Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5 advisories

Loading
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality Moderate
CVE-2026-34225 was published for open-webui (pip) Jul 7, 2026
gg0h Credited to gg0h
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages High
CVE-2026-26193 was published for open-webui (pip) Jul 7, 2026
gg0h Credited to gg0h
Open WebUI vulnerable to Stored XSS via iFrame in citations model High
CVE-2026-26192 was published for open-webui (pip) Jul 7, 2026
gg0h Credited to gg0h
Open WebUI has stored XSS in Excel file preview High
CVE-2026-44549 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298 and gg0h gg0h gg0h
gg0h Credited to gg0h
ProTip! Advisories are also available from the GraphQL API