pkg:PyPI/gradio

All known vulnerabilities

• CRITICAL9.8CVE-2024-39236Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
  from 0, <= 4.36.1
• CRITICAL9.8CVE-2024-39236Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
• CRITICAL9.6Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
  from 0, < 5b5af1899dd98d63e1f9b48a93601c2db1f56520 | from 0, < 4.14.0
• CRITICAL9.6Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
  from 0, < 4.14.0
• HIGH8.8Gradios's CORS origin validation is not performed when the request has a cookie
  from 0, < 4.44.0
• HIGH8.8Gradios's CORS origin validation is not performed when the request has a cookie
  from 0, < 4.44.0
• HIGH8.8Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
  from 0, < 80fea89117358ee105973453fdc402398ae20239 | from 0, < 2.8.11
• HIGH8.8Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
  from 0, < 2.8.11
• HIGH8.6Server-Side Request Forgery in gradio
  from 0, <= 4.36.0
• HIGH8.6Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
  from 0, < 4.11.0
• HIGH8.6Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
  from 0, < 1b9d4234d6c25ef250d882c7b90e1f4039ed2d76, < 7ba8c5da45b004edd12c0460be9222f5b5f5f055 | from 0, < 4.11.0
• HIGH8.3Files on the host computer can be accessed from the Gradio interface
  from 0, < 2.5.0
• HIGH8.3Files on the host computer can be accessed from the Gradio interface
  from 0, < 41bd3645bdb616e1248b2167ca83636a2653f781 | from 0, < 2.5.0
• HIGH8.2Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
  from 0, < 6.6.0
• HIGH8.2Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
  from 0, < 6.6.0
• HIGH8.2Gradio Vulnerable to Arbitrary File Deletion
  >= 4.0.0, <= 5.0.0b2
• HIGH8.1Gradio uses insecure communication between the FRP client and server
  from 0, < 5.0.0
• HIGH8.1Gradio uses insecure communication between the FRP client and server
  from 0, < 5.0.0
• HIGH7.5Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
  from 0, < 6.7.0
• HIGH7.5Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
  from 0, < 6.7.0
• HIGH7.5Gradio DOS in multipart boundry while uploading the file
  from 0, <= 5.22.0
• HIGH7.5Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
  >= 4.38.0, <= 5.0.0-beta.2
• HIGH7.5Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb
  >= 4.0.0, <= 5.0.0b2
• HIGH7.5Gradio Blocked Path ACL Bypass Vulnerability
  from 0, < 5.6.0
• HIGH7.5Gradio Blocked Path ACL Bypass Vulnerability
  from 0, < 5.11.0
• HIGH7.5Gradio lacks integrity checking on the downloaded FRP client
  from 0, < 5.0.0
• HIGH7.5Gradio lacks integrity checking on the downloaded FRP client
  from 0, < 5.0.0
• HIGH7.5Local file inclusion in gradio
  from 0, < ee1e2942e0a1ae84a08a05464e41c8108a03fa9c, < ee1e2942e0a1ae84a08a05464e41c8108a03fa9c | from 0, < 4.31.4
• HIGH7.5Local file inclusion in gradio
  from 0, < 4.31.3
• HIGH7.5Gradio allows credential leakage on Windows
  from 0, < 4.20.0
• HIGH7.5Gradio allows credential leakage on Windows
  from 0, < 4.20.0
• HIGH7.5gradio vulnerable to Path Traversal
  from 0, < 4.13.0
• HIGH7.5Gradio allows users to access arbitrary files
  from 0, < 4.19.2
• HIGH7.5Gradio allows users to access arbitrary files
  from 0, < 4.19.2
• HIGH7.5Gradio Path Traversal vulnerability
• HIGH7.5Gradio Path Traversal vulnerability
  from 0, < 4.9.0
• HIGH7.3gradio Server-Side Request Forgery vulnerability
  from 0, < 4.18.0
• HIGH7.3Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
  from 0, < 3.34.0
• HIGH7.3Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
  from 0, < 3.34.0
• HIGH7.2Gradio vulnerable to SSRF in the path parameter of /queue/join
  from 0, < 5.0.0
• HIGH7.2Gradio vulnerable to SSRF in the path parameter of /queue/join
  from 0, < 5.0.0
• HIGH7.0Gradio has a race condition in update_root_in_config may redirect user traffic
  from 0, < 5.0.0
• HIGH7.0Gradio has a race condition in update_root_in_config may redirect user traffic
  from 0, < 5.0.0
• MEDIUM6.5gradio Server Side Request Forgery vulnerability
  from 0, <= 4.42.0
• MEDIUM6.5Gradio's `is_in_or_equal` function may be bypassed
  from 0, < 5.0.0
• MEDIUM6.5Gradio's `is_in_or_equal` function may be bypassed
  from 0, < 5.0.0
• MEDIUM6.5Gradio's Component Server does not properly consider` _is_server_fn` for functions
  from 0, < 4.13.0
• MEDIUM6.5gradio Server-Side Request Forgery vulnerability
  from 0, < 4.10.0
• MEDIUM5.9Gradio apps vulnerable to timing attacks to guess password
  from 0, < 4.19.2
• MEDIUM5.4Gradio Vulnerable to Open Redirect
  from 0, <= 4.37.2
• MEDIUM5.4Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
  from 0, < 5.0.0
• MEDIUM5.4Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
  from 0, < 5.0.0
• MEDIUM5.4Gradio's CORS origin validation accepts the null origin
  from 0, < 5.0.0
• MEDIUM5.4Gradio's CORS origin validation accepts the null origin
  from 0, < 5.0.0
• MEDIUM5.4Open redirect in gradio
  from 0, <= 4.36.1
• MEDIUM5.4Update share links to use FRP instead of SSH tunneling
  from 0, < 3.13.1
• MEDIUM5.4Update share links to use FRP instead of SSH tunneling
  from 0, < 3.13.1
• MEDIUM5.3Gradio Allows Unauthorized File Copy via Path Manipulation
  from 0, < 5.31.0
• MEDIUM5.3Gradio Allows Unauthorized File Copy via Path Manipulation
  >= 5.25.2, < 5.31.0
• MEDIUM5.3Gradio Path Traversal vulnerability
  from 0, <= 5.0.1
• MEDIUM5.3Gradio has several components with post-process steps allow arbitrary file leaks
  from 0, < 5.0.0
• MEDIUM5.3Gradio has several components with post-process steps allow arbitrary file leaks
  from 0, < 5.0.0
• MEDIUM5.3Gradio has a one-level read path traversal in `/custom_component`
  from 0, < 4.44.0
• MEDIUM5.3Gradio has a one-level read path traversal in `/custom_component`
  from 0, < 4.44.0
• MEDIUM4.8Gradio arbitrary file upload vulnerability
  from 0, <= 3.27.0
• MEDIUM4.3Gradio has an Open Redirect in its OAuth Flow
  from 0, < 6.6.0
• MEDIUM4.3Gradio has an Open Redirect in its OAuth Flow
  from 0, < 6.6.0
• MEDIUM4.3In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
  from 0, < 4.44.0
• MEDIUM4.3In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
  from 0, < 4.44.0
• MEDIUM4.3Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
  from 0, < 4.19.2
• LOW3.7Gradio CORS Origin Validation Bypass Vulnerability
  >= 5.0.0, <= 5.29.1
• LOW3.7Gradio performs a non-constant-time comparison when comparing hashes
  from 0, < 4.44.0
• LOW3.7Gradio performs a non-constant-time comparison when comparing hashes
  from 0, < 4.44.0
• NONE0.0Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
  >= 4.16.0, < 6.6.0
• NONE0.0Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
  >= 4.16.0, < 6.6.0
• NONE0.0Gradio vulnerable to arbitrary file read with File and UploadButton components
  >= 5.0.0, < 5.5.0
• NONE0.0Gradio vulnerable to arbitrary file read with File and UploadButton components
  >= 5.0.0, < 5.5.0