cbcvebase.

Gradio-App Gradio vulnerabilities

26 known vulnerabilities affecting gradio-app/gradio.

Total CVEs
26
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH10MEDIUM9LOW3

Vulnerabilities

Page 2 of 2
CVE-2024-47872P4MEDIUMCVSS 5.4fixed in 5.02024-10-10
CVE-2024-47872 [MEDIUM] CWE-79 CVE-2024-47872: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execu
nvd
CVE-2026-28415P4MEDIUMCVSS 4.7fixed in 6.6.02026-02-27
CVE-2026-28415 [MEDIUM] CWE-200 CVE-2026-28415: Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. ap
nvd
CVE-2024-47168P4MEDIUMCVSS 4.3fixed in 4.442024-10-10
CVE-2024-47168 [MEDIUM] CWE-670 CVE-2024-47168: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /mon
nvd
CVE-2025-5320P4LOWCVSS 3.7v5.29.0v5.29.12025-05-29
CVE-2025-5320 [LOW] CWE-345 CVE-2025-5320: A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This aff A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i
nvd
CVE-2024-47869P4LOWCVSS 3.7fixed in 4.442024-10-10
CVE-2024-47869 [LOW] CWE-203 CVE-2024-47869: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash
nvd
CVE-2026-10783P4LOWCVSS 2.5v6.14.02026-06-04
CVE-2026-10783 [LOW] CWE-327 CVE-2026-10783: A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audi A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is d
nvd
Gradio-App Gradio vulnerabilities | cvebase