Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gradio-app — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting gradio-app. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gradio-app is an open-source Python library designed to simplify the creation of user interfaces for machine learning models, enabling developers to quickly demo and share AI applications. Despite its utility, the project has accumulated 46 recorded Common Vulnerabilities and Exposures (CVEs), reflecting significant security challenges in its rapid development cycle. Historically, these vulnerabilities frequently involve remote code execution (RCE) and cross-site scripting (XSS), often stemming from inadequate input sanitization or improper handling of uploaded files. While privilege escalation is less common, the potential for arbitrary code execution poses severe risks to deployment environments. Notable incidents highlight the dangers of exposing unverified model endpoints, emphasizing the need for rigorous security auditing. Users must implement strict access controls and keep dependencies updated to mitigate these inherent risks associated with the framework’s flexible architecture.

Top products by gradio-app: gradio gradio-app/gradio
CVE IDTitleCVSSSeverityPublished
CVE-2024-4254 Secrets Exfiltration in gradio-app/gradio — gradio-app/gradioCWE-214 6.5AIMediumAI2024-06-04
CVE-2024-4253 Command Injection in gradio-app/gradio — gradio-app/gradioCWE-78 9.8AICriticalAI2024-06-04
CVE-2024-1561 Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio — gradio-app/gradioCWE-29 7.5 -2024-04-16
CVE-2024-1183 SSRF Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-601 5.3 -2024-04-16
CVE-2024-1728 Local File Inclusion in gradio-app/gradio — gradio-app/gradioCWE-22 9.8AICriticalAI2024-04-10
CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-367 5.9AIMediumAI2024-03-29
CVE-2024-1540 Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow — gradio-app/gradioCWE-77 7.5 -2024-03-27
CVE-2024-2206 SSRF Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-918 7.1 -2024-03-27
CVE-2024-1727 CSRF Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-352 7.1 -2024-03-21
CVE-2024-0964 LFI in Gradio — gradio-app/gradioCWE-22 9.8 -2024-02-05
CVE-2023-51449 Make the `/file` secure against file traversal attacks — gradioCWE-22 5.6 Medium2023-12-22
CVE-2023-6572 Command Injection in gradio-app/gradio — gradio-app/gradioCWE-77 7.5AIHighAI2023-12-14
CVE-2023-34239 Unfiltered paths in gradio — gradioCWE-20 7.3 High2023-06-07
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials — gradioCWE-798 5.4 Medium2023-02-23
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging — gradioCWE-1236 8.8 High2022-03-17
CVE-2021-43831 Files on the host computer can be accessed from the Gradio interface — gradioCWE-22 7.7 High2021-12-15

This page lists every published CVE security advisory associated with gradio-app. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.