MEDIUM 5.3 PyPI
GHSA-26jh-r8g2-6fpr Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Modified: 11/30/2024
package
PyPI / gradio
pkg:pypi/gradio
HIGH 8.1 PyPI
GHSA-279j-x4gx-hfrh · CVE-2024-47871, PYSEC-2024-219 Gradio uses insecure communication between the FRP client and server
Modified: 1/21/2025
MEDIUM 6.5 PyPI
GHSA-34rf-p3r3-58x2 · CVE-2024-34511 Gradio's Component Server does not properly consider` _is_server_fn` for functions
Modified: 11/30/2024
MEDIUM 5.3 PyPI
GHSA-37qc-qgx6-9xjv · CVE-2024-47166, PYSEC-2024-197 Gradio has a one-level read path traversal in `/custom_component`
Modified: 1/21/2025
HIGH 7.5 PyPI
GHSA-39mp-8hj3-5c49 · CVE-2026-28414, PYSEC-2026-64 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
Modified: 6/6/2026
HIGH 8.8 PyPI
GHSA-3c67-5hwx-f6wx · CVE-2024-47084, PYSEC-2024-196 Gradios's CORS origin validation is not performed when the request has a cookie
Modified: 1/21/2025
MEDIUM 6.5 PyPI
GHSA-3gf9-wv65-gwh9 · CVE-2024-48052 gradio Server Side Request Forgery vulnerability
Modified: 11/7/2024
HIGH 7.3 PyPI
GHSA-3qqg-pgqq-3695 · CVE-2023-34239, PYSEC-2023-90 Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Modified: 2/21/2025
MEDIUM 5.4 PyPI
GHSA-3x5j-9vwr-8rr5 · CVE-2023-25823, PYSEC-2023-16 Update share links to use FRP instead of SSH tunneling
Modified: 9/20/2024
MEDIUM 4.3 PyPI
GHSA-48cq-79qq-6f7x · CVE-2024-1727 Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Modified: 5/21/2024
MEDIUM 5.3 PyPI
GHSA-4q3c-cj7g-jcwf · CVE-2024-47868, PYSEC-2024-217 Gradio has several components with post-process steps allow arbitrary file leaks
Modified: 1/21/2025
HIGH 7.2 PyPI
GHSA-576c-3j53-r9jj · CVE-2024-47167, PYSEC-2024-215 Gradio vulnerable to SSRF in the path parameter of /queue/join
Modified: 1/21/2025
HIGH 7.5 PyPI
GHSA-5cpq-9538-jm2j · CVE-2024-8966 Gradio DOS in multipart boundry while uploading the file
Modified: 10/16/2025
HIGH 8.6 PyPI
GHSA-6qm2-wpxq-7qh2 · CVE-2023-51449, PYSEC-2023-249 Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Modified: 2/16/2024
HIGH 7.5 PyPI
GHSA-6v6g-j5fq-hpvw · CVE-2024-4941, PYSEC-2024-184 Local file inclusion in gradio
Modified: 10/16/2025
MEDIUM 6.5 PyPI
GHSA-77xq-6g77-h274 · CVE-2024-47164, PYSEC-2024-213 Gradio's `is_in_or_equal` function may be bypassed
Modified: 1/21/2025
MEDIUM 5.4 PyPI
GHSA-7v2w-h4gh-w5cv · CVE-2024-8021 Gradio Vulnerable to Open Redirect
Modified: 3/21/2025
HIGH 7.5 PyPI
GHSA-7xmc-vhjp-qv5q · CVE-2024-10569 Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb
Modified: 3/20/2025
MEDIUM 5.4 PyPI
GHSA-89v2-pqfv-c5r9 · CVE-2024-47165, PYSEC-2024-214 Gradio's CORS origin validation accepts the null origin
Modified: 1/21/2025
HIGH 7.5 PyPI
GHSA-8c87-gvhj-xm8m · CVE-2024-47867, PYSEC-2024-216 Gradio lacks integrity checking on the downloaded FRP client
Modified: 1/21/2025
MEDIUM 5.3 PyPI
GHSA-8jw3-6x8j-v96g · CVE-2025-48889, PYSEC-2025-119 Gradio Allows Unauthorized File Copy via Path Manipulation
Modified: 6/5/2026
HIGH 8.6 PyPI
GHSA-973g-55hp-3frw · CVE-2024-4325 Server-Side Request Forgery in gradio
Modified: 6/6/2024
HIGH 7.5 PyPI
GHSA-f3h9-8phc-6gvh · CVE-2024-0964, PYSEC-2024-261 Gradio Path Traversal vulnerability
Modified: 5/19/2026
HIGH 8.8 PyPI
GHSA-f8xq-q7px-wg8c · CVE-2022-24770, PYSEC-2022-229 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Modified: 11/8/2023
MEDIUM 5.4 PyPI
GHSA-g6c9-f4xm-9j4x · CVE-2024-4940 Open redirect in gradio
Modified: 6/25/2024
HIGH 7.5 PyPI
GHSA-g9cj-cfpp-4g2x · CVE-2024-1561 gradio vulnerable to Path Traversal
Modified: 5/10/2024
CRITICAL 9.6 PyPI
GHSA-gqvf-3hgp-5hxv · CVE-2023-6572, PYSEC-2023-255 Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Modified: 2/28/2024
MEDIUM 5.4 PyPI
GHSA-gvv6-33j7-884g · CVE-2024-47872, PYSEC-2024-220 Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Modified: 1/21/2025
— 0.0 PyPI
GHSA-h3h8-3v2v-rg7m · CVE-2026-27167, PYSEC-2026-63 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Modified: 6/5/2026
MEDIUM 4.3 PyPI
GHSA-hm3c-93pg-4cxw · CVE-2024-47168, PYSEC-2024-198 In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Modified: 1/21/2025
MEDIUM 5.9 PyPI
GHSA-hmx6-r76c-85g9 · CVE-2024-1729 Gradio apps vulnerable to timing attacks to guess password
Modified: 3/29/2024
CRITICAL PyPI
GHSA-j2jg-fq62-7c3h · CVE-2025-23042, PYSEC-2025-118 Gradio Blocked Path ACL Bypass Vulnerability
Modified: 6/5/2026
LOW 3.7 PyPI
GHSA-j757-pf57-f8r4 · CVE-2024-47869, PYSEC-2024-199 Gradio performs a non-constant-time comparison when comparing hashes
Modified: 1/21/2025
HIGH 8.2 PyPI
GHSA-jmh7-g254-2cq9 · CVE-2026-28416, PYSEC-2026-66 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Modified: 6/6/2026
HIGH 8.1 PyPI
GHSA-m842-4qm8-7gpq · CVE-2024-1728 Gradio allows users to access arbitrary files
Modified: 2/3/2026
MEDIUM 4.3 PyPI
GHSA-pfjf-5gxr-995x · CVE-2026-28415, PYSEC-2026-65 Gradio has an Open Redirect in its OAuth Flow
Modified: 6/6/2026
HIGH 8.2 PyPI
GHSA-pgfv-gvc5-prfg · CVE-2024-10648 Gradio Vulnerable to Arbitrary File Deletion
Modified: 3/20/2025
MEDIUM 5.3 PyPI
GHSA-prpg-p95c-32fv · CVE-2024-12217 Gradio Path Traversal vulnerability
Modified: 3/21/2025
MEDIUM 6.5 PyPI
GHSA-qh6x-j82h-vpf9 · CVE-2024-1183 gradio Server-Side Request Forgery vulnerability
Modified: 4/16/2024
HIGH 7.3 PyPI
GHSA-r364-m2j9-mf4h · CVE-2024-2206 gradio Server-Side Request Forgery vulnerability
Modified: 4/16/2024
— 0.0 PyPI
GHSA-rhm9-gp5p-5248 · CVE-2024-51751, PYSEC-2024-275 Gradio vulnerable to arbitrary file read with File and UploadButton components
Modified: 6/5/2026
HIGH 8.3 PyPI
GHSA-rhq2-3vr9-6mcr · CVE-2021-43831, PYSEC-2021-873 Files on the host computer can be accessed from the Gradio interface
Modified: 3/13/2026
HIGH 7.5 PyPI
GHSA-rvfh-h6c7-fc3c · CVE-2024-34510, PYSEC-2024-255 Gradio allows credential leakage on Windows
Modified: 6/17/2025
HIGH 7.5 PyPI
GHSA-rvgh-pr46-x7gg · CVE-2024-10624 Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
Modified: 10/16/2025
MEDIUM 4.8 PyPI
GHSA-v4q9-qgqf-7jwp · CVE-2023-41626 Gradio arbitrary file upload vulnerability
Modified: 2/16/2024
LOW 3.7 PyPI
GHSA-wmjh-cpqj-4v6x · CVE-2025-5320 Gradio CORS Origin Validation Bypass Vulnerability
Modified: 6/5/2025
HIGH 7.0 PyPI
GHSA-xh2x-3mrm-fwqm · CVE-2024-47870, PYSEC-2024-218 Gradio has a race condition in update_root_in_config may redirect user traffic
Modified: 1/21/2025
— PyPI
PYSEC-2021-873 · CVE-2021-43831, GHSA-rhq2-3vr9-6mcr Modified: 11/8/2023
— PyPI
PYSEC-2022-229 · CVE-2022-24770, GHSA-f8xq-q7px-wg8c Modified: 11/8/2023
— PyPI
PYSEC-2023-16 · CVE-2023-25823, GHSA-3x5j-9vwr-8rr5 Modified: 11/8/2023
HIGH 7.5 PyPI
PYSEC-2023-249 · CVE-2023-51449, GHSA-6qm2-wpxq-7qh2 Modified: 1/17/2024
HIGH 8.1 PyPI
PYSEC-2023-255 · CVE-2023-6572, GHSA-gqvf-3hgp-5hxv Modified: 6/10/2026
— PyPI
PYSEC-2023-90 · CVE-2023-34239, GHSA-3qqg-pgqq-3695 Modified: 11/8/2023
HIGH 7.5 PyPI
PYSEC-2024-184 · CVE-2024-4941, GHSA-6v6g-j5fq-hpvw Modified: 6/10/2026
HIGH 8.3 PyPI
PYSEC-2024-196 · CVE-2024-47084, GHSA-3c67-5hwx-f6wx Modified: 1/19/2025
MEDIUM 5.3 PyPI
PYSEC-2024-197 · CVE-2024-47166, GHSA-37qc-qgx6-9xjv Modified: 1/19/2025
MEDIUM 4.3 PyPI
PYSEC-2024-198 · CVE-2024-47168, GHSA-hm3c-93pg-4cxw Modified: 1/19/2025
LOW 3.7 PyPI
PYSEC-2024-199 · CVE-2024-47869, GHSA-j757-pf57-f8r4 Modified: 1/19/2025
MEDIUM 6.5 PyPI
PYSEC-2024-213 · CVE-2024-47164, GHSA-77xq-6g77-h274 Modified: 1/19/2025
MEDIUM 5.4 PyPI
PYSEC-2024-214 · CVE-2024-47165, GHSA-89v2-pqfv-c5r9 Modified: 1/19/2025
CRITICAL 9.8 PyPI
PYSEC-2024-215 · CVE-2024-47167, GHSA-576c-3j53-r9jj Modified: 1/19/2025
HIGH 7.5 PyPI
PYSEC-2024-216 · CVE-2024-47867, GHSA-8c87-gvhj-xm8m Modified: 1/19/2025
HIGH 7.5 PyPI
PYSEC-2024-217 · CVE-2024-47868, GHSA-4q3c-cj7g-jcwf Modified: 1/19/2025
HIGH 8.1 PyPI
PYSEC-2024-218 · CVE-2024-47870, GHSA-xh2x-3mrm-fwqm Modified: 1/19/2025
CRITICAL 9.1 PyPI
PYSEC-2024-219 · CVE-2024-47871, GHSA-279j-x4gx-hfrh Modified: 1/19/2025
MEDIUM 5.4 PyPI
PYSEC-2024-220 · CVE-2024-47872, GHSA-gvv6-33j7-884g Modified: 1/19/2025
— PyPI
PYSEC-2024-255 · CVE-2024-34510, GHSA-rvfh-h6c7-fc3c Modified: 6/10/2026
CRITICAL 9.4 PyPI
PYSEC-2024-261 · CVE-2024-0964, GHSA-f3h9-8phc-6gvh Modified: 6/10/2026
CRITICAL 9.8 PyPI
PYSEC-2024-274 · CVE-2024-39236, GHSA-9v2f-6vcg-3hgv Modified: 5/21/2026
MEDIUM 6.5 PyPI
PYSEC-2024-275 · CVE-2024-51751, GHSA-rhm9-gp5p-5248 Modified: 5/20/2026
HIGH 7.5 PyPI
PYSEC-2025-118 · CVE-2025-23042, GHSA-j2jg-fq62-7c3h Modified: 5/20/2026
HIGH 7.5 PyPI
PYSEC-2025-119 · CVE-2025-48889, GHSA-8jw3-6x8j-v96g Modified: 5/20/2026
LOW 2.5 PyPI
PYSEC-2026-211 · CVE-2026-10783 Modified: 6/15/2026
MEDIUM 5.9 PyPI
PYSEC-2026-63 · CVE-2026-27167, GHSA-h3h8-3v2v-rg7m Modified: 5/20/2026
HIGH 7.5 PyPI
PYSEC-2026-64 · CVE-2026-28414, GHSA-39mp-8hj3-5c49 Modified: 5/20/2026
MEDIUM 4.7 PyPI
PYSEC-2026-65 · CVE-2026-28415, GHSA-pfjf-5gxr-995x Modified: 5/20/2026
HIGH 8.6 PyPI
PYSEC-2026-66 · CVE-2026-28416, GHSA-jmh7-g254-2cq9 Modified: 5/20/2026