Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

open-webui

View on npm registry
10 Total advisories
10 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 8.1
npm

CVE-2026-45665

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
UNKNOWN
npm

CVE-2026-45346

Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
HIGH 7.2
npm

CVE-2026-45395

Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
HIGH 7.3
npm

CVE-2026-44721

open-webui Vulnerable to Stored XSS via Model Description
HIGH 8.7
npm

CVE-2025-65959

Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'
HIGH 8.7
npm

CVE-2025-64495

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
HIGH 7.3
npm

CVE-2025-64496

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
HIGH 7.5
npm

GHSA-5ccf-884p-4jjq

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
HIGH 7.5
PyPI

CVE-2024-12537

Open WebUI Uncontrolled Resource Consumption vulnerability
HIGH 7.5
PyPI

CVE-2024-12534

Open WebUI Uncontrolled Resource Consumption vulnerability

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes