Browse all 6 CVE security advisories affecting wandb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wandb provides machine learning experiment tracking and visualization tools, primarily used by data scientists and researchers to manage model development workflows. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its six recorded CVEs. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in web interfaces and API endpoints suggests potential risks for organizations using the platform without proper hardening. Users should implement network segmentation and access controls to mitigate exposure to these recurring security weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4995 | wandb OpenUI Window Message Event index.html cross site scripting — OpenUICWE-79 | 3.5 | Low | 2026-03-28 |
| CVE-2026-4994 | wandb OpenUI APIStatusError server.py generic_exception_handler information exposure — OpenUICWE-209 | 3.5 | Low | 2026-03-28 |
| CVE-2026-4993 | wandb OpenUI config.py hard-coded credentials — OpenUICWE-798 | 3.3 | Low | 2026-03-28 |
| CVE-2026-4992 | wandb OpenUI HTMLAnnotator server.py get_share HTML injection — OpenUICWE-79 | 4.3 | Medium | 2026-03-27 |
| CVE-2025-0192 | Stored Cross-site Scripting (XSS) in wandb/openui — wandb/openuiCWE-79 | 5.4 | - | 2025-03-20 |
| CVE-2024-10649 | Unauthenticated File Upload in wandb/openui — wandb/openuiCWE-306 | 10.0 | - | 2025-02-10 |
This page lists every published CVE security advisory associated with wandb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.