GHSA-26jh-r8g2-6fpr: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

GHSA-gvv6-33j7-884g: Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

GHSA-279j-x4gx-hfrh: Gradio uses insecure communication between the FRP client and server

GHSA-xh2x-3mrm-fwqm: Gradio has a race condition in update_root_in_config may redirect user traffic

GHSA-j757-pf57-f8r4: Gradio performs a non-constant-time comparison when comparing hashes

DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.

**Cross-site Scripting in DOMSanitizer**

Moderate severity GitHub Reviewed Published Nov 23, 2023 to the GitHub Advisory Database • Updated Nov 23, 2023

Headline

GHSA-2ghm-r75j-pjx2: Cross-site Scripting in DOMSanitizer

Related news

ghsa: Latest News