| CVE-2024-0964 |
high |
— |
8.0 |
|
|
|
2y ago |
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. |
| CVE-2026-28416 |
unknown |
— |
— |
|
|
|
3mo ago |
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP … |
| CVE-2026-28415 |
unknown |
— |
— |
|
|
|
3mo ago |
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query para… |
| CVE-2026-28414 |
unknown |
— |
— |
|
|
|
3mo ago |
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that e… |
| CVE-2026-27167 |
unknown |
— |
— |
|
|
|
3mo ago |
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically… |
| CVE-2025-48889 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitra… |
| CVE-2025-5320 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio CORS Origin Validation Bypass Vulnerability |
| CVE-2024-8966 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio DOS in multipart boundry while uploading the file |
| CVE-2024-8021 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio Vulnerable to Open Redirect |
| CVE-2024-12217 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio Path Traversal vulnerability |
| CVE-2024-10624 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request |
| CVE-2024-10648 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio Vulnerable to Arbitrary File Deletion |
| CVE-2024-10569 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb |
| CVE-2025-23042 |
unknown |
— |
— |
|
|
|
1y ago |
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) … |
| CVE-2024-51751 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file conte… |
| CVE-2024-48052 |
unknown |
— |
— |
|
|
|
2y ago |
gradio Server Side Request Forgery vulnerability |
| CVE-2024-47872 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users c… |
| CVE-2024-47871 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `sh… |
| CVE-2024-47870 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `r… |
| CVE-2024-47869 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since… |
| CVE-2024-47868 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the … |
| CVE-2024-47867 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to in… |
| CVE-2024-47168 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False… |
| CVE-2024-47167 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to… |
| CVE-2024-47166 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this… |
| CVE-2024-47165 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the… |
| CVE-2024-47164 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function,… |
| CVE-2024-47084 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when … |
| CVE-2024-39236 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes t… |
| CVE-2024-4940 |
unknown |
— |
— |
|
|
|
2y ago |
Open redirect in gradio |
| CVE-2024-4941 |
unknown |
— |
— |
|
|
|
2y ago |
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gr… |
| CVE-2024-4325 |
unknown |
— |
— |
|
|
|
2y ago |
Server-Side Request Forgery in gradio |
| CVE-2024-1727 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files |
| CVE-2024-34510 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio before 4.20 allows credential leakage on Windows. |
| CVE-2024-34511 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio's Component Server does not properly consider` _is_server_fn` for functions |
| CVE-2024-1561 |
unknown |
— |
— |
|
|
|
2y ago |
gradio vulnerable to Path Traversal |
| CVE-2024-1183 |
unknown |
— |
— |
|
|
|
2y ago |
gradio Server-Side Request Forgery vulnerability |
| CVE-2024-1728 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio allows users to access arbitrary files |
| CVE-2024-2206 |
unknown |
— |
— |
|
|
|
2y ago |
gradio Server-Side Request Forgery vulnerability |
| CVE-2024-1729 |
unknown |
— |
— |
|
|
|
2y ago |
Gradio apps vulnerable to timing attacks to guess password |
| CVE-2023-51449 |
unknown |
— |
— |
|
|
|
3y ago |
Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to… |
| CVE-2023-6572 |
unknown |
— |
— |
|
|
|
3y ago |
Command Injection in GitHub repository gradio-app/gradio prior to main. |
| CVE-2023-41626 |
unknown |
— |
— |
|
|
|
3y ago |
Gradio arbitrary file upload vulnerability |
| CVE-2023-34239 |
unknown |
— |
— |
|
|
|
3y ago |
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally G… |
| CVE-2023-25823 |
unknown |
— |
— |
|
|
|
3y ago |
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's shar… |
| CVE-2022-24770 |
unknown |
— |
— |
|
|
|
4y ago |
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV Fi… |
| CVE-2021-43831 |
unknown |
— |
— |
|
|
|
4y ago |
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares … |
