Browse all 7 CVE security advisories affecting AUTOMATIC1111. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AUTOMATIC1111 is an open-source web interface for Stable Diffusion, primarily used for AI image generation. Historically, it has faced vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from improper input validation and insecure default configurations. The software's complex architecture and frequent updates have introduced security gaps, with seven CVEs recorded to date. Notable incidents include RCE flaws through API endpoints and XSS vulnerabilities in parameter handling. Despite its popularity, the project has been criticized for inconsistent security practices, with some issues remaining unpatched for extended periods.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12074 | Denial of Service in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-400 | 7.5 | - | 2025-03-20 |
| CVE-2024-11045 | Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-284 | 8.8 | - | 2025-03-20 |
| CVE-2024-12375 | Local File Inclusion in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-36 | 7.5 | - | 2025-03-20 |
| CVE-2024-10935 | Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-770 | 7.5 | - | 2025-03-20 |
| CVE-2024-11044 | Open Redirect in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-601 | 6.1 | - | 2025-03-20 |
| CVE-2024-12374 | Stored XSS in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-79 | 5.4 | - | 2025-03-20 |
| CVE-2024-31462 | Limited file write in Stable-diffusion-webui - GHSL-2024-010 — stable-diffusion-webuiCWE-22 | 6.3 | Medium | 2024-04-12 |
This page lists every published CVE security advisory associated with AUTOMATIC1111. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.