pkg:npm/open-webui

9 total CVEsHIGH8

✅ Check your installed version

All known vulnerabilities

  • HIGH8.7CVE-2025-65959Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'
    from 0, < 0.6.37
  • HIGH8.7CVE-2025-64495Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
    from 0, < 0.6.35
  • HIGH8.1CVE-2026-45665Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
    from 0, < 0.8.0
  • HIGH7.5CVE-2024-12537Open WebUI Uncontrolled Resource Consumption vulnerability
    from 0, <= 0.3.32
  • HIGH7.5CVE-2024-12534Open WebUI Uncontrolled Resource Consumption vulnerability
    from 0, <= 0.3.32
  • HIGH7.3CVE-2026-44721open-webui Vulnerable to Stored XSS via Model Description
    from 0, < 0.9.0
  • HIGH7.3CVE-2025-64496Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
    from 0, < 0.6.35
  • HIGH7.2CVE-2026-45395Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
    from 0, < 0.9.5
  • CVE-2026-45346Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
    from 0, < 0.6.31