Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gradio-app — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting gradio-app. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gradio-app is an open-source Python library designed to simplify the creation of user interfaces for machine learning models, enabling developers to quickly demo and share AI applications. Despite its utility, the project has accumulated 46 recorded Common Vulnerabilities and Exposures (CVEs), reflecting significant security challenges in its rapid development cycle. Historically, these vulnerabilities frequently involve remote code execution (RCE) and cross-site scripting (XSS), often stemming from inadequate input sanitization or improper handling of uploaded files. While privilege escalation is less common, the potential for arbitrary code execution poses severe risks to deployment environments. Notable incidents highlight the dangers of exposing unverified model endpoints, emphasizing the need for rigorous security auditing. Users must implement strict access controls and keep dependencies updated to mitigate these inherent risks associated with the framework’s flexible architecture.

Top products by gradio-app: gradio gradio-app/gradio
CVE IDTitleCVSSSeverityPublished
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing — gradioCWE-918 8.2 High2026-02-27
CVE-2026-28415 Gradio has Open Redirect in OAuth Flow — gradioCWE-200 4.3 Medium2026-02-27
CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+ — gradioCWE-36 7.5 High2026-02-27
CVE-2026-27167 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret — gradioCWE-798--2026-02-27
CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation — gradioCWE-434 5.3 Medium2025-05-30
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation — gradioCWE-346 3.7 Low2025-05-29
CVE-2024-8021 Open Redirect in gradio-app/gradio — gradio-app/gradioCWE-601 6.1 -2025-03-20
CVE-2024-10648 Path Traversal in gradio-app/gradio — gradio-app/gradioCWE-29 9.1 -2025-03-20
CVE-2024-12217 Path Traversal in gradio-app/gradio — gradio-app/gradioCWE-22 3.3 -2025-03-20
CVE-2024-8966 Denial of Service in gradio-app/gradio — gradio-app/gradioCWE-770 7.5 -2025-03-20
CVE-2024-10569 Zip Bomb Vulnerability in gradio-app/gradio — gradio-app/gradioCWE-475 7.5 -2025-03-20
CVE-2024-10624 Regular Expression Denial of Service (ReDoS) in gradio-app/gradio — gradio-app/gradioCWE-1333 7.5 -2025-03-20
CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio — gradio-app/gradioCWE-400 7.5 -2025-03-20
CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability — gradioCWE-285 7.5 -2025-01-14
CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio — gradioCWE-22 6.5 Medium2024-11-06
CVE-2024-47867 Lack of integrity check on the downloaded FRP client in Gradio — gradioCWE-345 8.8AIHighAI2024-10-10
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio — gradioCWE-200 7.5AIHighAI2024-10-10
CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio — gradioCWE-203 5.9AIMediumAI2024-10-10
CVE-2024-47870 Race condition in update_root_in_config may redirect user traffic in Gradio — gradioCWE-362 5.8AIMediumAI2024-10-10
CVE-2024-47871 Insecure communication between the FRP client and server in Gradio — gradioCWE-311 9.1AICriticalAI2024-10-10
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files — gradioCWE-79 5.4AIMediumAI2024-10-10
CVE-2024-47084 CORS origin validation is not performed when the request has a cookie in Gradio — gradioCWE-285 8.1AIHighAI2024-10-10
CVE-2024-47164 The `is_in_or_equal` function may be bypassed in Gradio — gradioCWE-22 7.4AIHighAI2024-10-10
CVE-2024-47165 CORS origin validation accepts the null origin in Gradio — gradioCWE-285 6.2AIMediumAI2024-10-10
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio — gradioCWE-22 7.5AIHighAI2024-10-10
CVE-2024-47167 SSRF in the path parameter of /queue/join in Gradio — gradioCWE-918 9.8AICriticalAI2024-10-10
CVE-2024-47168 The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio — gradioCWE-670 7.5AIHighAI2024-10-10
CVE-2024-4940 Open Redirect in gradio-app/gradio — gradio-app/gradioCWE-601 6.1 -2024-06-22
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio — gradio-app/gradioCWE-918 7.5AIHighAI2024-06-06
CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio — gradio-app/gradioCWE-22 7.5AIHighAI2024-06-06

This page lists every published CVE security advisory associated with gradio-app. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.