A newer version of the Gradio SDK is available:
5.44.0
Security Policy
Reporting a Vulnerability
Types of Security Issues
We actively monitor:
- Code vulnerabilities (RCE, XSS, authentication bypass)
- Dependency risks (critical vulnerabilities in project dependencies, such as requirements.txt, pyproject.toml, or equivalent files)
- Configuration flaws (insecure defaults in deployment scripts)
Disclosure Channels (Choose one):
Encrypted Email
Contact:wangfeng19950315@163.com
Subject format:[SECURITY] ModuleName - Brief DescriptionGitHub Private Report
Use GitHub's "Report a vulnerability" featureReporting Security Issues
Please report security issues using Create new issue: https://github.com/Megvii-BaseDetection/YOLOX/issues/new
Response Process
- Acknowledgement
- Initial response within 48 business hours
- Assessment
- Triage using CVSS v3.1 scoring
- Remediation
- Critical (CVSS ≥9.0): Patch within 7 days
- High (CVSS 7-8.9): Patch within 30 days
- Public Disclosure
- Published via GitHub Advisories
- CVE assignment coordinated with MITRE
Secure Development Practices
- Always verify hashes when downloading dependencies:
sha256sum -c <your-dependency-hash-file>