Skip to content

Instantly share code, notes, and snippets.

View Cristliu's full-sized avatar

Cristliu Cristliu

10 followers · 16 following
View GitHub Profile
@Cristliu
Cristliu / CVE-2025-63391-Public.md
Created January 21, 2026 17:31
CVE-2025-63391 Public Disclosure

Security Advisory: CVE-2025-63391 - Authentication Bypass in Open-WebUI Config Endpoint

CVE ID: CVE-2025-63391 Date: 2025-12-18 Vendor: Open-WebUI Product: Open-WebUI Affected Versions: <= v0.6.32 Vulnerability Type: Insecure Permissions / Authentication Bypass Severity: Medium (Information Disclosure)

@Cristliu
Cristliu / CVE-2025-63390-Public.md
Created January 21, 2026 17:31
CVE-2025-63390 Public Disclosure

Security Advisory: CVE-2025-63390 - Authentication Bypass in AnythingLLM Workspaces

CVE ID: CVE-2025-63390 Date: 2025-12-18 Vendor: Mintplex Labs Product: AnythingLLM Affected Versions: v1.8.5 Vulnerability Type: Insecure Permissions / Authentication Bypass Severity: High (Privilege Escalation, Information Disclosure)

@Cristliu
Cristliu / CVE-2025-63389-Public.md
Created January 21, 2026 17:31
CVE-2025-63389 Public Disclosure

Security Advisory: CVE-2025-63389 - Authentication Bypass in Ollama API

CVE ID: CVE-2025-63389 Date: 2025-12-18 Vendor: Ollama Product: Ollama Affected Versions: <= v0.12.3 Vulnerability Type: Incorrect Access Control / Authentication Bypass Severity: Critical (Code Execution, Privilege Escalation, Information Disclosure)

@Cristliu
Cristliu / CVE-2025-63388-Public.md
Created January 21, 2026 17:31
CVE-2025-63388 Public Disclosure

Security Advisory: CVE-2025-63388 - CORS Misconfiguration in Dify System Features Endpoint

CVE ID: CVE-2025-63388 Date: 2025-12-18 Vendor: LangGenius (Dify) Product: Dify Affected Versions: v1.9.1 Vulnerability Type: Insecure Permissions / CORS Misconfiguration Severity: Medium (Information Disclosure)

@Cristliu
Cristliu / CVE-2025-63387-Public.md
Created January 21, 2026 17:31
CVE-2025-63387 Public Disclosure

Security Advisory: CVE-2025-63387 - Unauthenticated Access to System Features in Dify

CVE ID: CVE-2025-63387 Date: 2025-12-18 Vendor: LangGenius (Dify) Product: Dify Affected Versions: v1.9.1 Vulnerability Type: Insecure Permissions / Authentication Bypass Severity: Medium (Information Disclosure)

@Cristliu
Cristliu / CVE-2025-63386-Public.md
Created January 21, 2026 17:31
CVE-2025-63386 Public Disclosure

Security Advisory: CVE-2025-63386 - CORS Misconfiguration in Dify Setup Endpoint

CVE ID: CVE-2025-63386 Date: 2025-12-18 Vendor: LangGenius (Dify) Product: Dify Affected Versions: v1.9.1 Vulnerability Type: Insecure Permissions / CORS Misconfiguration Severity: Medium (Information Disclosure)

@Cristliu
Cristliu / CVE-2025-56157-Public.md
Created January 21, 2026 17:31
CVE-2025-56157 Public Disclosure

Security Advisory: CVE-2025-56157 - Default Credentials in Dify

CVE ID: CVE-2025-56157 Date: 2025-12-18 Vendor: LangGenius (Dify) Product: Dify Affected Versions: <= v1.5.1 Vulnerability Type: Insecure Permissions / Default Credentials Severity: High (Remote Code Execution, Privilege Escalation, Information Disclosure)