Gradio Security Vulnerabilities and Issues — Gradio CVE List

Lucene search

Gradio ProjectGradio

8 matches found

CVE•added 2024/10/10 11:15 p.m.•67 views

CVE-2024-47872

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting (XSS) on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users do...

6.9CVSS5.4AI score0.00114EPSS

CVE•added 2024/06/22 6:15 a.m.•65 views

CVE-2024-4940

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. Th...

6.1CVSS5.3AI score0.06052EPSS

CVE•added 2024/04/16 12:15 a.m.•60 views

CVE-2024-1183

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the pre...

6.5CVSS6.3AI score0.60083EPSS

CVE•added 2025/03/20 10:15 a.m.•53 views

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an attacker-cont...

6.1CVSS6.6AI score0.01541EPSS

CVE•added 2024/10/10 10:15 p.m.•47 views

CVE-2024-47164

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the is_in_or_equal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that ...

6.5CVSS6.7AI score0.00203EPSS

CVE•added 2024/10/10 10:15 p.m.•47 views

CVE-2024-47165

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin . When a Gradio server is deployed locally, the localhost_aliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...

6.9CVSS5.4AI score0.0009EPSS

CVE•added 2024/11/04 11:15 p.m.•44 views

CVE-2024-48052

In gradio

6.5CVSS6.4AI score0.001EPSS

CVE•added 2024/11/06 8:15 p.m.•41 views

CVE-2024-51751

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files ...

6.5CVSS6.5AI score0.00075EPSS