AI Threat Alert AI Threat Alert

Gradio

pip ML UI
81
Total CVEs
9
Critical
pip
Ecosystem
Feb 27, 2026
Last CVE

Known Vulnerabilities (30+ shown)

Severity CVE ID Summary CVSS Published
MEDIUM GHSA-26jh-r8g2-6fpr Gradio: Dropdown validation bypass enables arbitrary input 5.3 Oct 10, 2024 HIGH CVE-2026-28416 gradio: SSRF allows internal network access 8.6 Feb 27, 2026 HIGH CVE-2026-28416 gradio: SSRF allows internal network access 8.6 Feb 27, 2026 HIGH CVE-2026-28416 gradio: SSRF allows internal network access 8.6 Feb 27, 2026 MEDIUM CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 Feb 27, 2026 MEDIUM CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 Feb 27, 2026 MEDIUM CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 Feb 27, 2026 HIGH CVE-2026-28414 gradio: security flaw enables exploitation 7.5 Feb 27, 2026 HIGH CVE-2026-28414 gradio: security flaw enables exploitation 7.5 Feb 27, 2026 HIGH CVE-2026-28414 gradio: security flaw enables exploitation 7.5 Feb 27, 2026 MEDIUM CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 Feb 27, 2026 MEDIUM CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 Feb 27, 2026 MEDIUM CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 Feb 27, 2026 HIGH CVE-2025-48889 Gradio: unauthenticated file copy enables disk DoS 7.5 May 30, 2025 HIGH CVE-2025-48889 Gradio: unauthenticated file copy enables disk DoS 7.5 May 30, 2025 LOW CVE-2025-5320 Gradio: CORS origin bypass in ML UI handler 3.7 May 29, 2025 UNKNOWN CVE-2025-0187 Gradio: DoS via oversized upload filename -- Mar 20, 2025 HIGH CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 Mar 20, 2025 HIGH CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 Mar 20, 2025 MEDIUM CVE-2024-8021 Gradio: open redirect exposes AI demo users to phishing 6.1 Mar 20, 2025 MEDIUM CVE-2024-8021 Gradio: open redirect exposes AI demo users to phishing 6.1 Mar 20, 2025 MEDIUM CVE-2024-12217 Gradio: NTFS ADS bypass exposes blocked file paths 5.3 Mar 20, 2025 HIGH CVE-2024-10648 Gradio: path traversal enables arbitrary file deletion DoS 8.2 Mar 20, 2025 HIGH CVE-2024-10648 Gradio: path traversal enables arbitrary file deletion DoS 8.2 Mar 20, 2025 HIGH CVE-2024-10624 Gradio: ReDoS in DateTime causes CPU exhaustion DoS 7.5 Mar 20, 2025 HIGH CVE-2024-10624 Gradio: ReDoS in DateTime causes CPU exhaustion DoS 7.5 Mar 20, 2025 HIGH CVE-2024-10569 Gradio: zip bomb DoS via dataframe CSV upload 7.5 Mar 20, 2025 HIGH CVE-2024-10569 Gradio: zip bomb DoS via dataframe CSV upload 7.5 Mar 20, 2025 HIGH CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 Jan 14, 2025 HIGH CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 Jan 14, 2025

Monitor Gradio in your stack

Get instant alerts when new vulnerabilities affect Gradio. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring