gradio vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-47166Mediumgradio: Gradio has a one-level read path traversal in `/custom_component`CVE-2024-47165Mediumgradio: Gradio's CORS origin validation accepts the null originCVE-2024-47164Mediumgradio: Gradio's `is_in_or_equal` function may be bypassedCVE-2024-47084Highgradio: Gradios's CORS origin validation is not performed when the request has a cookieCVE-2024-1728Criticalgradio: Gradio allows users to access arbitrary filesCVE-2024-4940Mediumgradio: Open redirect in gradioCVE-2024-4941Highgradio: Local file inclusion in gradioCVE-2024-4325Highgradio: Server-Side Request Forgery in gradioCVE-2024-1727Mediumgradio: Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading…CVE-2024-34510Highgradio: Gradio allows credential leakage on WindowsCVE-2024-34511Mediumgradio: Gradio's Component Server does not properly consider` _is_server_fn` for functionsCVE-2024-1561Highgradio: gradio vulnerable to Path TraversalCVE-2024-1183Mediumgradio: gradio Server-Side Request Forgery vulnerabilityCVE-2024-2206Highgradio: gradio Server-Side Request Forgery vulnerabilityCVE-2024-1729Mediumgradio: Gradio apps vulnerable to timing attacks to guess passwordCVE-2024-0964Highgradio: Gradio Path Traversal vulnerabilityCVE-2023-51449Highgradio: Gradio makes the `/file` secure against file traversal and server-side request forgery attacksCVE-2023-6572Criticalgradio: Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityCVE-2023-41626Mediumgradio: Gradio arbitrary file upload vulnerabilityCVE-2023-34239Mediumgradio: Gradio vulnerable to arbitrary file read and proxying of arbitrary URLsCVE-2023-25823Mediumgradio: Update share links to use FRP instead of SSH tunnelingCVE-2022-24770Highgradio: Improper Neutralization of Formula Elements in a CSV File in Gradio FlaggingCVE-2021-43831Criticalgradio: Files on the host computer can be accessed from the Gradio interface

Stop the waste.
Protect your environment with Kodem.