VIR Vulnerability Intelligence Relay

Package impact

npm npm / open-webui

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-45665 high 8.1 8.1 13d ago Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order npm
CVE-2026-44721 high 7.3 7.3 13d ago open-webui Vulnerable to Stored XSS via Model Description npmpython
CVE-2026-45395 high 7.2 7.2 13d ago Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution npm
CVE-2026-45346 medium 5.4 5.4 13d ago Open WebUI Has Stored Cross-Site Scripting in SVG Renderer npm
CVE-2025-65959 unknown 6mo ago Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF' npm
CVE-2025-64496 unknown 7mo ago Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events npmpython
CVE-2025-64495 unknown 7mo ago Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE npmpython
CVE-2024-12534 unknown 1y ago Open WebUI Uncontrolled Resource Consumption vulnerability pythonnpm
CVE-2024-12537 unknown 1y ago Open WebUI Uncontrolled Resource Consumption vulnerability pythonnpm