If you discover a security vulnerability, we would be very grateful if you could email us at team@gradio.app. This is the preferred approach instead of opening a public issue. We take all vulnerability reports seriously, and will work to patch the vulnerability immediately. Whenever possible, we will credit the person or people who report the security vulnerabilities after it has been patched.
Security: gradio-app/gradio
Security
SECURITY.md
-
Fix timing attacks to guess password of Gradio appsGHSA-hmx6-r76c-85g9 published
Feb 22, 2024 by abidlabsModerate -
Make the `/file` secure against file traversal attacks and SSRFGHSA-6qm2-wpxq-7qh2 published
Dec 20, 2023 by abidlabsHigh -
Make the `/file` and `/proxy` routes more secureGHSA-3qqg-pgqq-3695 published
Jun 7, 2023 by abidlabsHigh -
Update share links to use FRP instead of SSH tunnelingGHSA-3x5j-9vwr-8rr5 published
Feb 23, 2023 by abidlabsModerate -
Improper Neutralization of Formula Elements in a CSV File in Gradio FlaggingGHSA-f8xq-q7px-wg8c published
Mar 17, 2022 by abidlabsModerate -
Files on the host computer can be accessed from the Gradio interfaceGHSA-rhq2-3vr9-6mcr published
Dec 15, 2021 by abidlabsHigh
Learn more about advisories related to gradio-app/gradio in the GitHub Advisory Database