| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28416 | Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing | gradio-app | gradio | High | 8.2 | 2026-02-27 21:47:05 | Deep Dive |
| CVE-2026-28415 | Gradio has Open Redirect in OAuth Flow | gradio-app | gradio | Medium | 4.3 | 2026-02-27 21:44:52 | Deep Dive |
| CVE-2026-28414 | Gradio has Absolute Path Traversal on Windows with Python 3.13+ | gradio-app | gradio | High | 7.5 | 2026-02-27 21:43:28 | Deep Dive |
| CVE-2026-27167 | Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret | gradio-app | gradio | None | 0.0 | 2026-02-27 21:40:58 | Deep Dive |
| CVE-2025-48889 | Gradio Allows Unauthorized File Copy via Path Manipulation | gradio-app | gradio | Medium | 5.3 | 2025-05-30 06:12:33 | Deep Dive |
| CVE-2025-5320 | gradio-app gradio CORS is_valid_origin privilege escalation | gradio-app | gradio | Low | 3.7 | 2025-05-29 13:31:05 | Deep Dive |
| CVE-2024-8021 | Open Redirect in gradio-app/gradio | gradio-app | gradio-app/gradio | 中危 | - | 2025-03-20 10:11:13 | Deep Dive |
| CVE-2024-10648 | Path Traversal in gradio-app/gradio | gradio-app | gradio-app/gradio | 高危 | - | 2025-03-20 10:11:11 | Deep Dive |
| CVE-2024-12217 | Path Traversal in gradio-app/gradio | gradio-app | gradio-app/gradio | 中危 | - | 2025-03-20 10:11:09 | Deep Dive |
| CVE-2024-8966 | Denial of Service in gradio-app/gradio | gradio-app | gradio-app/gradio | 高危 | - | 2025-03-20 10:11:03 | Deep Dive |
| CVE-2024-10569 | Zip Bomb Vulnerability in gradio-app/gradio | gradio-app | gradio-app/gradio | 高危 | - | 2025-03-20 10:10:57 | Deep Dive |
| CVE-2025-0187 | Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio | gradio-app | gradio-app/gradio | 高危 | - | 2025-03-20 10:10:43 | Deep Dive |
| CVE-2024-10624 | Regular Expression Denial of Service (ReDoS) in gradio-app/gradio | gradio-app | gradio-app/gradio | 高危 | - | 2025-03-20 10:10:43 | Deep Dive |
| CVE-2025-23042 | Gradio Blocked Path ACL Bypass Vulnerability | gradio-app | gradio | 中危 | - | 2025-01-14 18:49:16 | Deep Dive |
| CVE-2024-51751 | Arbitrary file read with File and UploadButton components in Gradio | gradio-app | gradio | Medium | 6.5 | 2024-11-06 19:11:39 | Deep Dive |
| CVE-2024-47867 | Lack of integrity check on the downloaded FRP client in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:19:12 | Deep Dive |
| CVE-2024-47868 | Several components’ post-process steps may allow arbitrary file leaks in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:18:02 | Deep Dive |
| CVE-2024-47869 | Non-constant-time comparison when comparing hashes in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:16:11 | Deep Dive |
| CVE-2024-47870 | Race condition in update_root_in_config may redirect user traffic in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:15:06 | Deep Dive |
| CVE-2024-47871 | Insecure communication between the FRP client and server in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:14:01 | Deep Dive |