📦 Gradio

This vulnerability allows attackers to intercept and read files uploaded to Gradio servers when using the share=True option, as HTTPS is not enforced. It affects users who publicly share Gradio demos ...

This Server-Side Request Forgery (SSRF) vulnerability in Gradio allows attackers to force the server to make HTTP requests to arbitrary URLs, potentially accessing internal network resources or upload...

CVE-2024-0964 is a critical local file inclusion vulnerability in Gradio that allows remote attackers to read arbitrary files on the server by exploiting a vulnerable user-supplied JSON value in API r...

A Denial of Service vulnerability in gradio-app/gradio version 0.39.1 allows attackers to crash servers by uploading files with excessively long filenames. This affects any system running the vulnerab...

This vulnerability allows attackers to bypass Gradio's file access controls by changing the letter case of blocked file paths on case-insensitive file systems. It affects Gradio users on Windows and m...

A race condition in Gradio's update_root_in_config function allows attackers to redirect frontend-backend communication to malicious servers. This could intercept sensitive data like credentials or up...

This vulnerability allows attackers to replace the FRP client binary with malicious code during download, as Gradio lacks integrity verification. Users who enable Gradio's sharing feature that downloa...

This CVE allows malicious websites to bypass CORS origin validation in Gradio servers when cookies are present, enabling unauthorized requests to local Gradio instances. Attackers could potentially up...

A Server-Side Request Forgery (SSRF) vulnerability in gradio-app/gradio version 4.21.0 allows attackers to make unauthorized HTTP requests from the vulnerable server. This could lead to access to inte...

This CVE describes a local file inclusion vulnerability in gradio-app/gradio version 4.25. Attackers can exploit improper JSON parsing in the postprocess() function to read arbitrary files from the re...

This CVE describes a GitHub Actions workflow vulnerability in the gradio repository that allows attackers to exfiltration sensitive secrets. The workflow improperly executes code from forks with eleva...

Gradio versions before 4.20 on Windows systems may leak credentials stored in environment variables or configuration files. This affects any Windows user running vulnerable Gradio applications that ha...

This vulnerability in gradio allows attackers to read any file on the filesystem by exploiting the /component_server endpoint. It affects gradio applications exposed to the internet via share=True and...

A command injection vulnerability in the gradio-app/gradio repository's GitHub Actions workflow allows attackers to execute arbitrary commands by manipulating GitHub context variables. This affects or...

This CVE describes a command injection vulnerability in the Gradio library that allows attackers to execute arbitrary commands on the host system. It affects applications using vulnerable versions of ...

CVE-2023-34239 is a vulnerability in the Gradio Python library that allows attackers to access arbitrary files on the server and proxy requests to unauthorized URLs due to insufficient path and URL fi...

An open redirect vulnerability in gradio-app/gradio allows attackers to redirect users to malicious websites using URL encoding. This affects all users of vulnerable gradio versions who interact with ...

This vulnerability in Gradio allows attackers with access to the application to read arbitrary files from the server when using File or UploadButton components for file preview. All Gradio application...

This CVE allows attackers to make unauthorized requests to locally deployed Gradio servers from sandboxed iframes or other sources with a null origin. This can lead to data theft including authenticat...