Openmicroscopy Omero Web
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Openmicroscopy Omero Web.
By the Year
In 2026 there have been 0 vulnerabilities in Openmicroscopy Omero Web. Last year, in 2025 Omero Web had 1 security vulnerability published. Right now, Omero Web is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 3 | 6.00 |
It may take a day or so for new Omero Web vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Openmicroscopy Omero Web Security Vulnerabilities
OMERO.web info disclosure via Forgot Password before 5.29.2
CVE-2025-54791
- August 13, 2025
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.
Generation of Error Message Containing Sensitive Information
OMERO.web provides a web based client and plugin infrastructure
CVE-2021-41132
6.1 - Medium
- October 14, 2021
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.
XSS
OMERO.web is open source Django-based software for managing microscopy imaging
CVE-2021-21376
6.5 - Medium
- March 23, 2021
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.
Information Disclosure
OMERO.web is open source Django-based software for managing microscopy imaging
CVE-2021-21377
5.4 - Medium
- March 23, 2021
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.
Open Redirect
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Openmicroscopy Omero Web or by Openmicroscopy? Click the Watch button to subscribe.
