OsVault/npm/open-webui
npm

open-webui

10 known vulnerabilities · 0 critical · 2 high

CVE-2025-65959

Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'

Published Dec 4, 2025
CVE-2024-12537HIGH

Open WebUI Uncontrolled Resource Consumption vulnerability

Published Mar 20, 2025
CVE-2025-64496

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

Published Nov 7, 2025
CVE-2025-64495

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

Published Nov 7, 2025
CVE-2024-12534HIGH

Open WebUI Uncontrolled Resource Consumption vulnerability

Published Mar 20, 2025
GHSA-cqp4-qqvg-3787

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Published May 14, 2026
GHSA-r29h-37fj-x2w6

Open WebUI Has Stored Cross-Site Scripting in SVG Renderer

Published May 14, 2026
GHSA-gf5m-wcrh-7928

open-webui Vulnerable to Stored XSS via Model Description

Published May 8, 2026
GHSA-5ccf-884p-4jjq

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability

Published Mar 20, 2025
GHSA-p4fx-23fq-jfg6

Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution

Published May 14, 2026
Check your entire dependency tree at onceRun dependency scan →