OSV - Open Source Vulnerabilities

GHSA-jmh7-g254-2cq9

PyPI/gradio

Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

01 Mar

Fix available
Severity - 8.2 (High)

GHSA-pfjf-5gxr-995x

PyPI/gradio

Gradio has an Open Redirect in its OAuth Flow

01 Mar

Fix available
Severity - 4.3 (Medium)

GHSA-39mp-8hj3-5c49

PyPI/gradio

Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+

01 Mar

Fix available
Severity - 7.5 (High)

GHSA-h3h8-3v2v-rg7m

PyPI/gradio

Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

01 Mar

Fix available

MAL-2025-191744

PyPI/gradio-videotimeline

Malicious code in gradio-videotimeline (PyPI)

01 Oct 2025

No fix available

GHSA-8jw3-6x8j-v96g

PyPI/gradio

Gradio Allows Unauthorized File Copy via Path Manipulation

29 May 2025

Fix available
Severity - 5.3 (Medium)

GHSA-wmjh-cpqj-4v6x

PyPI/gradio

Gradio CORS Origin Validation Bypass Vulnerability

29 May 2025

No fix available
Severity - 2.9 (Low)

GHSA-5cpq-9538-jm2j

PyPI/gradio

Gradio DOS in multipart boundry while uploading the file

20 Mar 2025

No fix available
Severity - 7.5 (High)

GHSA-7v2w-h4gh-w5cv

PyPI/gradio

Gradio Vulnerable to Open Redirect

20 Mar 2025

No fix available
Severity - 5.4 (Medium)

GHSA-prpg-p95c-32fv

PyPI/gradio

Gradio Path Traversal vulnerability

20 Mar 2025

No fix available
Severity - 5.3 (Medium)

GHSA-7xmc-vhjp-qv5q

PyPI/gradio

Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

20 Mar 2025

No fix available
Severity - 7.5 (High)

GHSA-pgfv-gvc5-prfg

PyPI/gradio

Gradio Vulnerable to Arbitrary File Deletion

20 Mar 2025

No fix available
Severity - 8.2 (High)

GHSA-rvgh-pr46-x7gg

PyPI/gradio

Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

20 Mar 2025

No fix available
Severity - 7.5 (High)

GHSA-j2jg-fq62-7c3h

PyPI/gradio

Gradio Blocked Path ACL Bypass Vulnerability

14 Jan 2025

Fix available
Severity - 9.1 (Critical)

GHSA-rhm9-gp5p-5248

PyPI/gradio

Gradio vulnerable to arbitrary file read with File and UploadButton components

06 Nov 2024

Fix available
Severity - 6.9 (Medium)

GHSA-3gf9-wv65-gwh9

PyPI/gradio

gradio Server Side Request Forgery vulnerability

05 Nov 2024

No fix available
Severity - 5.7 (Medium)