Gradio Trust Management Issue Vulnerability

Gradio is an open source Python library from Gradio Open Source, a way to demonstrate machine learning models through a friendly web interface. A trust management issue vulnerability exists in Gradio versions prior to 4.16.0 through 6.6.0. The vulnerability stems from the automatic enablement of...

CVE-2026-27167

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...

Gradio 信任管理问题漏洞

Gradio is an open source Python library from Gradio Open Source, a way to demonstrate machine learning models through a friendly web interface. A trust management issue vulnerability exists in Gradio versions prior to 4.16.0 through 6.6.0. The vulnerability stems from the automatic enablement of...

PT-2026-22405

Name of the Vulnerable Software and Affected Versions Gradio versions 4.16.0 through 6.5.9 Description Gradio is a Python package for rapid prototyping. Applications running outside of Hugging Face Spaces, versions 4.16.0 through 6.5.9, improperly handle OAuth components like gr.LoginButton...

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...