CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

EUVD-2026-34187

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

CVE-2026-10783 gradio-app gradio Audio Cache Key save_audio_to_cache weak hash

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

CVE-2026-10783

CVE-2026-10783 – gradio-app gradio 6.14.0 : The flaw affects the Audio Cache Key Handler’s save_audio_to_cache function. Manipulation can trigger the use of a weak hash. Exploitation requires local access and is deemed high complexity; an in-the-wild exploit has been released to the public. Patch...

PT-2026-46072

Name of the Vulnerable Software and Affected Versions gradio-app gradio version 6.14.0 Description A security flaw exists in the Audio Cache Key Handler component. Specifically, the save audio to cache function uses a weak hash, which can be manipulated. This issue requires a local position for...

EUVD-2024-1039

Malicious code in bioql PyPI...

CVE-2025-5320

CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...

BentoML vulnerable to Uncontrolled Resource Consumption

In bentoml/bentoml version 1.3.9, the /login endpoint of the newly integrated Gradio app is vulnerable to a Denial of Service DoS attack. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously...

GHSA-HH3J-9M59-P8VC BentoML vulnerable to Uncontrolled Resource Consumption

In bentoml/bentoml version 1.3.9, the /login endpoint of the newly integrated Gradio app is vulnerable to a Denial of Service DoS attack. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously...

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

CVE-2024-10648 Path Traversal in gradio-app/gradio

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset...

CVE-2024-12217

CVE-2024-12217 affects the gradio-app/gradio project (commit git 67e4044). The flaw in the blocked_path implementation on Windows allows path traversal via NTFS Alternate Data Streams syntax (e.g., C:/tmp/secret.txt::$DATA), bypassing blocks that prevent access to restricted files and enabling re...

CVE-2024-12759

CVE-2024-12759 is a duplicate of CVE-2024-8966. Connected records describe a DoS in gradio-app/gradio via the file upload multipart boundary handling in Gradio (version @gradio/[email protected]), where appending characters to the boundary causes unbounded processing and service downtime. Impact is un...

CVE-2024-10624 Regular Expression Denial of Service (ReDoS) in gradio-app/gradio

A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...

CVE-2025-0187

The CVE-2025-0187 concerns gradio-app/gradio 0.39.1, where the file upload endpoint mishandles form-data with an excessively large filename. This causes a DoS by overwhelming the server, leading to unavailability for legitimate users. The vulnerability is tied to the /upload handling and results ...

PT-2024-33510 · Gradio App · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version latest Description: An open redirect issue exists due to improper validation of user-supplied input in URL handling, allowing attackers to redirect users to arbitrary websites. This can be exploited for phishing...

PYSEC-2024-184

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

GHSA-HMX6-R76C-85G9 Gradio apps vulnerable to timing attacks to guess password

Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio app...