Gradio Vulnerabilities

pip ML UI

AI Threat Alert tracks 56 known vulnerabilities in Gradio, 7 rated critical — an AI/ML ml ui in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
80
Risk Score
56
Total CVEs
7
Critical
pip
Ecosystem
Jul 1, 2026
Last CVE
27%
Patch Rate
107d
Avg Time to Patch
43,015 stars 3,516 forks 252 issues 685 dependents Last push Jun 27, 2026
View on GitHub
OpenSSF Scorecard 5.7/10

Known Vulnerabilities (56 total, page 2 of 3)

Severity CVE ID Summary CVSS Published
LOW CVE-2024-47869 Gradio: timing attack exposes analytics dashboard auth 3.7 Oct 10, 2024 HIGH CVE-2024-47868 Gradio: path traversal leaks arbitrary server files 7.5 Oct 10, 2024 HIGH CVE-2024-47867 Gradio: no integrity check on FRP binary, supply chain RCE 7.5 Oct 10, 2024 MEDIUM CVE-2024-47168 Gradio: monitoring endpoint bypass leaks app analytics 4.3 Oct 10, 2024 CRITICAL CVE-2024-47167 Gradio: unauthenticated SSRF in /queue/join, internal pivot 9.8 Oct 10, 2024 MEDIUM CVE-2024-47166 Gradio: path traversal leaks custom component source 5.3 Oct 10, 2024 MEDIUM CVE-2024-47165 Gradio: CORS null origin bypass leaks auth tokens 5.4 Oct 10, 2024 MEDIUM CVE-2024-47164 Gradio: path traversal bypasses directory access controls 6.5 Oct 10, 2024 HIGH CVE-2024-47084 Gradio: CORS bypass exposes local instances to credential theft 8.3 Oct 10, 2024 CRITICAL CVE-2024-39236 Gradio: code injection via component metadata (CVSS 9.8) 9.8 Jul 1, 2024 MEDIUM CVE-2024-4940 Gradio: open redirect enables phishing against ML users 6.1 Jun 22, 2024 HIGH CVE-2024-4941 Gradio: LFI via JSON path key exposes server files 7.5 Jun 6, 2024 HIGH CVE-2024-4325 Gradio: SSRF exposes internal network and cloud metadata 8.6 Jun 6, 2024 UNKNOWN CVE-2024-4254 Gradio: secrets exfiltration via unsafe fork PR workflow -- Jun 4, 2024 CRITICAL CVE-2024-4253 Gradio: CI/CD command injection enables secrets exfiltration 9.1 Jun 4, 2024 HIGH CVE-2024-34510 Gradio: credential leakage via Windows path encoding bug 7.5 May 5, 2024 UNKNOWN CVE-2024-1561 Gradio: path traversal enables arbitrary file read -- Apr 16, 2024 UNKNOWN CVE-2024-1183 Gradio: SSRF enables internal network port scanning -- Apr 16, 2024 HIGH CVE-2024-1728 Gradio: path traversal leaks arbitrary files, potential RCE 7.5 Apr 10, 2024 UNKNOWN CVE-2024-1729 Gradio: timing attack enables auth bypass on ML UIs -- Mar 29, 2024 HIGH CVE-2024-1540 Gradio: CI/CD command injection enables secrets exfil 8.2 Mar 27, 2024 MEDIUM CVE-2024-2206 Gradio: SSRF exposes internal HuggingFace endpoints 6.5 Mar 27, 2024 UNKNOWN CVE-2024-1727 Gradio: CSRF enables disk exhaustion via file upload DoS -- Mar 21, 2024 CRITICAL CVE-2024-0964 Gradio: unauthenticated LFI exposes full server filesystem 9.4 Feb 5, 2024 HIGH CVE-2023-51449 Gradio: path traversal grants arbitrary file read 7.5 Dec 22, 2023

Showing 26–50 of 56

Frequently asked questions

What is Gradio?

Gradio is an AI/ML ml ui tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Gradio have?

Gradio has 56 known CVEs, 7 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Gradio distributed in?

Gradio is distributed via the pip ecosystem and categorized as ml ui.

Where does the Gradio vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Gradio?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Gradio in your stack

Get instant alerts when new vulnerabilities affect Gradio. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring