Vulnerabilidades en gradio-app
48 resultadosCVE-2025-0187HIGHDenial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradioEPSS 0.7%CVE-2024-51751MEDIUMArbitrary file read with File and UploadButton components in GradioEPSS 0.7%CVE-2024-10648HIGHPath Traversal in gradio-app/gradioEPSS 0.7%CVE-2023-34239HIGHUnfiltered paths in gradioEPSS 0.7%CVE-2024-12217MEDIUMPath Traversal in gradio-app/gradioEPSS 0.6%CVE-2024-10569HIGHZip Bomb Vulnerability in gradio-app/gradioEPSS 0.6%CVE-2025-48889MEDIUMGradio Allows Unauthorized File Copy via Path ManipulationEPSS 0.6%CVE-2023-25823MEDIUMGradio contains Use of Hard-coded CredentialsEPSS 0.6%CVE-2024-1729MEDIUMTiming Attack Vulnerability in gradio-app/gradioEPSS 0.5%CVE-2024-47084MEDIUMCORS origin validation is not performed when the request has a cookie in GradioEPSS 0.5%CVE-2024-4254HIGHSecrets Exfiltration in gradio-app/gradioEPSS 0.5%CVE-2024-47167MEDIUMSSRF in the path parameter of /queue/join in GradioEPSS 0.5%CVE-2026-27167NONEGradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session SecretEPSS 0.5%CVE-2024-2206HIGHSSRF Vulnerability in gradio-app/gradioEPSS 0.4%CVE-2024-47166LOWOne-level read path traversal in `/custom_component` in GradioEPSS 0.4%CVE-2024-47870HIGHRace condition in update_root_in_config may redirect user traffic in GradioEPSS 0.4%CVE-2026-48545HIGHGradio < 6.15.0 Cookie Injection via Shared Proxy ClientEPSS 0.4%CVE-2024-1727MEDIUMCSRF Vulnerability in gradio-app/gradioEPSS 0.4%CVE-2024-47168LOWThe `enable_monitoring` flag set to `False` does not disable monitoring in GradioEPSS 0.3%CVE-2026-28416HIGHGradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config ProcessingEPSS 0.3%