Gradio Vulnerabilities

pip ML UI

AI Threat Alert tracks 56 known vulnerabilities in Gradio, 7 rated critical — an AI/ML ml ui in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
80
Risk Score
56
Total CVEs
7
Critical
pip
Ecosystem
Jul 1, 2026
Last CVE
27%
Patch Rate
107d
Avg Time to Patch
43,015 stars 3,516 forks 252 issues 685 dependents Last push Jun 27, 2026
View on GitHub
OpenSSF Scorecard 5.7/10

Known Vulnerabilities (56 total, page 1 of 3)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-49119 Gradio: path traversal in FileExplorer leaks files 7.5 Jul 1, 2026 LOW CVE-2026-10783 Gradio: weak hash exposes audio cache to local users 2.5 Jun 4, 2026 MEDIUM CVE-2026-48545 Gradio: cookie injection hijacks cross-Space sessions 6.8 May 27, 2026 MEDIUM CVE-2026-6608 FastChat: control flow flaw corrupts arena comparison 5.3 Apr 20, 2026 HIGH CVE-2026-35485 text-generation-webui: unauthenticated path traversal file read 7.5 Apr 7, 2026 MEDIUM GHSA-26jh-r8g2-6fpr Gradio: Dropdown validation bypass enables arbitrary input 5.3 Oct 10, 2024 HIGH CVE-2026-28416 gradio: SSRF allows internal network access 8.6 Feb 27, 2026 MEDIUM CVE-2026-28415 gradio: Info Disclosure leaks sensitive data 4.7 Feb 27, 2026 HIGH CVE-2026-28414 gradio: security flaw enables exploitation 7.5 Feb 27, 2026 MEDIUM CVE-2026-27167 gradio: Weak Credentials allow account compromise 5.9 Feb 27, 2026 HIGH CVE-2025-48889 Gradio: unauthenticated file copy enables disk DoS 7.5 May 30, 2025 LOW CVE-2025-5320 Gradio: CORS origin bypass in ML UI handler 3.7 May 29, 2025 UNKNOWN CVE-2025-0187 Gradio: DoS via oversized upload filename -- Mar 20, 2025 HIGH CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 Mar 20, 2025 MEDIUM CVE-2024-8021 Gradio: open redirect exposes AI demo users to phishing 6.1 Mar 20, 2025 MEDIUM CVE-2024-12217 Gradio: NTFS ADS bypass exposes blocked file paths 5.3 Mar 20, 2025 HIGH CVE-2024-10648 Gradio: path traversal enables arbitrary file deletion DoS 8.2 Mar 20, 2025 HIGH CVE-2024-10624 Gradio: ReDoS in DateTime causes CPU exhaustion DoS 7.5 Mar 20, 2025 HIGH CVE-2024-10569 Gradio: zip bomb DoS via dataframe CSV upload 7.5 Mar 20, 2025 HIGH CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 Jan 14, 2025 MEDIUM CVE-2024-51751 Gradio: path traversal exposes arbitrary server files 6.5 Nov 6, 2024 MEDIUM CVE-2024-48052 Gradio: SSRF in DownloadButton exposes internal resources 6.5 Nov 4, 2024 MEDIUM CVE-2024-47872 Gradio: stored XSS via malicious file upload 5.4 Oct 10, 2024 CRITICAL CVE-2024-47871 Gradio: cleartext MITM exposes ML demo data via share=True 9.1 Oct 10, 2024 HIGH CVE-2024-47870 Gradio: race condition enables backend URL hijacking 8.1 Oct 10, 2024

Showing 1–25 of 56

Frequently asked questions

What is Gradio?

Gradio is an AI/ML ml ui tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Gradio have?

Gradio has 56 known CVEs, 7 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Gradio distributed in?

Gradio is distributed via the pip ecosystem and categorized as ml ui.

Where does the Gradio vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Gradio?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Gradio in your stack

Get instant alerts when new vulnerabilities affect Gradio. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring