gitsafehub
github.com/browser-use/web-ui ↗

browser-use/web-ui

scanned 2026-06-29 · git 6196229
3 of 6 checks flagged a security issue
🔴 Needs attention
Only 4 of 6 checks finished — treat this as provisional. Re-check ↻

Informational scan, not a security audit. How this is computed.

Leaked secrets21Vulnerable dependencies6Known OSS vulnerabilities79Risky code patternsMalicious dependenciesProject health

Security checks

Leaked secrets — Gitleaks 21 found

API keys, passwords or tokens committed into the repo.

  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:13
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Secure Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Secure Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Secure Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Secure Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    ~/Library/Application Support/Google/Chrome/Default/Secure Preferences:1
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.
  • Worth fixing generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    .env.example:2
    A credential (key, password or token) appears in your code. Fix: Remove it, rotate the key, and load it from an environment variable instead.

via Gitleaks v8.21.2 · MIT

Vulnerable dependencies — Trivy 6 found

Packages you depend on that have known security holes (CVEs).

  • Worth fixing CVE-2026-28414 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
    requirements.txt
    A package you depend on has a known security hole (CVE-2026-28414). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-28416 Gradio: Gradio: Server-Side Request Forgery allows access to internal services via malicious Space loading
    requirements.txt
    A package you depend on has a known security hole (CVE-2026-28416). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation
    requirements.txt
    A package you depend on has a known security hole (CVE-2025-48889). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-28415 Gradio: Gradio: Open Redirect vulnerability allows redirection to arbitrary external URLs.
    requirements.txt
    A package you depend on has a known security hole (CVE-2026-28415). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-28277 LangGraph checkpoint loading has unsafe msgpack deserialization
    requirements.txt
    A package you depend on has a known security hole (CVE-2026-28277). Fix: Update that package to its patched version.
  • Minor CVE-2026-27167 Gradio: Gradio: Information disclosure due to hardcoded secret in session cookie signing, allowing remote attackers to steal Hugging Face tokens.
    requirements.txt
    A package you depend on has a known security hole (CVE-2026-27167). Fix: Update that package to its patched version.

via Trivy v0.70.0 · Apache-2.0

Known OSS vulnerabilities — OSV-Scanner 79 found · 3 serious

Your dependencies cross-checked against the OSV vulnerability database.

  • Serious GHSA-63hf-3vf5-4wqf AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-34520). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-373 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-68664). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-457 Arbitrary Code Execution in Pillow
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2023-50447). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2025-119 Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrar
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-48889). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-63 Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-27167). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-64 Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that en
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-28414). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-65 Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query param
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-28415). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-66 Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP r
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-28416). Fix: Update that package to its patched version.
  • Worth fixing GHSA-pc6w-59fv-rh23 Langchain Community Vulnerable to XML External Entity (XXE) Attacks
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-6984). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-83 LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msg
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-28277). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-237 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an applicat
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-54275). Fix: Update that package to its patched version.
  • Worth fixing GHSA-4fvr-rgm6-gqmc aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-54273). Fix: Update that package to its patched version.
  • Worth fixing GHSA-63hw-fmq6-xxg2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-54277). Fix: Update that package to its patched version.
  • Worth fixing GHSA-6jhg-hg63-jvvf AIOHTTP vulnerable to denial of service through large payloads
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-69228). Fix: Update that package to its patched version.
  • Worth fixing GHSA-6mq8-rvhq-8wgg AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-69223). Fix: Update that package to its patched version.
  • Worth fixing GHSA-8495-4g3g-x7pr aiohttp allows request smuggling due to incorrect parsing of chunk extensions
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2024-52304). Fix: Update that package to its patched version.
  • Worth fixing GHSA-966j-vmvw-g2g9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-34518). Fix: Update that package to its patched version.
  • Worth fixing GHSA-c427-h43c-vf67 AIOHTTP accepts duplicate Host headers
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-34525). Fix: Update that package to its patched version.
  • Worth fixing GHSA-g3cq-j2xw-wf74 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-54278). Fix: Update that package to its patched version.
  • Worth fixing GHSA-g84x-mcqj-x9qq AIOHTTP vulnerable to DoS through chunked messages
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-69229). Fix: Update that package to its patched version.
  • Worth fixing GHSA-hg6j-4rv6-33pg AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-47265). Fix: Update that package to its patched version.
  • Worth fixing GHSA-hpj7-wq8m-9hgp aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-54276). Fix: Update that package to its patched version.
  • Worth fixing GHSA-jg22-mg44-37j8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-34993). Fix: Update that package to its patched version.
  • Worth fixing GHSA-jj3x-wxrx-4x23 AIOHTTP vulnerable to DoS when bypassing asserts
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2025-69227). Fix: Update that package to its patched version.
  • Worth fixing GHSA-m5qp-6w8w-w647 AIOHTTP has a Multipart Header Size Bypass
    /workdirs/scan-6fa89807-07e5-46a1-84e9-c7051b3bc163/requirements.txt
    A package you depend on has a known security hole (CVE-2026-34516). Fix: Update that package to its patched version.
… 54 more not shown

via OSV-Scanner v1.9.2 · Apache-2.0

Risky code patterns — Semgrep none found ✓

Code that can be exploited — injection, hardcoded credentials and similar.

Nothing found by this check. ✓

via Semgrep v1.147.0 · LGPL-2.1

Malicious dependencies — Guarddog timed out

Packages that look intentionally malicious — typosquats, sneaky install scripts.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via Guarddog v2.10.0 · Apache-2.0

error: pypi:timeout

Project health

A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.

Project health — OpenSSF Scorecard didn’t run

Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via OpenSSF Scorecard · Apache-2.0

About these results. Six open-source checks ran in parallel; every finding is tagged with the tool that produced it. The verdict follows a published rule. False positives and false negatives are normal — a clean scan does not mean the code is secure, and a red verdict does not mean the project is compromised.