Search for vulnerabilities
| Vulnerability ID | VCID-3cr8-jcqv-pkc6 |
| Aliases |
CVE-2024-51751
GHSA-rhm9-gp5p-5248 PYSEC-2024-275 |
| Summary | Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| cvssv3.1 | 6.5 | https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:22:30.418384+00:00 | Pypa Importer | Import | https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2024-275.yaml | 38.6.0 |