20 matches found
CVE-2026-48545 Gradio < 6.15.0 Cookie Injection via Shared Proxy Client
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...
3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28415 via gradio (>=6.0.0 <=6.4.0)
gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28415 Source advisory: SNYK:PYTHON-GRADIO-15366398...
codearkt (>=0.0.1 <=0.0.3), mergenetic (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2025-48889 via gradio (>=5.25.2 <=5.29.1)
gradio PYPI version =5.25.2, =0.0.1, =0.1.0, =0.5.2, =0.10.4, =0.10.5 Source cves: CVE-2025-48889 Source advisory: OSV:PYSEC-2025-119...
ace-step (=0.1.0), ambientagi (>=0.1.1 <=0.2.12) +39 more potentially affected by CVE-2025-48889 via gradio (>=5.0.0 <=5.29.1)
gradio PYPI version =5.0.0, =0.1.1, =0.0.1, =1.0.1, =0.1.2, =0.0.5, =0.1.0, =0.0.2, =0.1.0, =2.0.0, =1.1.8b3, =1.0.0, =2025.1.24, =2025.11.0b3 and more Source cves: CVE-2025-48889 Source advisory: SNYK:PYTHON-GRADIO-10265012...
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +342 more potentially affected by CVE-2024-8966 via gradio (>=1.7.7 <=5.21.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.1.1, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 and more Source cves: CVE-2024-8966 Source advisory: OSV:GHSA-5CPQ-9538-JM2J...
academic-chatgpt (>=0.3.0 <=0.4.1), ace-step (=0.1.0) +514 more potentially affected by CVE-2025-23042 via gradio (>=1.7.7 <=5.5.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =2.0.0, =0.1.5, =0.0.6, =0.0.1, =0.3.2, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.0.7 and more Source cves: CVE-2025-23042 Source advisory: OSV:PYSEC-2025-118...
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +323 more potentially affected by CVE-2025-23042 via gradio (>=1.7.7 <=5.10.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.1.1, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 and more Source cves: CVE-2025-23042 Source advisory: OSV:GHSA-J2JG-FQ62-7C3H...
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +163 more potentially affected by CVE-2024-47168 via gradio (>=1.7.7 <=4.43.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.8.11, =0.4.0, =0.7.0.dev134, =0.1.0rc1, =0.1.0rc2 - aqueduct-llm =0.0.1 and more Source cves: CVE-2024-47168 Source advisory: OSV:GHSA-HM3C-93PG-4CXW...
PT-2024-32863 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5 Description: This issue involves insecure communication between the FRP client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read...
PT-2024-32858 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is related to a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from...
PT-2024-32451 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.44 Description: This issue involves data exposure due to the enable monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user...
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +151 more potentially affected by CVE-2024-4941 via gradio (>=1.7.7 <=4.31.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.8.11, =0.4.0, =0.7.0.dev134, =0.1.0rc1, =0.1.0rc2 - aqueduct-llm =0.0.1 and more Source cves: CVE-2024-4941 Source advisory: OSV:GHSA-6V6G-J5FQ-HPVW...
academic-chatgpt (>=0.3.0 <=0.4.1), agentverse (>=0.1.5 <=0.1.8.1) +123 more potentially affected by CVE-2024-1727 via gradio (>=1.7.7 <=4.19.1)
gradio PYPI version =1.7.7, =0.3.0, =0.1.5, =0.0.17, =0.0.1, =0.8.11, =0.7.0.dev134, =0.1.0rc1, =0.0.0, =0.6.14, =0.7.63 and more Source cves: CVE-2024-1727 Source advisory: OSV:GHSA-48CQ-79QQ-6F7X...
academic-chatgpt (>=0.3.0 <=0.4.1), agentverse (>=0.1.5 <=0.1.8.1) +114 more potentially affected by CVE-2024-34511 via gradio (>=1.7.7 <=4.12.0)
gradio PYPI version =1.7.7, =0.3.0, =0.1.5, =0.0.1, =0.8.11, =0.7.0.dev134, =0.1.0rc1, =0.0.0, =0.6.14, =0.7.63 - axolotl =0.5.0 and more Source cves: CVE-2024-34511 Source advisory: OSV:GHSA-34RF-P3R3-58X2...
academic-chatgpt (>=0.3.0 <=0.4.1), agentverse (>=0.1.5 <=0.1.8.1) +114 more potentially affected by CVE-2024-1561 via gradio (>=1.7.7 <=4.12.0)
gradio PYPI version =1.7.7, =0.3.0, =0.1.5, =0.0.1, =0.8.11, =0.7.0.dev134, =0.1.0rc1, =0.0.0, =0.6.14, =0.7.63 - axolotl =0.5.0 and more Source cves: CVE-2024-1561 Source advisory: OSV:GHSA-G9CJ-CFPP-4G2X...
academic-chatgpt (>=0.3.0 <=0.4.1), agentverse (>=0.1.5 <=0.1.8.1) +112 more potentially affected by CVE-2023-51449 via gradio (>=1.7.7 <=4.10.0)
gradio PYPI version =1.7.7, =0.3.0, =0.1.5, =0.0.1, =0.8.11, =0.7.0.dev134, =0.1.0rc1, =0.0.0, =0.6.14, =0.7.63 - axolotl =0.5.0 and more Source cves: CVE-2023-51449 Source advisory: OSV:PYSEC-2023-249...
Gradio 输入验证错误漏洞
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. An input validation error vulnerability exists in Gradio 3.33.1 and earlier versions, which stems from a lack of path filtering, causing Gradio to not properly restrict...
GHSA-3X5J-9VWR-8RR5 Update share links to use FRP instead of SSH tunneling
Impact This is a vulnerability which affects anyone using Gradio's share links i.e. creating a Gradio app and then setting share=True with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means...
cradle-app (>=0.1.0 <=0.1.1), torchflare (=0.2.4) potentially affected by CVE-2022-24770 via gradio (>=1.7.7 <=2.2.13)
gradio PYPI version =1.7.7, =0.1.0, =0.1.1 - torchflare =0.2.4 Source cves: CVE-2022-24770 Source advisory: OSV:GHSA-F8XQ-Q7PX-WG8C...
cradle-app (>=0.1.0 <=0.1.1), torchflare (=0.2.4) potentially affected by CVE-2021-43831 via gradio (>=1.7.7 <=2.2.13)
gradio PYPI version =1.7.7, =0.1.0, =0.1.1 - torchflare =0.2.4 Source cves: CVE-2021-43831 Source advisory: OSV:GHSA-RHQ2-3VR9-6MCR...