GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Low
GHSA-26jh-r8g2-6fpr
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Moderate
CVE-2024-47872
was published
for
gradio
(pip)
Oct 10, 2024
Gradio uses insecure communication between the FRP client and server
High
CVE-2024-47871
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has a race condition in update_root_in_config may redirect user traffic
High
CVE-2024-47870
was published
for
gradio
(pip)
Oct 10, 2024
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
Gradio lacks integrity checking on the downloaded FRP client
High
CVE-2024-47867
was published
for
gradio
(pip)
Oct 10, 2024
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Low
CVE-2024-47168
was published
for
gradio
(pip)
Oct 10, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
Gradio has a one-level read path traversal in `/custom_component`
Moderate
CVE-2024-47166
was published
for
gradio
(pip)
Oct 10, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Gradio's `is_in_or_equal` function may be bypassed
Moderate
CVE-2024-47164
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API