Gradio_project

47 AI/ML vulnerabilities tracked for Gradio_project.

Total CVEs

Pages

Page 1 of 3

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2026-27167	gradio: Weak Credentials allow account compromise	gradio	5.9
HIGH	CVE-2026-28414	gradio: security flaw enables exploitation	gradio	7.5
MEDIUM	CVE-2026-28415	gradio: Info Disclosure leaks sensitive data	gradio	4.7
HIGH	CVE-2026-28416	gradio: SSRF allows internal network access	gradio	8.6
HIGH	CVE-2021-43831	Gradio: path traversal exposes host filesystem to users	gradio	7.7
HIGH	CVE-2022-24770	Gradio: CSV formula injection via flagging enables RCE	gradio	8.8
CRITICAL	CVE-2023-25823	Gradio: hardcoded SSH key leaks via share=True demos	gradio	9.8
CRITICAL	CVE-2023-34239	Gradio: path traversal + SSRF exposes model files & infra	gradio	9.1
HIGH	CVE-2023-51449	Gradio: path traversal grants arbitrary file read	gradio	7.5
HIGH	CVE-2025-23042	Gradio: ACL bypass via path case manipulation	gradio	7.5
HIGH	CVE-2025-48889	Gradio: unauthenticated file copy enables disk DoS	gradio	7.5
MEDIUM	CVE-2023-41626	Gradio: arbitrary file upload via /upload endpoint	gradio	4.8
HIGH	CVE-2023-6572	Gradio: command injection enables RCE on ML servers	gradio	8.1
CRITICAL	CVE-2024-0964	Gradio: unauthenticated LFI exposes full server filesystem	gradio	9.4
UNKNOWN	CVE-2024-1727	Gradio: CSRF enables disk exhaustion via file upload DoS	gradio	-
MEDIUM	CVE-2024-2206	Gradio: SSRF exposes internal HuggingFace endpoints	gradio	6.5
HIGH	CVE-2024-1540	Gradio: CI/CD command injection enables secrets exfil	gradio	8.2
UNKNOWN	CVE-2024-1729	Gradio: timing attack enables auth bypass on ML UIs	gradio	-
HIGH	CVE-2024-1728	Gradio: path traversal leaks arbitrary files, potential RCE	gradio	7.5
UNKNOWN	CVE-2024-1183	Gradio: SSRF enables internal network port scanning	gradio	-

Page 1 of 3

Gradio_project

Weekly CISO Take + top threats