If you discover a security vulnerability, we would be very grateful if you could email us at gradio-team@huggingface.co. This is the preferred approach instead of opening a public issue. We take all vulnerability reports seriously, and will work to patch the vulnerability immediately. Whenever possible, we will credit the person or people who report the security vulnerabilities after it has been patched.
Security: gradio-app/gradio
Security
SECURITY.md
-
SSRF in the path parameter of /queue/joinGHSA-576c-3j53-r9jj published
Oct 10, 2024 by abidlabsHigh -
CORS origin validation accepts the null originGHSA-89v2-pqfv-c5r9 published
Oct 10, 2024 by abidlabsHigh -
The `is_in_or_equal` function may be bypassedGHSA-77xq-6g77-h274 published
Oct 10, 2024 by abidlabsLow -
CORS origin validation is not performed when the request has a cookieGHSA-3c67-5hwx-f6wx published
Oct 10, 2024 by abidlabsHigh -
GitHub actions workflows untrusted code executionGHSA-48pj-2428-pp3w published
Sep 25, 2024 by abidlabsCritical -
The ability of 3rd party websites to access routes and upload files to users running Gradio applications locallyGHSA-48cq-79qq-6f7x published
May 20, 2024 by abidlabsHigh -
Ability of users to access arbitrary files on machines hosting the Gradio app that have a publicly accessible Gradio linkGHSA-m842-4qm8-7gpq published
Sep 25, 2024 by abidlabsCritical -
Fix timing attacks to guess password of Gradio appsGHSA-hmx6-r76c-85g9 published
Feb 22, 2024 by abidlabsModerate -
Make the `/file` secure against file traversal attacks and SSRFGHSA-6qm2-wpxq-7qh2 published
Dec 20, 2023 by abidlabsHigh -
Make the `/file` and `/proxy` routes more secureGHSA-3qqg-pgqq-3695 published
Jun 7, 2023 by abidlabsHigh
Learn more about advisories related to gradio-app/gradio in the GitHub Advisory Database