github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #23446] issue: Critical and High severity vulnerabilities #58651

New Issue
Closed
opened 2026-05-05 23:37:57 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-05-05 23:37:57 -05:00
Owner
Copy Link

Originally created by @Haritha-Ashok16 on GitHub (Apr 6, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/23446

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

na

Ollama Version (if applicable)

No response

Operating System

macos/windows

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

na

Actual Behavior

na

Steps to Reproduce

na

Logs & Screenshots

na

Additional Information

  1. black-26.1.0, Remediation: 26.3.0 (critical)
  2. libmbedcrypto7, Remediation: n/a (critical)
  3. jspdf-4.0.0.tgz, Remediation -jspdf@4.2.1 (critical)
  4. rollup-4.22.4.tgz, Remediation -4.59.0 (critical)
  5. kit-2.22.4.tgz, Remediation -2.49.5 (critical)
  6. devalue-5.1.1.tgz, Remediation -5.3.2 (critical)
  7. dagre-d3-es-7.0.11.tgz,Remediation - greater than 7.0.11 (critical)
  8. Package: pip, Remediation: n/a
  9. Package: libtiff6, Remediation: n/a
  10. Package: black, Remediation: 26.3.1
  11. Package: libjs-underscore , Remediation: n/a
  12. Package: pyarrow, Remediation: 23.0.1
  13. aiohttp , Remediation: 3.13.3
  14. Package: brotli,Remediation: 1.2.0
  15. libmbedcrypto7,Remediation: n/a(1 duplicate)
  16. underscore-1.13.7.tgz-remediation:1.13.8
  17. jspdf-4.0.0.tgz-remediation:4.2.0(5 duplicates )
  18. xlsx-0.18.5.tgz -remediation:0.19.3 and later are unaffected.(1 duplicate )
  19. tar-7.4.3.tgz -remediation:7.5.10 (5 duplicate )
  20. vega-selections-6.1.0.tgz-remediation: 6.1.2
  21. lodash-es-4.17.21.tgz-remediation: 4.17.23
  22. socket.io-parser-4.2.4.tgz -remediation: 4.2.6.
  23. minimatch-5.1.6.tgz-remediation: 10.2.3 (2 duplicate )
  24. glob-10.4.5.tgz -remediation: versions 10.5.0 and 11.1.0.
  25. undici-7.11.0.tgz-remediation : v7.24.0 and v6.24.0 (2 duplicate )
  26. picomatch-2.3.1.tgz -remediation: 4.0.4
  27. devalue-5.1.1.tgz-remediation : 5.6.2.
  28. vega-functions-6.1.0.tgz -remediation: 6.1.2 (2 duplicates) 29.os vunerability :Dockerfile Remediation: 3.7.9-2+deb12u6(4duplicates)
  29. SheetJS Regular Expression Denial of Service (ReDoS)- Remediation: n/a (2 duplicates) 31.QOS.CH logback-core Server-Side Request Forgery vulnerability--Remediation: 1.5.13
  30. vite-plugin-static-copy:2.2.0,--Remediation: 2.3.2 33.Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction,Remediation: 7.5.8
  31. node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal. Remediation: 7.5.7
  32. Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS,Remediation: 7.5.4.
    36.node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization , Remediation: 7.5.3
  33. Svelte SSR does not validate dynamic element tag names in svelte:element , Remediation: 5.51.5
  34. qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion , Remediation: 6.14.1
  35. jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method , Remediation: 4.2.0( 7 duplicates) 40.glob CLI: Command injection via -c/--cmd executes matches with shell:true. , Remediation: 10.5.0
  36. devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse , Remediation: 5.6.2
  37. devalue prototype pollution vulnerability , Remediation: 5.3.2
  38. ajv has ReDoS when using $data option ,Remediation: 6.14.0
  39. SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering ,Remediation: 2.49.5
  40. Vulnerability identified in node , Remediation: 24.12.0

High Vulnerability identified in

  • libpython3.11
  • libpython3.11-dev
  • libpython3.11-minimal
  • libpython3.11-stdlib
  • python3.11
  • python3.11-dev
  • python3.11-minimal - Remediation: n/a

Description: high Vulnerability identified in ffmpeg

  • libavcodec59
  • libavdevice59
  • libavfilter8
  • libavformat59
  • libavutil57
  • libpostproc56
  • libswresample4
  • libswscale6..Remediation: n/a (1 duplicate )
Originally created by @Haritha-Ashok16 on GitHub (Apr 6, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/23446 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version na ### Ollama Version (if applicable) _No response_ ### Operating System macos/windows ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior na ### Actual Behavior na ### Steps to Reproduce na ### Logs & Screenshots na ### Additional Information 1. black-26.1.0, Remediation: 26.3.0 (critical) 2. libmbedcrypto7, Remediation: n/a (critical) 3. jspdf-4.0.0.tgz, Remediation -jspdf@4.2.1 (critical) 4. rollup-4.22.4.tgz, Remediation -4.59.0 (critical) 5. kit-2.22.4.tgz, Remediation -2.49.5 (critical) 6. devalue-5.1.1.tgz, Remediation -5.3.2 (critical) 7. dagre-d3-es-7.0.11.tgz,Remediation - greater than 7.0.11 (critical) 8. Package: pip, Remediation: n/a 9. Package: libtiff6, Remediation: n/a 10. Package: black, Remediation: 26.3.1 11. Package: libjs-underscore , Remediation: n/a 12. Package: pyarrow, Remediation: 23.0.1 13. aiohttp , Remediation: 3.13.3 14. Package: brotli,Remediation: 1.2.0 15. libmbedcrypto7,Remediation: n/a(1 duplicate) 16. underscore-1.13.7.tgz-remediation:1.13.8 17. jspdf-4.0.0.tgz-remediation:4.2.0(5 duplicates ) 18. xlsx-0.18.5.tgz -remediation:0.19.3 and later are unaffected.(1 duplicate ) 19. tar-7.4.3.tgz -remediation:7.5.10 (5 duplicate ) 20. vega-selections-6.1.0.tgz-remediation: 6.1.2 21. lodash-es-4.17.21.tgz-remediation: 4.17.23 22. socket.io-parser-4.2.4.tgz -remediation: 4.2.6. 23. minimatch-5.1.6.tgz-remediation: 10.2.3 (2 duplicate ) 24. glob-10.4.5.tgz -remediation: versions 10.5.0 and 11.1.0. 25. undici-7.11.0.tgz-remediation : v7.24.0 and v6.24.0 (2 duplicate ) 26. picomatch-2.3.1.tgz -remediation: 4.0.4 27. devalue-5.1.1.tgz-remediation : 5.6.2. 28. vega-functions-6.1.0.tgz -remediation: 6.1.2 (2 duplicates) 29.os vunerability :Dockerfile Remediation: 3.7.9-2+deb12u6(4duplicates) 30. SheetJS Regular Expression Denial of Service (ReDoS)- Remediation: n/a (2 duplicates) 31.QOS.CH logback-core Server-Side Request Forgery vulnerability--Remediation: 1.5.13 32. vite-plugin-static-copy:2.2.0,--Remediation: 2.3.2 33.Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction,Remediation: 7.5.8 34. node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal. Remediation: 7.5.7 35. Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS,Remediation: 7.5.4. 36.node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization , Remediation: 7.5.3 37. Svelte SSR does not validate dynamic element tag names in <svelte:element> , Remediation: 5.51.5 38. qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion , Remediation: 6.14.1 39. jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method , Remediation: 4.2.0( 7 duplicates) 40.glob CLI: Command injection via -c/--cmd executes matches with shell:true. , Remediation: 10.5.0 41. devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse , Remediation: 5.6.2 42. devalue prototype pollution vulnerability , Remediation: 5.3.2 43. ajv has ReDoS when using $data option ,Remediation: 6.14.0 44. SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering ,Remediation: 2.49.5 45. Vulnerability identified in node , Remediation: 24.12.0 High Vulnerability identified in - libpython3.11 - libpython3.11-dev - libpython3.11-minimal - libpython3.11-stdlib - python3.11 - python3.11-dev - python3.11-minimal - Remediation: n/a Description: high Vulnerability identified in ffmpeg - libavcodec59 - libavdevice59 - libavfilter8 - libavformat59 - libavutil57 - libpostproc56 - libswresample4 - libswscale6..Remediation: n/a (1 duplicate )
GiteaMirror added the bug label 2026-05-05 23:37:57 -05:00
GiteaMirror commented 2026-05-05 23:38:00 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Apr 6, 2026):

This is a scanner output, not a security report. Every field in the issue template is filled with "na" including reproduction steps, and you checked the box saying you documented step-by-step reproduction instructions.

None of these have been analyzed for reachability. A CVE in a transitive dependency doesn't mean Open WebUI is vulnerable — it means that dependency has a known issue in some usage pattern.

Unless user input in Open WebUI actually reaches the vulnerable code path, there's nothing to exploit.

Some of these will be resolved with routine dependency bumps. If you believe any specific one is exploitable through Open WebUI's actual attack surface, demonstrate the exploit path and report it through our security policy — not as a public issue.

Closing this. Please don't paste raw scanner output as bug reports.

<!-- gh-comment-id:4191960548 --> @Classic298 commented on GitHub (Apr 6, 2026): This is a scanner output, not a security report. Every field in the issue template is filled with "na" including reproduction steps, and you checked the box saying you documented step-by-step reproduction instructions. None of these have been analyzed for **reachability**. **A CVE in a transitive dependency doesn't mean Open WebUI is vulnerable — it means that dependency has a known issue in some usage pattern**. <ins>**Unless user input in Open WebUI actually reaches the vulnerable code path, there's nothing to exploit.**</ins> Some of these will be resolved with routine dependency bumps. If you believe any specific one is exploitable through Open WebUI's actual attack surface, demonstrate the exploit path and report it through our security policy — not as a public issue. Closing this. Please don't paste raw scanner output as bug reports.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#58651
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?