Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gradio — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in gradio, with AI-generated Chinese analysis, references, and POCs.

Vendor: gradio-app

CVE IDTitleCVSSSeverityPublished
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing CWE-918 8.2 High2026-02-27
CVE-2026-28415 Gradio has Open Redirect in OAuth Flow CWE-200 4.3 Medium2026-02-27
CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+ CWE-36 7.5 High2026-02-27
CVE-2026-27167 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret CWE-798--2026-02-27
CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation CWE-434 5.3 Medium2025-05-30
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation CWE-346 3.7 Low2025-05-29
CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability CWE-285 7.5 -2025-01-14
CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio CWE-22 6.5 Medium2024-11-06
CVE-2024-47867 Lack of integrity check on the downloaded FRP client in Gradio CWE-345 8.8AIHighAI2024-10-10
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio CWE-200 7.5AIHighAI2024-10-10
CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio CWE-203 5.9AIMediumAI2024-10-10
CVE-2024-47870 Race condition in update_root_in_config may redirect user traffic in Gradio CWE-362 5.8AIMediumAI2024-10-10
CVE-2024-47871 Insecure communication between the FRP client and server in Gradio CWE-311 9.1AICriticalAI2024-10-10
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files CWE-79 5.4AIMediumAI2024-10-10
CVE-2024-47084 CORS origin validation is not performed when the request has a cookie in Gradio CWE-285 8.1AIHighAI2024-10-10
CVE-2024-47164 The `is_in_or_equal` function may be bypassed in Gradio CWE-22 7.4AIHighAI2024-10-10
CVE-2024-47165 CORS origin validation accepts the null origin in Gradio CWE-285 6.2AIMediumAI2024-10-10
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio CWE-22 7.5AIHighAI2024-10-10
CVE-2024-47167 SSRF in the path parameter of /queue/join in Gradio CWE-918 9.8AICriticalAI2024-10-10
CVE-2024-47168 The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio CWE-670 7.5AIHighAI2024-10-10
CVE-2023-51449 Make the `/file` secure against file traversal attacks CWE-22 5.6 Medium2023-12-22
CVE-2023-34239 Unfiltered paths in gradio CWE-20 7.3 High2023-06-07
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials CWE-798 5.4 Medium2023-02-23
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging CWE-1236 8.8 High2022-03-17
CVE-2021-43831 Files on the host computer can be accessed from the Gradio interface CWE-22 7.7 High2021-12-15

All 25 known CVE vulnerabilities affecting gradio with full Chinese analysis, references, and POCs where available.