If you discover a security vulnerability, we would be very grateful if you could email us at [email protected]. This is the preferred approach instead of opening a public issue. We take all vulnerability reports seriously, and will work to patch the vulnerability immediately. Whenever possible, we will credit the person or people who report the security vulnerabilities after it has been patched.
Security: gradio-app/gradio
Security
SECURITY.md
-
GitHub actions workflows untrusted code executionGHSA-48pj-2428-pp3w published
Sep 25, 2024 by abidlabsCritical -
The ability of 3rd party websites to access routes and upload files to users running Gradio applications locallyGHSA-48cq-79qq-6f7x published
May 20, 2024 by abidlabsHigh -
Ability of users to access arbitrary files on machines hosting the Gradio app that have a publicly accessible Gradio linkGHSA-m842-4qm8-7gpq published
Sep 25, 2024 by abidlabsCritical -
Fix timing attacks to guess password of Gradio appsGHSA-hmx6-r76c-85g9 published
Feb 22, 2024 by abidlabsModerate -
Make the `/file` secure against file traversal attacks and SSRFGHSA-6qm2-wpxq-7qh2 published
Dec 20, 2023 by abidlabsHigh -
Make the `/file` and `/proxy` routes more secureGHSA-3qqg-pgqq-3695 published
Jun 7, 2023 by abidlabsHigh -
Update share links to use FRP instead of SSH tunnelingGHSA-3x5j-9vwr-8rr5 published
Feb 23, 2023 by abidlabsModerate -
Improper Neutralization of Formula Elements in a CSV File in Gradio FlaggingGHSA-f8xq-q7px-wg8c published
Mar 17, 2022 by abidlabsModerate -
Files on the host computer can be accessed from the Gradio interfaceGHSA-rhq2-3vr9-6mcr published
Dec 15, 2021 by abidlabsHigh
Learn more about advisories related to gradio-app/gradio in the GitHub Advisory Database