CVE-2025-68467

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

GHSA-WMJH-CPQJ-4V6X Gradio CORS Origin Validation Bypass Vulnerability

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to origin validation error. It is possible to initiate the attack remotely. Th...

Origin Validation Error

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error through the isvalidorigin function. An attacker can manipulate the origin validation by altering the localhostaliases argumen...

CVE-2025-5320

CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...

PT-2025-23161 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app gradio versions up to 5.29.1 Description: A vulnerability has been found in the function is valid origin of the component CORS Handler. The manipulation of the argument localhost aliases leads to an origin validation error. It is...

Gradio 访问控制错误漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. An access control error vulnerability exists in Gradio versions 5.29.1 and earlier, which stems from an incorrect validation of the localhostalias...

SUSE CVE-2024-47165

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...

Origin Validation Error

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error due the localhostaliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can ma...

GHSA-89V2-PQFV-C5R9 Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

Gradio 授权问题漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from an authorization issue vulnerability that stems from the localhostaliases variable containing "null" as a valid source wh...