{"version":"5.0.0","scans":[{"id":1,"target_id":5,"status":"done","risk_score":10.0,"findings_count":22,"created_at":"2026-06-24T13:01:46.935893"}],"findings":[{"id":1,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-64","message":"gradio 5.50.0 - PYSEC-2026-64: ### Summary Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system.  ###","triage_status":"open"},{"id":2,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-63","message":"gradio 5.50.0 - PYSEC-2026-63: ## Summary  Gradio applications running outside of Hugging Face Spaces automatically enable \"mocked\" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/hug","triage_status":"open"},{"id":3,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-66","message":"gradio 5.50.0 - PYSEC-2026-66: ### Summary  A Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim a","triage_status":"open"},{"id":4,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-65","message":"gradio 5.50.0 - PYSEC-2026-65: # Summary  The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /","triage_status":"open"},{"id":5,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-63","message":"gradio 5.50.0 - PYSEC-2026-63: Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically ","triage_status":"open"},{"id":6,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-66","message":"gradio 5.50.0 - PYSEC-2026-66: Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP r","triage_status":"open"},{"id":7,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-65","message":"gradio 5.50.0 - PYSEC-2026-65: Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query param","triage_status":"open"},{"id":8,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-64","message":"gradio 5.50.0 - PYSEC-2026-64: Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that en","triage_status":"open"},{"id":9,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-211","message":"gradio 5.50.0 - PYSEC-2026-211: A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of wea","triage_status":"open"},{"id":10,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-165","message":"pillow 11.3.0 - PYSEC-2026-165: If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed.","triage_status":"open"},{"id":11,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-165","message":"pillow 11.3.0 - PYSEC-2026-165: Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer ","triage_status":"open"},{"id":12,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-25990","message":"pillow 11.3.0 - CVE-2026-25990: ### Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.  ### Patches Pillow 12.1.1 will be released shortly with a fix for t","triage_status":"open"},{"id":13,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-40192","message":"pillow 11.3.0 - CVE-2026-40192: ### Impact Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unboun","triage_status":"open"},{"id":14,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-42309","message":"pillow 11.3.0 - CVE-2026-42309: Passing nested lists as coordinates to APIs that accept coordinates such as `ImagePath.Path`, `ImageDraw.ImageDraw.polygon` and `ImageDraw.ImageDraw.line` could cause a heap buffer overflow, as nested","triage_status":"open"},{"id":15,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-42310","message":"pillow 11.3.0 - CVE-2026-42310: ### Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive.  ### Patches Patched version: 12.2.0.  PdfPa","triage_status":"open"},{"id":16,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-42311","message":"pillow 11.3.0 - CVE-2026-42311: ### Impact Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution.  ### Patches Patched version: 12.2.0  Pillow 12.1.1 addressed ","triage_status":"open"},{"id":17,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-161","message":"starlette 0.52.1 - PYSEC-2026-161: Starlette reconstructs the requested URL based on the HTTP Host request header and requested path, but does not perform any validation of the Host header value. This allows attackers to inject paths i","triage_status":"open"},{"id":18,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"PYSEC-2026-161","message":"starlette 0.52.1 - PYSEC-2026-161: ### Summary In affected versions, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `requ","triage_status":"open"},{"id":19,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-48818","message":"starlette 0.52.1 - CVE-2026-48818: ### Summary  When serving static files on Windows, `StaticFiles` resolves the requested path with [`os.path.realpath`](https://docs.python.org/3/library/os.path.html#os.path.realpath). If a UNC path (","triage_status":"open"},{"id":20,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-48817","message":"starlette 0.52.1 - CVE-2026-48817: ### Summary  When dispatching a request, `HTTPEndpoint` selects the handler by lowercasing the HTTP method and looking it up as an attribute with `getattr`, without restricting the lookup to a known s","triage_status":"open"},{"id":21,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-54283","message":"starlette 0.52.1 - CVE-2026-54283: ### Summary `request.form()` accepts `max_fields` and `max_part_size` to bound resource consumption while parsing form data. These limits are enforced for `multipart/form-data`, but silently ignored f","triage_status":"open"},{"id":22,"scan_id":1,"category":"security","severity":"ERROR","tool":"pip-audit","rule":"CVE-2026-54282","message":"starlette 0.52.1 - CVE-2026-54282: ### Summary  In affected versions, the HTTP request path is not validated before being used to reconstruct `request.url`. Because `request.url` is rebuilt by concatenating `{scheme}://{host}{path}` an","triage_status":"open"}]}