open-webui
Security Risk Profile
44
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 25 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from October 10, 2024 to present
25
Total CVEs
18
Critical+High
0
Exploited
16
Unpatched
Threat Assessment
Avg CVSS
7.1
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
16
Critical/High
Risk Level
44/100
medium
Severity Distribution
Critical
2High
16Medium
6Low
1Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
0Age Distribution
Common Weaknesses (CWE)
1
XSS
4
2
SSRF
2
3
CSRF
2
4
Path Traversal
1
5
Input Validation
1
Most Affected Products
1. open-webui open-webui25
2. openwebui Open WebUI22
3. pip/open-webui21
4. npm/open-webui3
5. starlette starlette1
Recent Vulnerabilities
See more →CVE-2025-63681
CVSS 4.3medium
12/4/2025🔧 No Patch
CVE-2025-29446
CVSS 3.3low
4/21/2025🔧 No Patch
CVE-2024-8017
CVSS 9.0critical
Cross-site Scripting (XSS) in open-webui/open-webui
3/20/2025🔧 No Patch
CVE-2024-7053
CVSS 9.0critical
Session Fixation in open-webui/open-webui
3/20/2025🔧 No Patch
CVE-2024-8053
CVSS 8.2high
Improper Authentication in open-webui/open-webui
3/20/2025🔧 No Patch
CVE-2024-7806
CVSS 8.8high
Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui
3/20/2025
CVE-2024-7039
CVSS 8.3high
Improper Privilege Management in open-webui/open-webui
3/20/2025🔧 No Patch
CVE-2024-12534
CVSS 7.5high
Denial of Service (DoS) in open-webui/open-webui
3/20/2025🔧 No Patch
CVE-2024-7034
CVSS 7.2high
Remote Code Execution due to Arbitrary File Write in open-webui/open-webui
3/20/2025🔧 No Patch
CVE-2024-7043
CVSS 8.8high
Improper Access Control in open-webui/open-webui
3/20/2025🔧 No Patch
Monitor open-webui in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.