VYPR
Vendor

Gradio App

Products
1
CVEs
48
Across products
49
Status
Private

Products

1

Recent CVEs

48
View all 48 CVEs →
  • CVE-2024-0964CriFeb 5, 2024
    risk 0.54cvss 9.4epss 0.01

    A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

  • CVE-2022-24770HigMar 17, 2022
    risk 0.50cvss 8.8epss 0.01

    `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output…

  • CVE-2023-6572HigDec 14, 2023
    risk 0.46cvss 8.1epss 0.02

    Command Injection in GitHub repository gradio-app/gradio prior to main.

  • CVE-2021-43831HigDec 15, 2021
    risk 0.43cvss 7.7epss 0.04

    Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio…

  • CVE-2023-34239HigJun 8, 2023
    risk 0.41cvss 7.3epss 0.01

    Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have…

  • CVE-2026-48545MedMay 27, 2026
    risk 0.37cvss 6.8epss 0.00

    Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can…

  • CVE-2023-25823MedFeb 23, 2023
    risk 0.35cvss 5.4epss 0.01

    Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private…

  • CVE-2024-12217MedMar 20, 2025
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blocked_path functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application…

  • CVE-2023-51449MedDec 22, 2023
    risk 0.30cvss 5.6epss 0.02

    Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them…

  • CVE-2025-5320LowMay 29, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the…

  • CVE-2026-10783LowJun 4, 2026
    risk 0.09cvss 2.5epss 0.00

    A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is…

  • CVE-2024-4940Jun 22, 2024
    risk 0.01cvss epss 0.01

    An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery…

  • CVE-2026-28416Feb 27, 2026
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a…

  • CVE-2026-28415Feb 27, 2026
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout…

  • CVE-2026-28414Feb 27, 2026
    risk 0.00cvss epss 0.03

    Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system.…

  • CVE-2026-27167Feb 27, 2026
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are…

  • CVE-2025-48889May 30, 2025
    risk 0.00cvss epss 0.01

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated…

  • CVE-2024-8021Mar 20, 2025
    risk 0.00cvss epss 0.01

    An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect…

  • CVE-2024-10648Mar 20, 2025
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an…

  • CVE-2024-8966Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each…