Vulnerabilities
CVE-2024-34510
CVE-2024-34510
CVE-2024-0964
CVE-2024-0964
CVE-2024-4941
CVE-2024-4941
CVE-2023-6572
CVE-2023-6572
CVE-2026-28415
Gradio has an Open Redirect in its OAuth Flow
CVE-2026-28416
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
CVE-2026-28414
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
CVE-2024-39236
Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
CVE-2025-48889
Gradio Allows Unauthorized File Copy via Path Manipulation
CVE-2025-23042
Gradio Blocked Path ACL Bypass Vulnerability
CVE-2024-51751
Gradio vulnerable to arbitrary file read with File and UploadButton components
CVE-2026-27167
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
CVE-2024-39236
CVE-2024-39236
CVE-2026-28416
CVE-2026-28416
CVE-2026-28415
CVE-2026-28415
CVE-2026-28414
CVE-2026-28414
CVE-2026-27167
CVE-2026-27167
CVE-2025-48889
CVE-2025-48889
CVE-2025-23042
CVE-2025-23042
CVE-2024-51751
CVE-2024-51751
CVE-2024-0964
Gradio Path Traversal vulnerability
CVE-2021-43831
Files on the host computer can be accessed from the Gradio interface
CVE-2024-1728
Gradio allows users to access arbitrary files
CVE-2024-1728
Duplicate Advisory: Gradio Local File Inclusion vulnerability
CVE-2024-8966
Gradio DOS in multipart boundry while uploading the file
CVE-2024-10624
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
CVE-2024-4941
Local file inclusion in gradio
CVE-2024-34510
Gradio allows credential leakage on Windows
CVE-2025-5320
Gradio CORS Origin Validation Bypass Vulnerability
CVE-2024-8021
Gradio Vulnerable to Open Redirect
CVE-2024-12217
Gradio Path Traversal vulnerability
CVE-2024-10648
Gradio Vulnerable to Arbitrary File Deletion
CVE-2024-10569
Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb
CVE-2023-34239
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
CVE-2024-47869
Gradio performs a non-constant-time comparison when comparing hashes
CVE-2024-47167
Gradio vulnerable to SSRF in the path parameter of /queue/join
CVE-2024-47168
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
CVE-2024-47164
Gradio's `is_in_or_equal` function may be bypassed
CVE-2024-47084
Gradios's CORS origin validation is not performed when the request has a cookie
CVE-2024-47165
Gradio's CORS origin validation accepts the null origin
CVE-2024-47166
Gradio has a one-level read path traversal in `/custom_component`
CVE-2024-47868
Gradio has several components with post-process steps allow arbitrary file leaks
CVE-2024-47867
Gradio lacks integrity checking on the downloaded FRP client
CVE-2024-47872
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
CVE-2024-47871
Gradio uses insecure communication between the FRP client and server
CVE-2024-47870
Gradio has a race condition in update_root_in_config may redirect user traffic
CVE-2024-47871
CVE-2024-47871
CVE-2024-47868
CVE-2024-47868
CVE-2024-47870
CVE-2024-47870
CVE-2024-47165
CVE-2024-47165
CVE-2024-47872
CVE-2024-47872
CVE-2024-47164
CVE-2024-47164
CVE-2024-47867
CVE-2024-47867
CVE-2024-47167
CVE-2024-47167
CVE-2024-47166
CVE-2024-47166
CVE-2024-47869
CVE-2024-47869
CVE-2024-47084
CVE-2024-47084
CVE-2024-47168
CVE-2024-47168
GHSA-3x9g-xfj5-fq84
Duplicate Advisory: Cross-Site Request Forgery in Gradio
GHSA-26jh-r8g2-6fpr
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
CVE-2024-34511
Gradio's Component Server does not properly consider` _is_server_fn` for functions
CVE-2024-48052
gradio Server Side Request Forgery vulnerability
CVE-2023-25823
Update share links to use FRP instead of SSH tunneling
CVE-2024-4940
Open redirect in gradio
CVE-2024-4325
Server-Side Request Forgery in gradio
CVE-2024-1727
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
CVE-2024-1561
gradio vulnerable to Path Traversal
CVE-2024-1183
gradio Server-Side Request Forgery vulnerability
GHSA-xcgp-r7r8-2hc9
Gradio's CI vulnerable to Command Injection
CVE-2024-2206
gradio Server-Side Request Forgery vulnerability
CVE-2024-1729
Gradio apps vulnerable to timing attacks to guess password
CVE-2023-6572
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2023-51449
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
CVE-2023-41626
Gradio arbitrary file upload vulnerability
CVE-2023-51449
CVE-2023-51449
CVE-2023-34239
CVE-2023-34239
CVE-2023-25823
CVE-2023-25823
CVE-2022-24770
CVE-2022-24770
CVE-2022-24770
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
CVE-2021-43831
CVE-2021-43831
Ready to move
Start Securing
Free, no credit card | First findings in minutes