AI Threat Alert

Gradio Vulnerabilities

pip ML UI
80
Risk Score
53
Total CVEs
7
Critical
pip
Ecosystem
Apr 20, 2026
Last CVE
27%
Patch Rate
110d
Avg Time to Patch
42,610 stars 3,470 forks 469 issues 675 dependents Last push May 15, 2026
View on GitHub
OpenSSF Scorecard 5.5/10

Known Vulnerabilities (53 total, page 1 of 3)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-6608 FastChat: control flow flaw corrupts arena comparison 5.3 Apr 20, 2026 HIGH CVE-2026-35485 text-generation-webui: unauthenticated path traversal file read 7.5 Apr 7, 2026 MEDIUM GHSA-26jh-r8g2-6fpr Gradio: Dropdown validation bypass enables arbitrary input 5.3 Oct 10, 2024 HIGH CVE-2026-28416 gradio: SSRF allows internal network access 8.6 Feb 27, 2026 MEDIUM CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 Feb 27, 2026 HIGH CVE-2026-28414 gradio: security flaw enables exploitation 7.5 Feb 27, 2026 MEDIUM CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 Feb 27, 2026 HIGH CVE-2025-48889 Gradio: unauthenticated file copy enables disk DoS 7.5 May 30, 2025 LOW CVE-2025-5320 Gradio: CORS origin bypass in ML UI handler 3.7 May 29, 2025 UNKNOWN CVE-2025-0187 Gradio: DoS via oversized upload filename -- Mar 20, 2025 HIGH CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 Mar 20, 2025 MEDIUM CVE-2024-8021 Gradio: open redirect exposes AI demo users to phishing 6.1 Mar 20, 2025 MEDIUM CVE-2024-12217 Gradio: NTFS ADS bypass exposes blocked file paths 5.3 Mar 20, 2025 HIGH CVE-2024-10648 Gradio: path traversal enables arbitrary file deletion DoS 8.2 Mar 20, 2025 HIGH CVE-2024-10624 Gradio: ReDoS in DateTime causes CPU exhaustion DoS 7.5 Mar 20, 2025 HIGH CVE-2024-10569 Gradio: zip bomb DoS via dataframe CSV upload 7.5 Mar 20, 2025 HIGH CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 Jan 14, 2025 MEDIUM CVE-2024-51751 Gradio: path traversal exposes arbitrary server files 6.5 Nov 6, 2024 MEDIUM CVE-2024-48052 Gradio: SSRF in DownloadButton exposes internal resources 6.5 Nov 4, 2024 MEDIUM CVE-2024-47872 Gradio: stored XSS via malicious file upload 5.4 Oct 10, 2024 CRITICAL CVE-2024-47871 Gradio: cleartext MITM exposes ML demo data via share=True 9.1 Oct 10, 2024 HIGH CVE-2024-47870 Gradio: race condition enables backend URL hijacking 8.1 Oct 10, 2024 LOW CVE-2024-47869 Gradio: timing attack exposes analytics dashboard auth 3.7 Oct 10, 2024 HIGH CVE-2024-47868 Gradio: path traversal leaks arbitrary server files 7.5 Oct 10, 2024 HIGH CVE-2024-47867 Gradio: no integrity check on FRP binary, supply chain RCE 7.5 Oct 10, 2024

Showing 1–25 of 53

Next →

Monitor Gradio in your stack

Get instant alerts when new vulnerabilities affect Gradio. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring