Bounties
Partners
Community
Info
wandb / openui
Project repository
OpenUI let's you describe UI using your imagination, then see it rendered live.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
36 DAYS
FIX
WITHIN
N/A DAYS
Sensitive Information Disclosure (API Key Leak) via Improper Validation of OPENU...
May 22nd 2026
nusedsec
•
pending
Broken Session Invalidation - Logged-out session IDs remain valid and allow full...
Aug 20th 2025
k1rnt
•
pending
xss in openui.fly.dev
Mar 10th 2025
sumeet-darekar
•
self closed
Missing OAuth State Parameter Leading to CSRF (Cross-Site Request Forgery) Vulne...
May 26th 2025
sumeet-darekar
•
pending
XSS in the edit HTML
Jan 21st 2025
alfinj0se
•
Medium
•
$50
Medium
•
$50
•
CVE-2025-0192
CVE-2025-0192
Xss in chat message
Dec 30th 2024
ngostuan
•
not applicable
Unauthenticated File Upload in AWS S3 bucket Leading to Information leak,Stored...
Dec 17th 2024
winters0x64
•
Medium
•
$50
Medium
•
$50
•
CVE-2024-10649
CVE-2024-10649
Unauthenticated File Upload in AWS S3 bucket Leading to Information leak,Stored...
Dec 14th 2024
winters0x64
•
not applicable
XSS in the edit HTML
Dec 13th 2024
alfinj0se
•
not applicable
Cross origin resource sharing allows interaction from arbitrary origin
Jan 3rd 2025
lager1
•
informative
Medium
Path traversal at api `/{full_path:path}`
Sep 13th 2024
ngductung
•
self closed
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
