gradio 6.4.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Directory Traversal gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal via the `safe_join` function, which uses the `os.path.isabs` function. An attacker can access arbitrary files on the file system. Note: This is only exploitable if the application is running on Windows with Python 3.13 or later. How to fix Directory Traversal? Upgrade `gradio` to version 6.7.0 or higher.	[,6.7.0)
H Server-side Request Forgery (SSRF) gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `gr.load` function. An attacker can access internal services, cloud metadata endpoints, and private networks by injecting a malicious `proxy_url` into the configuration, and convincing a user to load it. How to fix Server-side Request Forgery (SSRF)? Upgrade `gradio` to version 6.6.0 or higher.	[,6.6.0)
H Use of Hard-coded Credentials gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the `login/huggingface` route, which retrieves the server's Hugging Face access token using the `huggingface_hub.get_token()` function and stores it in the visitor's session cookie. An attacker can obtain server credentials by accessing this route, as the session cookie is signed with a hardcoded secret, making it easily decodable. How to fix Use of Hard-coded Credentials? Upgrade `gradio` to version 6.6.0 or higher.	[,6.6.0)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the `_redirect_to_target` function in the OAuth flow, which accepts an unvalidated `_target_url` query parameter. An attacker can redirect users to arbitrary external URLs by supplying a malicious link to the `/logout` or `/login/callback` endpoints when OAuth is enabled. How to fix Open Redirect? Upgrade `gradio` to version 6.6.0 or higher.	[,6.6.0)
M Origin Validation Error gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error through the `is_valid_origin` function. An attacker can manipulate the origin validation by altering the `localhost_aliases` argument. How to fix Origin Validation Error? There is no fixed version for `gradio`.	[0,)
M Path Equivalence gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Path Equivalence due to the `blocked_path()` function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by using NTFS Alternate Data Streams syntax to bypass path restrictions. How to fix Path Equivalence? There is no fixed version for `gradio`.	[0,)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect. The `validate_url()` function can be forced to follow a redirect to an unintended site if the URL is passed to the `file` parameter and includes URL encoding. How to fix Open Redirect? There is no fixed version for `gradio`.	[0,)
H Undefined Behavior for Input to API gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the `dataframe` component. An attacker can cause a server crash and denial of service by uploading a maliciously crafted zip bomb. How to fix Undefined Behavior for Input to API? There is no fixed version for `gradio`.	[4.0.0,)
M Arbitrary Code Injection gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate `pyi`. An attacker can execute arbitrary code by supplying crafted input. Note: This vulnerability is disputed by the maintainer because the report is about a user attacking himself. How to fix Arbitrary Code Injection? There is no fixed version for `gradio`.	[0,)
M Open Redirect gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the `file` parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response. How to fix Open Redirect? There is no fixed version for `gradio`.	[0,)

Vulnerability

Vulnerable Version

Directory Traversal

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Directory Traversal via the safe_join function, which uses the os.path.isabs function. An attacker can access arbitrary files on the file system.

Note: This is only exploitable if the application is running on Windows with Python 3.13 or later.

How to fix Directory Traversal?

Upgrade gradio to version 6.7.0 or higher.

[,6.7.0)

Server-side Request Forgery (SSRF)

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the gr.load function. An attacker can access internal services, cloud metadata endpoints, and private networks by injecting a malicious proxy_url into the configuration, and convincing a user to load it.

How to fix Server-side Request Forgery (SSRF)?

Upgrade gradio to version 6.6.0 or higher.

[,6.6.0)

Use of Hard-coded Credentials

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the login/huggingface route, which retrieves the server's Hugging Face access token using the huggingface_hub.get_token() function and stores it in the visitor's session cookie. An attacker can obtain server credentials by accessing this route, as the session cookie is signed with a hardcoded secret, making it easily decodable.

How to fix Use of Hard-coded Credentials?

Upgrade gradio to version 6.6.0 or higher.

[,6.6.0)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the _redirect_to_target function in the OAuth flow, which accepts an unvalidated _target_url query parameter. An attacker can redirect users to arbitrary external URLs by supplying a malicious link to the /logout or /login/callback endpoints when OAuth is enabled.

How to fix Open Redirect?

Upgrade gradio to version 6.6.0 or higher.

[,6.6.0)

Origin Validation Error

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Origin Validation Error through the is_valid_origin function. An attacker can manipulate the origin validation by altering the localhost_aliases argument.

How to fix Origin Validation Error?

There is no fixed version for gradio.

[0,)

Path Equivalence

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Path Equivalence due to the blocked_path() function only blocking standard pathnames. On Windows systems, an attacker can read unauthorized files by using NTFS Alternate Data Streams syntax to bypass path restrictions.

How to fix Path Equivalence?

There is no fixed version for gradio.

[0,)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect. The validate_url() function can be forced to follow a redirect to an unintended site if the URL is passed to the file parameter and includes URL encoding.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)

Undefined Behavior for Input to API

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Undefined Behavior for Input to API via the dataframe component. An attacker can cause a server crash and denial of service by uploading a maliciously crafted zip bomb.

How to fix Undefined Behavior for Input to API?

There is no fixed version for gradio.

[4.0.0,)

Arbitrary Code Injection

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper check of the input, when users generate pyi. An attacker can execute arbitrary code by supplying crafted input.

Note:

This vulnerability is disputed by the maintainer because the report is about a user attacking himself.

How to fix Arbitrary Code Injection?

There is no fixed version for gradio.

[0,)

Open Redirect

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Open Redirect via the file parameter. An attacker can scan and identify open ports within an internal network by discerning the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

How to fix Open Redirect?

There is no fixed version for gradio.

[0,)

gradio@6.4.0 vulnerabilities

Python library for easily interacting with trained machine learning models

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically