OSS Support Hub / AI / ML

Python AI / ML NOASSERTION Latest: v0.10.1

Open WebUI

Self-hosted AI interface for Ollama and OpenAI-compatible LLMs

Project Health at a Glance

Live data from GitHub and PyPI, updated daily.

143.5K+4.0K
GitHub Stars
📦
v0.10.1
Latest Release · 2 days ago
🔄
11d
Avg. Release Cadence
🐛
248
Open Issues
📅
Yesterday
Last Commit
🔒
10
Active CVEs

Data last fetched: 2026-06-30

Known Vulnerabilities

10 active CVEs reported via OSV.dev

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)

Published: 2026-06-17 Fixed in: 0.9.6

Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Published: 2026-05-14 Fixed in: 0.9.0

Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion

Published: 2026-05-14 Fixed in: 0.9.0

Open WebUI has unauthorized deletion of knowledge files

Published: 2026-03-27 Fixed in: 0.8.6

Open WebUI has an LDAP Empty Password Authentication Bypass

Published: 2026-05-08 Fixed in: 0.9.0

Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image

Published: 2026-05-14 Fixed in: 0.9.3

Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint

Published: 2025-03-20 No fix available

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit

Published: 2026-06-17 Fixed in: 0.9.6

Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data URI in profile_image_url

Published: 2026-05-14 Fixed in: 0.9.5

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Published: 2026-05-08 Fixed in: 0.9.0

Alternatives to Open WebUI

Other AI / ML projects in the Python ecosystem worth evaluating.

Support Options for Open WebUI

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Open WebUI — without relying on volunteer maintainers.