Package impact
npm / open-webui
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45665 | high | 8.1 | 8.1 | 13d ago | Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order | |||
| CVE-2026-44721 | high | 7.3 | 7.3 | 13d ago | open-webui Vulnerable to Stored XSS via Model Description | |||
| CVE-2026-45395 | high | 7.2 | 7.2 | 13d ago | Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution | |||
| CVE-2026-45346 | medium | 5.4 | 5.4 | 13d ago | Open WebUI Has Stored Cross-Site Scripting in SVG Renderer |