mblunt
High
$600CVE-2024-8060
Use weak passwords
duongli99
informative
Medium
CSRF_reset db
duongli99
duplicate
Medium
CSRF in /rag/api/v1/reset
j0ok34n
duplicate
High
CSRF in /rag/api/v1/reset/uploads
vn-ncvinh
duplicate
High
Path traversal leads to create and overwrite any file
fewword
duplicate
High
Arbitrary .py File Deletion via Path Traversal
vn-ncvinh
duplicate
High
Remote Code Execution through Model Upload
lismaps
duplicate
High