CVE-2026-28416

< 6.6.0

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSR

8.2HIGH

CVE-2026-28415

< 6.6.0

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function

4.3MEDIUM

CVE-2026-28414

< 6.7.0

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with P

7.5HIGH

CVE-2026-27167

>= 4.16.0 and < 6.6.0

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gra

NONE

CVE-2025-48889

>= 5.25.2 and < 5.31.0

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API,

5.3MEDIUM

CVE-2025-0187

all versions

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnera

7.5HIGH

CVE-2024-8966

all versions

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS)

7.5HIGH

CVE-2024-8021

all versions

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect

6.1MEDIUM

CVE-2024-10648

all versions

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerab

8.2HIGH

CVE-2024-10624

all versions

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime

7.5HIGH

CVE-2024-10569

all versions

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component

7.5HIGH

CVE-2025-23042

< 5.6.0

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API,

7.5HIGH

CVE-2024-51751

>= 5.0.0 and < 5.5.0

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton comp

6.5MEDIUM

CVE-2024-48052

<= 4.42.0

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is th

6.5MEDIUM

CVE-2024-47872

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting (XSS)

5.4MEDIUM

CVE-2024-47871

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication bet

9.1CRITICAL

CVE-2024-47870

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the `u

8.1HIGH

CVE-2024-47869

< 4.44.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way

3.7LOW

CVE-2024-47868

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting seve

7.5HIGH

CVE-2024-47867

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the

7.5HIGH

CVE-2024-47168

< 4.44.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enabl

4.3MEDIUM

CVE-2024-47167

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forger

9.8CRITICAL

CVE-2024-47166

< 4.44.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traver

5.3MEDIUM

CVE-2024-47165

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation acc

5.4MEDIUM

CVE-2024-47164

< 5.0.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory tr

6.5MEDIUM

CVE-2024-47084

< 4.44.0

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to *CORS origin validation

8.3HIGH

CVE-2024-39236

all versions

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerab

9.8CRITICAL

CVE-2024-4940

all versions

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker

6.1MEDIUM

CVE-2024-4941

< 4.31.4

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from

7.5HIGH

CVE-2024-4325

< 4.41.0

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue

8.6HIGH

CVE-2024-4254

all versions

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets

7.1HIGH

CVE-2024-4253

< 4.29.0

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workfl

9.1CRITICAL

CVE-2024-34510

< 4.20.0

Gradio before 4.20 allows credential leakage on Windows.

7.5HIGH

CVE-2024-1561

>= 4.12.0 and < 4.13.0

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any metho

7.5HIGH

CVE-2024-1183

>= 3.41.0 and < 4.11.0

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and ide

6.5MEDIUM

CVE-2024-1728

>= 4.18.0 and < 4.19.2

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the U

7.5HIGH

CVE-2024-1729

>= 4.18.0 and < 4.19.2

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The

5.9MEDIUM

CVE-2024-1540

< 2024-02-09

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improp

8.2HIGH

CVE-2024-2206

>= 3.47.1 and < 4.18.0

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route.

6.5MEDIUM

CVE-2024-1727

>= 4.16.0 and < 4.19.2

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim

4.3MEDIUM

CVE-2024-0964

all versions

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

9.4CRITICAL

CVE-2023-51449

< 4.11.0

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model

5.6MEDIUM

CVE-2023-6572

< 4.14.0

Command Injection in GitHub repository gradio-app/gradio prior to main.

8.1HIGH

CVE-2023-41626

all versions

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.

4.8MEDIUM

CVE-2023-34239

< 3.34.0

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering G

7.3HIGH

CVE-2023-25823

< 3.13.1

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3

5.4MEDIUM

CVE-2022-24770

< 2.8.11

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio

8.8HIGH

CVE-2021-43831

< 2.5.0

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is

7.7HIGH