[GH-ISSUE #22206] issue: [Critical] Multiple API endpoints load entire dataset into memory at once, causing OOM crash and service unavailability #58327

New Issue

Open

opened 2026-05-05 22:55:13 -05:00 by GiteaMirror · 3 comments

GiteaMirror commented 2026-05-05 22:55:13 -05:00

Owner

Copy Link

Originally created by @ShirasawaSama on GitHub (Mar 4, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/22206

Check Existing Issues

• I have searched for any existing and/or related issues.
• I have searched for any existing and/or related discussions.
• I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
• I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

dev

Ollama Version (if applicable)

No response

Operating System

MacOS

Browser (if applicable)

No response

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided every relevant configuration, setting, and environment variable used in my setup.
• I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
• I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
• Start with the initial platform/version/OS and dependencies used,
• Specify exact install/launch/configure commands,
• List URLs visited, user input (incl. example values/emails/passwords if needed),
• Describe all options and toggles enabled or changed,
• Include any files or environmental changes,
• Identify the expected and actual result at each stage,
• Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

These endpoints should use pagination or streaming to handle large datasets, avoiding loading all data into memory at once.

Actual Behavior

These endpoints load the entire dataset into memory at once, causing Out-of-Memory (OOM) crashes and service unavailability when the data volume is large.

Steps to Reproduce

Just call the APIs.

Logs & Screenshots

.

Additional Information

OOM risk by priority

---

High — Endpoints that will OOM for regular users

Method + Path	Notes
GET /chats/all	All chats for the current user, no pagination.
GET /evaluations/feedbacks/user	All feedback for the current user, includes large JSON.
GET /files/	File list for the current user with content by default; will OOM.

---

Medium — Endpoints that will OOM for admins

Method + Path	Notes
GET /evaluations/feedbacks/all	Admin: full feedback table in one response.
GET /evaluations/feedbacks/all/export	Admin: full feedback export.
GET /chats/all/db	Admin: full chat DB export.

---

Low — Scale-dependent; usually small

Method + Path	Notes
GET /prompts/	Typically small.
GET /models/export	Same.
GET /tools/export	Same.
GET /skills/export	Same.
GET /functions/export	Same.
GET /users/all	Same.
GET /channels/ (full list)	Same.

Originally created by @ShirasawaSama on GitHub (Mar 4, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/22206 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version dev ### Ollama Version (if applicable) _No response_ ### Operating System MacOS ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior These endpoints should use pagination or streaming to handle large datasets, avoiding loading all data into memory at once. ### Actual Behavior These endpoints load the entire dataset into memory at once, causing Out-of-Memory (OOM) crashes and service unavailability when the data volume is large. ### Steps to Reproduce Just call the APIs. ### Logs & Screenshots . ### Additional Information **OOM risk by priority** --- ## **High — Endpoints that will OOM for regular users** | Method + Path | Notes | |---------------|--------| | `GET /chats/all` | All chats for the current user, no pagination. | | `GET /evaluations/feedbacks/user` | All feedback for the current user, includes large JSON. | | `GET /files/` | File list for the current user with content by default; will OOM. | --- ## **Medium — Endpoints that will OOM for admins** | Method + Path | Notes | |---------------|--------| | `GET /evaluations/feedbacks/all` | Admin: full feedback table in one response. | | `GET /evaluations/feedbacks/all/export` | Admin: full feedback export. | | `GET /chats/all/db` | Admin: full chat DB export. | --- ## **Low — Scale-dependent; usually small** | Method + Path | Notes | |---------------|--------| | `GET /prompts/` | Typically small. | | `GET /models/export` | Same. | | `GET /tools/export` | Same. | | `GET /skills/export` | Same. | | `GET /functions/export` | Same. | | `GET /users/all` | Same. | | `GET /channels/` (full list) | Same. |

GiteaMirror added the bug label 2026-05-05 22:55:13 -05:00

GiteaMirror commented 2026-05-05 22:55:15 -05:00

Author

Owner

Copy Link

@gaby commented on GitHub (Mar 8, 2026):

@ShirasawaSama This is actually a security issue; it should have been reported privately, not publicly.

Ping @tjbck @Classic298

<!-- gh-comment-id:4020186846 --> @gaby commented on GitHub (Mar 8, 2026): @ShirasawaSama This is actually a security issue; it should have been reported privately, not publicly. Ping @tjbck @Classic298

GiteaMirror commented 2026-05-05 22:55:16 -05:00

Author

Owner

Copy Link

@Classic298 commented on GitHub (Mar 8, 2026):

UNTESTED reference-only PR: https://github.com/open-webui/open-webui/pull/22464

<!-- gh-comment-id:4020233015 --> @Classic298 commented on GitHub (Mar 8, 2026): UNTESTED reference-only PR: https://github.com/open-webui/open-webui/pull/22464

GiteaMirror commented 2026-05-05 22:55:17 -05:00

Author

Owner

Copy Link

@ShirasawaSama commented on GitHub (Mar 9, 2026):

@gaby This issue has persisted since version 0.5, so a little more time won't make much difference.

<!-- gh-comment-id:4020970346 --> @ShirasawaSama commented on GitHub (Mar 9, 2026): @gaby This issue has persisted since version 0.5, so a little more time won't make much difference.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#58327