VulnerableCode Package Details - pkg:pypi/gradio@5.25.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-372f-v9bc-tkah Aliases: CVE-2025-5320 GHSA-wmjh-cpqj-4v6x	Gradio CORS Origin Validation Bypass Vulnerability A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	5.30.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bmqt-uegd-hyap Aliases: CVE-2026-28416 GHSA-jmh7-g254-2cq9 PYSEC-2026-66	Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.	6.6.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dsw8-wy3z-53hm Aliases: CVE-2026-28414 GHSA-39mp-8hj3-5c49 PYSEC-2026-64	Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.	6.7.0 Affected by 0 other vulnerabilities.
VCID-j1w9-nvdf-nfbr Aliases: CVE-2026-28415 GHSA-pfjf-5gxr-995x PYSEC-2026-65	Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.	6.6.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-uew9-38g7-bqft Aliases: CVE-2025-48889 GHSA-8jw3-6x8j-v96g PYSEC-2025-119	Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.	5.31.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vaq5-ccvf-kyg6 Aliases: CVE-2026-27167 GHSA-h3h8-3v2v-rg7m PYSEC-2026-63	Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.	6.6.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-372f-v9bc-tkah
Aliases:
CVE-2025-5320
GHSA-wmjh-cpqj-4v6x

Gradio CORS Origin Validation Bypass Vulnerability A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

5.30.0
Affected by 5 other vulnerabilities.

VCID-bmqt-uegd-hyap
Aliases:
CVE-2026-28416
GHSA-jmh7-g254-2cq9
PYSEC-2026-66

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.

6.6.0
Affected by 1 other vulnerability.

VCID-dsw8-wy3z-53hm
Aliases:
CVE-2026-28414
GHSA-39mp-8hj3-5c49
PYSEC-2026-64

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.

6.7.0
Affected by 0 other vulnerabilities.

VCID-j1w9-nvdf-nfbr
Aliases:
CVE-2026-28415
GHSA-pfjf-5gxr-995x
PYSEC-2026-65

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.

6.6.0
Affected by 1 other vulnerability.

VCID-uew9-38g7-bqft
Aliases:
CVE-2025-48889
GHSA-8jw3-6x8j-v96g
PYSEC-2025-119

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.

5.31.0
Affected by 4 other vulnerabilities.

VCID-vaq5-ccvf-kyg6
Aliases:
CVE-2026-27167
GHSA-h3h8-3v2v-rg7m
PYSEC-2026-63

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.

6.6.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T07:07:12.452040+00:00	GitLab Importer	Affected by	VCID-j1w9-nvdf-nfbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2026-28415.yml	38.6.0
2026-06-06T07:07:09.025918+00:00	GitLab Importer	Affected by	VCID-dsw8-wy3z-53hm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2026-28414.yml	38.6.0
2026-06-06T07:07:06.016514+00:00	GitLab Importer	Affected by	VCID-vaq5-ccvf-kyg6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2026-27167.yml	38.6.0
2026-06-06T07:06:56.697375+00:00	GitLab Importer	Affected by	VCID-bmqt-uegd-hyap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2026-28416.yml	38.6.0
2026-06-06T05:51:07.793518+00:00	GitLab Importer	Affected by	VCID-uew9-38g7-bqft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2025-48889.yml	38.6.0
2026-06-06T05:51:03.521338+00:00	GitLab Importer	Affected by	VCID-372f-v9bc-tkah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2025-5320.yml	38.6.0
2026-06-05T17:05:02.495181+00:00	PyPI Importer	Affected by	VCID-bmqt-uegd-hyap	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:05:01.281087+00:00	PyPI Importer	Affected by	VCID-j1w9-nvdf-nfbr	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:04:59.964925+00:00	PyPI Importer	Affected by	VCID-dsw8-wy3z-53hm	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:04:58.659453+00:00	PyPI Importer	Affected by	VCID-vaq5-ccvf-kyg6	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:04:35.063465+00:00	PyPI Importer	Affected by	VCID-uew9-38g7-bqft	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-02T04:24:09.859561+00:00	Pypa Importer	Affected by	VCID-bmqt-uegd-hyap	https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-66.yaml	38.6.0
2026-06-02T04:24:06.995020+00:00	Pypa Importer	Affected by	VCID-j1w9-nvdf-nfbr	https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-65.yaml	38.6.0
2026-06-02T04:24:04.182674+00:00	Pypa Importer	Affected by	VCID-dsw8-wy3z-53hm	https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-64.yaml	38.6.0
2026-06-02T04:24:01.363065+00:00	Pypa Importer	Affected by	VCID-vaq5-ccvf-kyg6	https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-63.yaml	38.6.0
2026-06-02T04:23:06.607915+00:00	Pypa Importer	Affected by	VCID-uew9-38g7-bqft	https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2025-119.yaml	38.6.0