Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi gradio Security Advisories

Browse all Security Advisories for pypi gradio

Loading...
Moderate
GSA_kwCzR0hTQS1yaG05LWdwNXAtNTI0OM4ABBBs
Gradio vulnerable to arbitrary file read with File and UploadButton components
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0zZ2Y5LXd2NjUtZ3doOc4ABA9G
gradio Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 16 days ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1tODQyLTRxbTgtN2dwcc4AA_yD
Gradio allows users to access arbitrary files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNmM5LWY0eG0tOWo0eM4AA9S3
Open redirect in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02djZnLWo1ZnEtaHB2d84AA8wb
Local file inclusion in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 6 months ago
High
GSA_kwCzR0hTQS05NzNnLTU1aHAtM2Zyd84AA8wY
Server-Side Request Forgery in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OGNxLTc5cXEtNmY3eM4AA8W1
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zNHJmLXAzcjMtNTh4Ms4AA7wl
Gradio's Component Server does not properly consider` _is_server_fn` for functions
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1nOWNqLWNmcHAtNGcyeM4AA7B5
gradio vulnerable to Path Traversal
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 7 months ago
High
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1yMzY0LW0yajktbWY0aM4AA6Un
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1obXg2LXI3NmMtODVnOc4AA5du
Gradio apps vulnerable to timing attacks to guess password
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1mM2g5LThwaGMtNmd2aM4AA5F4
Gradio Path Traversal vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 10 months ago
High
GSA_kwCzR0hTQS02cW0yLXdweHEtN3FoMs4AA39-
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12NHE5LXFncWYtN2p3cM4AA15s
Gradio arbitrary file upload vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zcXFnLXBncXEtMzY5Nc4AAzxc
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zeDVqLTl2d3ItOHJyNc4AAxyq
Update share links to use FRP instead of SSH tunneling
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mOHhxLXE3cHgtd2c4Y800Kw
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yaHEyLTN2cjktNm1jcs0kJA
Files on the host computer can be accessed from the Gradio interface
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 Django 100 apache-airflow 85 Plone 72 ansible 63 salt 56 apache-superset 51 nova 47 mlflow 46 django 44 rdiffweb 42 plone 41 vyper 38 moin 35 matrix-synapse 35 gradio 34 opencv-python 31 opencv-contrib-python 31 keystone 31 Pillow 31 pillow 26 glance 20 langchain 20 mindsdb 18 cobbler 18 mercurial 18 notebook 17 cryptography 16 paddlepaddle 16 PaddlePaddle 16 neutron 16 pyload-ng 16 OctoPrint 15 calibreweb 15 ethyca-fides 15 aiohttp 14 pyftpdlib 14 lollms 14 modoboa 14 vantage6 13 zenml 12 swift 12 roundup 12 twisted 12 wagtail 12 urllib3 12 trytond 11 onionshare-cli 11 waitress 11 horizon 11 nautobot 10 opencv-python-headless 10 opencv-contrib-python-headless 10 Flask-AppBuilder 10 sentry 10 ryu 9 python-keystoneclient 9 cinder 9 pyspark 9 zope 9 kiwitcms 9 ckan 8 aubio 8 pgadmin4 8 litellm 8 ipython 8 label-studio 8 numpy 8 trac 8 Zope 8 pysaml2 7 inventree 7 pip 7 lief 7 matrix-sydent 7 scrapy 7 jupyter-server 7 Products.CMFPlone 7 Moin 6 tornado 6 lxml 6 web2py 6 mailman 6 requests 6 yt-dlp 6 Zope2 6 tuf 6 graphite-web 6 changedetection.io 6 aim 6 apache-airflow-providers-apache-hive 6 ansible-core 6 mage-ai 6 python-gnupg 5 torchserve 5 dtale 5 jupyterhub 5 saleor 5 nltk 5 feedparser 5 Werkzeug 5 pretix 5 langchain-experimental 5 bleach 5 ait-core 5 lmdb 5 grpc 5 oauthenticator 5 Jinja2 5 whoogle-search 5 paramiko 5 grpcio 5 omero-web 5 werkzeug 5 qutebrowser 4 langchain-community 4 FreeTAKServer-UI 4 wasmtime 4 apache-submarine 4 Pygments 4 bottle 4 reportlab 4 indy-node 4 indico 4 open-webui 4 transformers 4 Keystone 4 dbt-core 4 markdown2 4 langflow 4 onnx 4 PyPDF2 4 httpie 4 keylime 4 pywasm3 4 tripleo-heat-templates 4 Nova 4 nvflare 4 jwcrypto 4 barbican 4 codechecker 4 buildbot 4 Scrapy 4 mobsf 4 Weblate 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 jupyterlab 4 esphome 4 Flask-Security-Too 4 GitPython 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 Radicale 4 streamlit 4 apache-iotdb 4 datasette 3 apache-airflow-providers-apache-spark 3 SQLAlchemy 3 openstack-heat 3 openc3 3 quokka 3 asyncssh 3 mysql-connector-python 3 AccessControl 3 Kallithea 3 io.grpc:grpc-protobuf 3 sosreport 3 httplib2 3 Mezzanine 3 sickrage 3 keyring 3 setuptools 3 wasmtime 3 docassemble.webapp 3 openc3 3 fava 3 certifi 3 Products.PluggableAuthService 3 ecdsa 3 torch 3 Red-DiscordBot 3 anki 3 ray 3 pyyaml 3 apache-libcloud 3 localstack 3 poetry 3 python-jose 3 protobuf 3 sanic 3 gerapy 3 ydata-profiling 3 pycrypto 3 mitmproxy 3 jupyter-server-proxy 3 starlette 3 rsa 3 plone.app.event 3
Filter by Repository
https://github.com/gradio-app/gradio 31