Gradio_project
AI Threat Alert tracks 47 known AI/ML vulnerabilities affecting Gradio_project products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Gradio_project CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2024-1561 | Gradio: path traversal enables arbitrary file read | gradio | - |
| HIGH | CVE-2024-34510 | Gradio: credential leakage via Windows path encoding bug | gradio | 7.5 |
| CRITICAL | CVE-2024-4253 | Gradio: CI/CD command injection enables secrets exfiltration | gradio | 9.1 |
| UNKNOWN | CVE-2024-4254 | Gradio: secrets exfiltration via unsafe fork PR workflow | gradio | - |
| HIGH | CVE-2024-4325 | Gradio: SSRF exposes internal network and cloud metadata | gradio | 8.6 |
| HIGH | CVE-2024-4941 | Gradio: LFI via JSON path key exposes server files | gradio | 7.5 |
| MEDIUM | CVE-2024-4940 | Gradio: open redirect enables phishing against ML users | gradio | 6.1 |
| CRITICAL | CVE-2024-39236 | Gradio: code injection via component metadata (CVSS 9.8) | gradio | 9.8 |
| HIGH | CVE-2024-47084 | Gradio: CORS bypass exposes local instances to credential theft | gradio | 8.3 |
| MEDIUM | CVE-2024-47164 | Gradio: path traversal bypasses directory access controls | gradio | 6.5 |
| MEDIUM | CVE-2024-47165 | Gradio: CORS null origin bypass leaks auth tokens | gradio | 5.4 |
| MEDIUM | CVE-2024-47166 | Gradio: path traversal leaks custom component source | gradio | 5.3 |
| CRITICAL | CVE-2024-47167 | Gradio: unauthenticated SSRF in /queue/join, internal pivot | gradio | 9.8 |
| MEDIUM | CVE-2024-47168 | Gradio: monitoring endpoint bypass leaks app analytics | gradio | 4.3 |
| HIGH | CVE-2024-47867 | Gradio: no integrity check on FRP binary, supply chain RCE | gradio | 7.5 |
| HIGH | CVE-2024-47868 | Gradio: path traversal leaks arbitrary server files | gradio | 7.5 |
| LOW | CVE-2024-47869 | Gradio: timing attack exposes analytics dashboard auth | gradio | 3.7 |
| HIGH | CVE-2024-47870 | Gradio: race condition enables backend URL hijacking | gradio | 8.1 |
| CRITICAL | CVE-2024-47871 | Gradio: cleartext MITM exposes ML demo data via share=True | gradio | 9.1 |
| MEDIUM | CVE-2024-47872 | Gradio: stored XSS via malicious file upload | gradio | 5.4 |
Frequently asked questions
How many known vulnerabilities affect Gradio_project?
47 AI/ML CVEs affecting Gradio_project products are tracked, sourced from NVD and GitHub Advisory.
What Gradio_project products are affected?
The CVEs below map to the Gradio_project AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Gradio_project vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Gradio_project for new vulnerabilities?
AI Threat Alert tracks Gradio_project continuously; a Pro subscription adds breaking alerts when new CVEs affecting Gradio_project are published.
How do I assess Gradio_project's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Gradio_project issues first and judge the exposure for your stack.