PyPI package
gradio
pkg:pypi/gradio
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28416 | — | < 6.6.0 | 6.6.0 | Feb 27, 2026 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victi | ||
| CVE-2026-28415 | — | < 6.6.0 | 6.6.0 | Feb 27, 2026 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout | ||
| CVE-2026-28414 | — | < 6.7.0 | 6.7.0 | Feb 27, 2026 | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Py | ||
| CVE-2026-27167 | — | >= 4.16.0, < 6.6.0 | 6.6.0 | Feb 27, 2026 | Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are u | ||
| CVE-2025-48889 | — | < 5.31.0 | 5.31.0 | May 30, 2025 | Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated at | ||
| CVE-2025-5320 | Low | 3.7 | >= 5.0.0, <= 5.29.1 | — | May 29, 2025 | A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attac | |
| CVE-2024-12217 | Med | 5.3 | <= 5.0.1 | — | Mar 20, 2025 | A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application | |
| CVE-2024-8021 | — | <= 4.37.2 | — | Mar 20, 2025 | An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect | ||
| CVE-2024-10648 | — | >= 4.0.0, <= 5.0.0b2 | — | Mar 20, 2025 | A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an at | ||
| CVE-2024-8966 | — | <= 5.22.0 | — | Mar 20, 2025 | A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each charac | ||
| CVE-2024-10569 | — | >= 4.0.0, <= 5.0.0b2 | — | Mar 20, 2025 | A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, | ||
| CVE-2024-10624 | — | >= 4.38.0, <= 5.0.0-beta.2 | — | Mar 20, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\s*now\s*(?:-\s*(\d+)\s*([d | ||
| CVE-2025-23042 | — | < 5.11.0 | 5.11.0 | Jan 14, 2025 | Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or d | ||
| CVE-2024-51751 | — | >= 5.0.0, < 5.5.0 | 5.5.0 | Nov 6, 2024 | Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to re | ||
| CVE-2024-48052 | — | <= 4.42.0 | — | Nov 4, 2024 | In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the do | ||
| CVE-2024-47867 | — | < 5.0.0 | 5.0.0 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which | ||
| CVE-2024-47868 | — | < 5.0.0 | 5.0.0 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests | ||
| CVE-2024-47869 | — | < 4.44.0 | 4.44.0 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by m | ||
| CVE-2024-47870 | — | < 5.0.0 | 5.0.0 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiti | ||
| CVE-2024-47871 | — | < 5.0.0 | 5.0.0 | Oct 10, 2024 | Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attac |
- CVE-2026-28416Feb 27, 2026affected < 6.6.0fixed 6.6.0
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victi
- CVE-2026-28415Feb 27, 2026affected < 6.6.0fixed 6.6.0
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout
- CVE-2026-28414Feb 27, 2026affected < 6.7.0fixed 6.7.0
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Py
- CVE-2026-27167Feb 27, 2026affected >= 4.16.0, < 6.6.0fixed 6.6.0
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are u
- CVE-2025-48889May 30, 2025affected < 5.31.0fixed 5.31.0
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated at
- affected >= 5.0.0, <= 5.29.1
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attac
- affected <= 5.0.1
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application
- CVE-2024-8021Mar 20, 2025affected <= 4.37.2
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect
- CVE-2024-10648Mar 20, 2025affected >= 4.0.0, <= 5.0.0b2
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an at
- CVE-2024-8966Mar 20, 2025affected <= 5.22.0
A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each charac
- CVE-2024-10569Mar 20, 2025affected >= 4.0.0, <= 5.0.0b2
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb,
- CVE-2024-10624Mar 20, 2025affected >= 4.38.0, <= 5.0.0-beta.2
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\s*now\s*(?:-\s*(\d+)\s*([d
- CVE-2025-23042Jan 14, 2025affected < 5.11.0fixed 5.11.0
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or d
- CVE-2024-51751Nov 6, 2024affected >= 5.0.0, < 5.5.0fixed 5.5.0
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to re
- CVE-2024-48052Nov 4, 2024affected <= 4.42.0
In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the do
- CVE-2024-47867Oct 10, 2024affected < 5.0.0fixed 5.0.0
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which
- CVE-2024-47868Oct 10, 2024affected < 5.0.0fixed 5.0.0
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests
- CVE-2024-47869Oct 10, 2024affected < 4.44.0fixed 4.44.0
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by m
- CVE-2024-47870Oct 10, 2024affected < 5.0.0fixed 5.0.0
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiti
- CVE-2024-47871Oct 10, 2024affected < 5.0.0fixed 5.0.0
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attac
Page 1 of 3