Gradio
This hub aggregates every CVE we track for Gradio, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
51
CVEs tracked
5
Critical
23
High
0
In CISA KEV
Severity distribution
HIGH23MEDIUM20CRITICAL5LOW3
Monthly trend
1
0
0
12
2
0
1
0
7
0
2
0
0
0
0
0
0
0
0
3
0
0
1
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Gradio.
- CVE-2026-10783gradio-app gradio Audio Cache Key save_audio_to_cache weak hash2.5
- CVE-2026-48545Gradio < 6.15.0 Cookie Injection via Shared Proxy Client6.8
- CVE-2026-28416Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing8.2
- CVE-2026-28415Gradio has Open Redirect in OAuth Flow4.3
- CVE-2026-28414Gradio has Absolute Path Traversal on Windows with Python 3.13+7.5
- CVE-2025-48889Gradio Allows Unauthorized File Copy via Path Manipulation5.3
- CVE-2025-5320gradio-app gradio CORS is_valid_origin privilege escalation3.7
- CVE-2024-8021Open Redirect in gradio-app/gradio6.1
- CVE-2024-10648Path Traversal in gradio-app/gradio8.2
- CVE-2024-12217Path Traversal in gradio-app/gradio5.3
- CVE-2024-8966Denial of Service in gradio-app/gradio7.5
- CVE-2024-10569Zip Bomb Vulnerability in gradio-app/gradio7.5
- CVE-2024-10624Regular Expression Denial of Service (ReDoS) in gradio-app/gradio7.5
- CVE-2025-0187Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio7.5
- CVE-2025-23042Gradio Blocked Path ACL Bypass Vulnerability7.5
Product normalization is registry-driven with AI assist and human review. How it works