Gradio-app Gradio
27 CVEs affecting Gradio-app Gradio. Latest disclosed: 2026-06-04. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-24770 | High | 8.8 | 2022-03-17 | `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutra… |
CVE-2026-28416 | High | 8.2 | 2026-02-27 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio al… |
CVE-2021-43831 | High | 7.7 | 2021-12-15 | Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects… |
CVE-2026-28414 | High | 7.5 | 2026-02-27 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to… |
CVE-2023-34239 | High | 7.3 | 2023-06-07 | Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restr… |
CVE-2026-48545 | Medium | 6.8 | 2026-05-27 | Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a sha… |
CVE-2024-51751 | Medium | 6.5 | 2024-11-06 | Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of… |
CVE-2023-51449 | Medium | 5.6 | 2023-12-22 | Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python… |
CVE-2023-25823 | Medium | 5.4 | 2023-02-23 | Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-cod… |
CVE-2025-48889 | Medium | 5.3 | 2025-05-30 | Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python funct… |
CVE-2026-28415 | Medium | 4.3 | 2026-02-27 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accep… |
CVE-2025-5320 | Low | 3.7 | 2025-05-29 | A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Han… |
CVE-2026-10783 | Low | 2.5 | 2026-06-04 | A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Perfor… |
CVE-2026-27167 | Unrated | | 2026-02-27 | Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outs… |
CVE-2025-23042 | | 2025-01-14 | Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python funct… | |
CVE-2024-47867 | | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which… | |
CVE-2024-47868 | | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which… | |
CVE-2024-47869 | | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for t… | |
CVE-2024-47870 | | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` functio… | |
CVE-2024-47871 | | 2024-10-10 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Pr… |