gradio vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-48545Highgradio: Gradio contains a cookie injection vulnerabilityCVE-2026-28416Highgradio: Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config ProcessingCVE-2026-28415Mediumgradio: Gradio has an Open Redirect in its OAuth FlowCVE-2026-28414Highgradio: Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+CVE-2026-27167Lowgradio: Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session SecretCVE-2025-48889Mediumgradio: Gradio Allows Unauthorized File Copy via Path ManipulationCVE-2025-5320Lowgradio: Gradio CORS Origin Validation Bypass VulnerabilityCVE-2024-8966Highgradio: Gradio DOS in multipart boundry while uploading the fileCVE-2024-8021Mediumgradio: Gradio Vulnerable to Open RedirectCVE-2024-12217Mediumgradio: Gradio Path Traversal vulnerabilityCVE-2024-10648Highgradio: Gradio Vulnerable to Arbitrary File DeletionCVE-2024-10624Highgradio: Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP RequestCVE-2024-10569Highgradio: Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip BombCVE-2025-23042Criticalgradio: Gradio Blocked Path ACL Bypass VulnerabilityCVE-2024-51751Mediumgradio: Gradio vulnerable to arbitrary file read with File and UploadButton componentsCVE-2024-48052Mediumgradio: gradio Server Side Request Forgery vulnerabilityGHSA-26JH-R8G2-6FPRLowgradio: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown listCVE-2024-47872Mediumgradio: Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG filesCVE-2024-47871Highgradio: Gradio uses insecure communication between the FRP client and serverCVE-2024-47870Highgradio: Gradio has a race condition in update_root_in_config may redirect user trafficCVE-2024-47869Mediumgradio: Gradio performs a non-constant-time comparison when comparing hashesCVE-2024-47868Mediumgradio: Gradio has several components with post-process steps allow arbitrary file leaksCVE-2024-47867Highgradio: Gradio lacks integrity checking on the downloaded FRP clientCVE-2024-47168Lowgradio: In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoringCVE-2024-47167Mediumgradio: Gradio vulnerable to SSRF in the path parameter of /queue/join

Stop the waste.
Protect your environment with Kodem.