PyPI package
gradio
pkg:pypi/gradio
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6572 | Hig | 8.1 | < 4.14.0 | 4.14.0 | Dec 14, 2023 | Command Injection in GitHub repository gradio-app/gradio prior to main. | |
| CVE-2023-41626 | Med | 4.8 | <= 3.27.0 | — | Sep 15, 2023 | Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. | |
| CVE-2023-34239 | Hig | 7.3 | < 3.34.0 | 3.34.0 | Jun 8, 2023 | Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have bee | |
| CVE-2023-25823 | Med | 5.4 | < 3.13.1 | 3.13.1 | Feb 23, 2023 | Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH | |
| CVE-2022-24770 | Hig | 8.8 | < 2.8.11 | 2.8.11 | Mar 17, 2022 | `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output da | |
| CVE-2021-43831 | Hig | 7.7 | < 2.5.0 | 2.5.0 | Dec 15, 2021 | Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio l |
- affected < 4.14.0fixed 4.14.0
Command Injection in GitHub repository gradio-app/gradio prior to main.
- affected <= 3.27.0
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.
- affected < 3.34.0fixed 3.34.0
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have bee
- affected < 3.13.1fixed 3.13.1
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH
- affected < 2.8.11fixed 2.8.11
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output da
- affected < 2.5.0fixed 2.5.0
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio l
Page 3 of 3