Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 10:42 a.m.3 views

CVE-2024-47084

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...

8.3CVSS6.8AI score0.00138EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2024/10/12 2:48 a.m.2 views

SUSE CVE-2024-47167

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio's asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

9.8CVSS6.5AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2024/10/12 2:48 a.m.1 views

SUSE CVE-2024-47867

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

7.5CVSS6.9AI score0.00222EPSS
Exploits0References3
PyPA
PyPAadded 2024/10/10 11:15 p.m.4 views

PYSEC-2024-216

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

7.5CVSS6.9AI score0.00222EPSS
Exploits0References1Affected Software1
PyPA
PyPAadded 2024/10/10 10:15 p.m.4 views

PYSEC-2024-196

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...

8.3CVSS7AI score0.00138EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/10/10 10:12 p.m.13 views

CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS5.9AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/10/10 10:12 p.m.18 views

CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS0.0025EPSS
Exploits0References1
OSV
OSVadded 2024/10/10 10:9 p.m.14 views

GHSA-GVV6-33J7-884G Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...

5.4CVSS5.3AI score0.0025EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2024/10/10 10:9 p.m.20 views

Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...

6.9CVSS6.2AI score0.0025EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2024/10/10 9:36 p.m.9 views

GHSA-89V2-PQFV-C5R9 Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

5.4CVSS5.3AI score0.00168EPSS
Exploits0References4
OSV
OSVadded 2024/10/10 9:20 p.m.4 views

GHSA-3C67-5HWX-F6WX Gradios's CORS origin validation is not performed when the request has a cookie

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server...

8.8CVSS8.2AI score0.00138EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2024/10/10 9:20 p.m.13 views

Gradios's CORS origin validation is not performed when the request has a cookie

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server...

8.3CVSS6.9AI score0.00138EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder