Every CVE whose affected-product data names Gradio Project Gradio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2024-47167 — CVSS 9.8 (critical): Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery…
CVE-2024-39236 — CVSS 9.8 (critical): Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is…
CVE-2024-0964 — CVSS 9.4 (critical): A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
CVE-2024-4253 — CVSS 9.1 (critical): A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The…
CVE-2024-47871 — CVSS 9.1 (critical): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the…
CVE-2022-24770 — CVSS 8.8 (high): `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers…
CVE-2024-4325 — CVSS 8.6 (high): A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join`…
CVE-2024-47084 — CVSS 8.3 (high): Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where…
CVE-2026-28416 — CVSS 8.2 (high): Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF)…
CVE-2024-10648 — CVSS 8.2 (high): A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability…
CVE-2024-1540 — CVSS 8.2 (high): A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper…
CVE-2024-47870 — CVSS 8.1 (high): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the…
CVE-2021-43831 — CVSS 7.7 (high): Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a…
CVE-2024-4941 — CVSS 7.5 (high): A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper…
CVE-2024-10569 — CVSS 7.5 (high): A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses…
CVE-2024-10624 — CVSS 7.5 (high): A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime…
CVE-2024-1561 — CVSS 7.5 (high): An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a…
CVE-2024-1728 — CVSS 7.5 (high): gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the…
CVE-2024-47867 — CVSS 7.5 (high): Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the…
CVE-2024-47868 — CVSS 7.5 (high): Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several…
CVE-2025-0187 — CVSS 7.5 (high): A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is…
CVE-2025-23042 — CVSS 7.5 (high): Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any…
CVE-2026-28414 — CVSS 7.5 (high): Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python…
CVE-2026-49119 — CVSS 7.5 (high): Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated…
CVE-2023-34239 — CVSS 7.3 (high): Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio…
CVE-2024-4254 — CVSS 7.1 (high): The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets…
CVE-2026-48545 — CVSS 6.8 (medium): Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation…
CVE-2024-51751 — CVSS 6.5 (medium): Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components…
CVE-2024-47164 — CVSS 6.5 (medium): Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal…
CVE-2024-2206 — CVSS 6.5 (medium): An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers…
CVE-2024-1183 — CVSS 6.5 (medium): An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify…
CVE-2024-48052 — CVSS 6.5 (medium): In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within…
CVE-2024-4940 — CVSS 6.1 (medium): An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to…
CVE-2024-8021 — CVSS 6.1 (medium): An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to…
CVE-2024-1729 — CVSS 5.9 (medium): A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The…
CVE-2023-51449 — CVSS 5.6 (medium): Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or…
CVE-2024-47165 — CVSS 5.4 (medium): Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a…
CVE-2024-47872 — CVSS 5.4 (medium): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any…
CVE-2023-25823 — CVSS 5.4 (medium): Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1…
CVE-2025-48889 — CVSS 5.3 (medium): Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any…
CVE-2024-47166 — CVSS 5.3 (medium): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in…
CVE-2023-41626 — CVSS 4.8 (medium): Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.
CVE-2026-28415 — CVSS 4.3 (medium): Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in…
CVE-2024-1727 — CVSS 4.3 (medium): A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system…
CVE-2024-47168 — CVSS 4.3 (medium): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the…
CVE-2024-47869 — CVSS 3.7 (low): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio…
CVE-2026-10783 — CVSS 2.5 (low): A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache…
CVE-2026-27167 — CVSS 0.0 (none): Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio…