Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2024-47872	Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files	gradio-app	gradio	-	-	2024-10-10 22:12:27	Deep Dive
CVE-2024-47084	CORS origin validation is not performed when the request has a cookie in Gradio	gradio-app	gradio	-	-	2024-10-10 21:53:52	Deep Dive
CVE-2024-47164	The `is_in_or_equal` function may be bypassed in Gradio	gradio-app	gradio	-	-	2024-10-10 21:52:27	Deep Dive
CVE-2024-47165	CORS origin validation accepts the null origin in Gradio	gradio-app	gradio	-	-	2024-10-10 21:50:08	Deep Dive
CVE-2024-47166	One-level read path traversal in `/custom_component` in Gradio	gradio-app	gradio	-	-	2024-10-10 21:48:54	Deep Dive
CVE-2024-47167	SSRF in the path parameter of /queue/join in Gradio	gradio-app	gradio	-	-	2024-10-10 21:47:29	Deep Dive
CVE-2024-47168	The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio	gradio-app	gradio	-	-	2024-10-10 21:44:51	Deep Dive
CVE-2024-4940	Open Redirect in gradio-app/gradio	gradio-app	gradio-app/gradio	中危	-	2024-06-22 05:23:50	Deep Dive
CVE-2024-4325	Server-Side Request Forgery (SSRF) in gradio-app/gradio	gradio-app	gradio-app/gradio	-	-	2024-06-06 17:55:30	Deep Dive
CVE-2024-4941	Local File Inclusion in JSON component in gradio-app/gradio	gradio-app	gradio-app/gradio	-	-	2024-06-06 17:55:12	Deep Dive
CVE-2024-4254	Secrets Exfiltration in gradio-app/gradio	gradio-app	gradio-app/gradio	-	-	2024-06-04 12:01:38	Deep Dive
CVE-2024-4253	Command Injection in gradio-app/gradio	gradio-app	gradio-app/gradio	-	-	2024-06-04 07:30:56	Deep Dive
CVE-2024-1561	Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio	gradio-app	gradio-app/gradio	高危	-	2024-04-16 00:00:16	Deep Dive
CVE-2024-1183	SSRF Vulnerability in gradio-app/gradio	gradio-app	gradio-app/gradio	中危	-	2024-04-16 00:00:14	Deep Dive
CVE-2024-1728	Local File Inclusion in gradio-app/gradio	gradio-app	gradio-app/gradio	-	-	2024-04-10 17:07:56	Deep Dive
CVE-2024-1729	Timing Attack Vulnerability in gradio-app/gradio	gradio-app	gradio-app/gradio	-	-	2024-03-29 04:35:12	Deep Dive
CVE-2024-1540	Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow	gradio-app	gradio-app/gradio	中危	-	2024-03-27 15:54:28	Deep Dive
CVE-2024-2206	SSRF Vulnerability in gradio-app/gradio	gradio-app	gradio-app/gradio	中危	-	2024-03-27 00:00:32	Deep Dive
CVE-2024-1727	CSRF Vulnerability in gradio-app/gradio	gradio-app	gradio-app/gradio	中危	-	2024-03-21 19:57:39	Deep Dive
CVE-2024-0964	LFI in Gradio	gradio-app	gradio-app/gradio	高危	-	2024-02-05 22:53:45	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List