Gradio Project Gradio vulnerabilities
52 known vulnerabilities affecting gradio_project/gradio.
Total CVEs
52
CISA KEV
0
Public exploits
9
Exploited in wild
3
Severity breakdown
CRITICAL6HIGH24MEDIUM19LOW3
Vulnerabilities
Page 2 of 3
CVE-2022-24770P3HIGHCVSS 8.8fixed in 2.8.112022-03-17
CVE-2022-24770 [HIGH] CWE-1236 CVE-2022-24770: `gradio` is an open source framework for building interactive machine learning models and demos. Pri
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to
ghsanvdosv
CVE-2024-47084P3HIGHCVSS 8.3fixed in 4.44.02024-10-10
CVE-2024-47084 [HIGH] CWE-285 CVE-2024-47084: Gradio is an open-source Python package designed for quick prototyping. This vulnerability is relate
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, st
ghsanvdosv
CVE-2024-47868P3HIGHCVSS 7.5fixed in 5.0.02024-10-10
CVE-2024-47868 [HIGH] CWE-200 CVE-2024-47868: Gradio is an open-source Python package designed for quick prototyping. This is a **data validation
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitiv
ghsanvdosv
CVE-2025-48889P3HIGHCVSS 7.5≥ 5.25.2, < 5.31.02025-05-30
CVE-2025-48889 [HIGH] CWE-434 CVE-2025-48889: Gradio is an open-source Python package that allows quick building of demos and web application for
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While atta
ghsanvdosv
CVE-2025-23042P3HIGHCVSS 7.5fixed in 5.6.02025-01-14
CVE-2025-23042 [HIGH] CWE-285 CVE-2025-23042: Gradio is an open-source Python package that allows quick building of demos and web application for
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normaliza
ghsanvdosv
CVE-2024-10648P3HIGHCVSS 8.2v2024-09-182025-03-20
CVE-2024-10648 [HIGH] CWE-29 CVE-2024-10648: A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of vers
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (D
ghsanvdosv
CVE-2024-47867P3HIGHCVSS 7.5fixed in 5.0.02024-10-10
CVE-2024-47867 [HIGH] CWE-345 CVE-2024-47867: Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **la
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detect
ghsanvdosv
CVE-2024-4941P3HIGHCVSS 7.5fixed in 4.31.42024-06-06
CVE-2024-4941 [HIGH] CWE-22 CVE-2024-4941: A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25.
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a `path` key, the specified file is
ghsanvdosv
CVE-2024-10624P3HIGHCVSS 7.5v2024-09-182025-03-20
CVE-2024-10624 [HIGH] CWE-1333 CVE-2024-10624: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio reposit
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression `^(?:\s*now\s*(?:-\s*(\d+)\s*([dmhs]))?)?\s*$` to process user input. In Python's default regex engine,
ghsanvdosv
CVE-2024-34510P3HIGHCVSS 7.5fixed in 4.20.02024-05-05
CVE-2024-34510 [HIGH] CWE-116 CVE-2024-34510: Gradio before 4.20 allows credential leakage on Windows.
Gradio before 4.20 allows credential leakage on Windows.
ghsanvdosv
CVE-2025-0187P3HIGHCVSS 7.5v0.39.12025-03-20
CVE-2025-0187 [HIGH] CWE-400 CVE-2025-0187: A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/grad
A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailabi
nvd
CVE-2024-51751P3MEDIUMCVSS 6.5≥ 5.0.0, < 5.5.02024-11-06
CVE-2024-51751 [MEDIUM] CWE-22 CVE-2024-51751: Gradio is an open-source Python package designed to enable quick builds of a demo or web application
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addr
ghsanvdosv
CVE-2024-10569P3HIGHCVSS 7.5v2024-09-182025-03-20
CVE-2024-10569 [HIGH] CWE-475 CVE-2024-10569: A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a z
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.
ghsanvdosv
CVE-2024-2206P3MEDIUMCVSS 6.5≥ 3.47.1, < 4.18.02024-03-27
CVE-2024-2206 [MEDIUM] CWE-918 CVE-2024-2206: An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplie
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This
ghsanvdosv
CVE-2026-27167P3MEDIUMCVSS 5.9≥ 4.16.0, < 6.6.02026-02-27
CVE-2026-27167 [MEDIUM] CWE-522 CVE-2026-27167: Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 a
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its
ghsanvdosv
CVE-2026-48545P3MEDIUMCVSS 6.8fixed in 6.15.02026-05-27
CVE-2026-48545 [MEDIUM] CWE-384 CVE-2026-48545: Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automati
nvd
CVE-2024-47164P3MEDIUMCVSS 6.5fixed in 5.0.02024-10-10
CVE-2024-47164 [MEDIUM] CWE-22 CVE-2024-47164: Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates t
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent direct
ghsanvdosv
CVE-2024-48052P3MEDIUMCVSS 6.5≤ 4.42.02024-11-04
CVE-2024-48052 [MEDIUM] CWE-918 CVE-2024-48052: In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) v
In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.
ghsanvdosv
CVE-2024-1729P3MEDIUMCVSS 5.9≥ 4.18.0, < 4.19.22024-03-29
CVE-2024-1729 [MEDIUM] CWE-367 CVE-2024-1729: A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the lo
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation
ghsanvdosv
CVE-2024-8966P3HIGH≥ 0, ≤ 5.22.02025-03-20
CVE-2024-8966 [HIGH] CWE-400 Gradio DOS in multipart boundry while uploading the file
Gradio DOS in multipart boundry while uploading the file
A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended per
ghsaosv