Browse all 7 CVE security advisories affecting automatic1111. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AUTOMATIC1111 is an open-source web interface for Stable Diffusion, primarily used for AI image generation. Historically, it has faced vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from improper input validation and insecure default configurations. The software's complex architecture and frequent updates have introduced security gaps, with seven CVEs recorded to date. Notable incidents include RCE flaws through API endpoints and XSS vulnerabilities in parameter handling. Despite its popularity, the project has been criticized for inconsistent security practices, with some issues remaining unpatched for extended periods.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-31462 | Limited file write in Stable-diffusion-webui - GHSL-2024-010 — stable-diffusion-webuiCWE-22 | 6.3 | Medium | 2024-04-12 |
This page lists every published CVE security advisory associated with automatic1111. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.