AI Threat Alert

Gradio Vulnerabilities

pip ML UI

80

Risk Score

53

Total CVEs

7

Critical

pip

Ecosystem

Apr 20, 2026

Last CVE

27%

Patch Rate

110d

Avg Time to Patch

42,610 stars 3,470 forks 469 issues 675 dependents Last push May 15, 2026

OpenSSF Scorecard 5.5/10

Known Vulnerabilities (53 total, page 2 of 3)

Severity CVE ID Summary CVSS Published

MEDIUM CVE-2024-47168 Gradio: monitoring endpoint bypass leaks app analytics 4.3 Oct 10, 2024 CRITICAL CVE-2024-47167 Gradio: unauthenticated SSRF in /queue/join, internal pivot 9.8 Oct 10, 2024 MEDIUM CVE-2024-47166 Gradio: path traversal leaks custom component source 5.3 Oct 10, 2024 MEDIUM CVE-2024-47165 Gradio: CORS null origin bypass leaks auth tokens 5.4 Oct 10, 2024 MEDIUM CVE-2024-47164 Gradio: path traversal bypasses directory access controls 6.5 Oct 10, 2024 HIGH CVE-2024-47084 Gradio: CORS bypass exposes local instances to credential theft 8.3 Oct 10, 2024 CRITICAL CVE-2024-39236 Gradio: code injection via component metadata (CVSS 9.8) 9.8 Jul 1, 2024 MEDIUM CVE-2024-4940 Gradio: open redirect enables phishing against ML users 6.1 Jun 22, 2024 HIGH CVE-2024-4941 Gradio: LFI via JSON path key exposes server files 7.5 Jun 6, 2024 HIGH CVE-2024-4325 Gradio: SSRF exposes internal network and cloud metadata 8.6 Jun 6, 2024 UNKNOWN CVE-2024-4254 Gradio: secrets exfiltration via unsafe fork PR workflow -- Jun 4, 2024 CRITICAL CVE-2024-4253 Gradio: CI/CD command injection enables secrets exfiltration 9.1 Jun 4, 2024 HIGH CVE-2024-34510 Gradio: credential leakage via Windows path encoding bug 7.5 May 5, 2024 UNKNOWN CVE-2024-1561 Gradio: path traversal enables arbitrary file read -- Apr 16, 2024 UNKNOWN CVE-2024-1183 Gradio: SSRF enables internal network port scanning -- Apr 16, 2024 HIGH CVE-2024-1728 Gradio: path traversal leaks arbitrary files, potential RCE 7.5 Apr 10, 2024 UNKNOWN CVE-2024-1729 Gradio: timing attack enables auth bypass on ML UIs -- Mar 29, 2024 HIGH CVE-2024-1540 Gradio: CI/CD command injection enables secrets exfil 8.2 Mar 27, 2024 MEDIUM CVE-2024-2206 Gradio: SSRF exposes internal HuggingFace endpoints 6.5 Mar 27, 2024 UNKNOWN CVE-2024-1727 Gradio: CSRF enables disk exhaustion via file upload DoS -- Mar 21, 2024 CRITICAL CVE-2024-0964 Gradio: unauthenticated LFI exposes full server filesystem 9.4 Feb 5, 2024 HIGH CVE-2023-51449 Gradio: path traversal grants arbitrary file read 7.5 Dec 22, 2023 HIGH CVE-2023-6572 Gradio: command injection enables RCE on ML servers 8.1 Dec 14, 2023 MEDIUM CVE-2023-41626 Gradio: arbitrary file upload via /upload endpoint 4.8 Sep 15, 2023 CRITICAL CVE-2023-34239 Gradio: path traversal + SSRF exposes model files & infra 9.1 Jun 8, 2023

Showing 26–50 of 53

← Previous Next →

Monitor Gradio in your stack

Get instant alerts when new vulnerabilities affect Gradio. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring