Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

oobabooga — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting oobabooga. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Oobabooga is an open-source web interface for running Large Language Models locally, primarily used for AI experimentation and development. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues across its nine recorded CVEs. The application's security posture has been compromised through insecure deserialization and improper input validation, allowing attackers to execute arbitrary code or access sensitive data. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in web management interfaces suggests potential risks for users deploying the tool without proper hardening or network isolation.

Top products by oobabooga: text-generation-webui
CVE IDTitleCVSSSeverityPublished
CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication — text-generation-webuiCWE-22 5.3 Medium2026-04-07
CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation — text-generation-webuiCWE-918 7.5 High2026-04-07
CVE-2026-35485 text-generation-webui has a Path Traversal in load_grammar() — arbitrary file read without authentication — text-generation-webuiCWE-22 7.5 High2026-04-07
CVE-2026-35484 text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication — text-generation-webuiCWE-22 5.3 Medium2026-04-07
CVE-2026-35483 text-generation-webui has a Path Traversal in load_template() — .jinja/.yaml/.yml file read without authentication — text-generation-webuiCWE-22 5.3 Medium2026-04-07
CVE-2026-35050 text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml". — text-generation-webuiCWE-22 9.1 Critical2026-04-06
CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability — text-generation-webuiCWE-807 9.8 -2025-11-06
CVE-2025-12488 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability — text-generation-webuiCWE-807 9.8 -2025-11-06
CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload — text-generation-webuiCWE-59 6.2 Medium2025-10-13

This page lists every published CVE security advisory associated with oobabooga. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.