openwebui
Security Risk Profile
Security Risk Score
Comprehensive risk assessment based on 107 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from April 16, 2024 to present
Threat Assessment
Severity Distribution
Exploit Likelihood
Age Distribution
Common Weaknesses (CWE)
Most Affected Products
Recent Vulnerabilities
See more →Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
Open WebUI: Indirect Object Reference (IDOR) in user notes
Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order
Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints
Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`
Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
Monitor openwebui in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.