Package impact
PyPI / gradio
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0964 | high | — | 8.0 | 2y ago | A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | |||
| CVE-2026-27167 | unknown | — | — | 3mo ago | Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret | |||
| CVE-2025-48889 | unknown | — | — | 1y ago | Gradio Allows Unauthorized File Copy via Path Manipulation | |||
| CVE-2025-23042 | unknown | — | — | 1y ago | Gradio Blocked Path ACL Bypass Vulnerability | |||
| CVE-2024-51751 | unknown | — | — | 2y ago | Gradio vulnerable to arbitrary file read with File and UploadButton components | |||
| CVE-2024-39236 | unknown | — | — | 2y ago | Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py |