CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it allo...