Gradio Security Vulnerabilities and Issues — Gradio CVE List

Lucene search

Gradio ProjectGradio

8 matches found

CVE•added 2023/02/23 10:15 p.m.•76 views

CVE-2023-25823

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting share=True), a private SSH key is sent to any u...

9.8CVSS7.3AI score0.00091EPSS

CVE•added 2024/10/10 11:15 p.m.•63 views

CVE-2024-47871

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP (Fast Reverse Proxy) client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

9.1CVSS9.1AI score0.0007EPSS

CVE•added 2024/02/05 11:15 p.m.•60 views

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

9.4CVSS8AI score0.00109EPSS

CVE•added 2023/06/08 12:15 a.m.•59 views

CVE-2023-34239

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in vers...

9.1CVSS8.3AI score0.0021EPSS

CVE•added 2024/06/04 8:15 a.m.•57 views

CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or secre...

9.1CVSS7.7AI score0.01407EPSS

CVE•added 2024/10/10 10:15 p.m.•51 views

CVE-2024-47167

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. ...

9.8CVSS9.4AI score0.00247EPSS

CVE•added 2024/07/01 7:15 p.m.•45 views

CVE-2024-39236

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

9.8CVSS9.6AI score0.0145EPSS

CVE•added 2023/12/14 2:15 p.m.•42 views

CVE-2023-6572

Command Injection in GitHub repository gradio-app/gradio prior to main.

9.6CVSS8.3AI score0.01662EPSS