gradio vulnerabilities

Known vulnerabilities in the gradio package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Origin Validation Error	[0,)
M Arbitrary File Upload	[,5.31.0)
H Allocation of Resources Without Limits or Throttling	[0,5.35.0)
M Path Equivalence	[0,)
M Open Redirect	[0,)
H Denial of Service (DoS)	[,5.8.0)
H Undefined Behavior for Input to API	[4.0.0,)
H Regular Expression Denial of Service (ReDoS)	[4.38.0,5.29.0)
H Arbitrary File Write via Archive Extraction (Zip Slip)	[4.0.0,5.34.1)
M Regular Expression Denial of Service (ReDoS)	[,5.13.0)
H Improper Handling of Case Sensitivity	[,5.11.0)
H Directory Traversal	[5.0.0,5.5.0)
H Server-side Request Forgery (SSRF)	[,5.0.0b5)
H Race Condition	[,5.0.0b5)
H Directory Traversal	[,4.44.0)
H Origin Validation Error	[,4.44.0)
M Timing Attack	[,4.44.0)
L Always-Incorrect Control Flow Implementation	[,4.44.0)
M Origin Validation Error	[,5.0.0)
M Directory Traversal	[,5.0.0)
H Race Condition	[,5.0.0)
M Directory Traversal	[,5.0.0)
M Cross-site Scripting (XSS)	[,5.0.0)
M Server-side Request Forgery (SSRF)	[,5.0.0)
H Resources Downloaded over Insecure Protocol	[,5.0.0)
M Improper Input Validation	[,5.0.0)
H Missing Encryption of Sensitive Data	[,5.0.0)
M Arbitrary Code Injection	[0,)
M Open Redirect	[0,)
H Server-Side Request Forgery (SSRF)	[,5.0.0b1)
H Directory Traversal	[,4.31.3)
H Credential Exposure	[,4.20.0)
M Server-side Request Forgery (SSRF)	[,4.10.0)
H Improper Access Control	[,4.13.0)
H Directory Traversal	[,4.19.2)
M Race Condition	[,4.22.0)
H Improper Command Line Parameter Handling	[,4.18.0)
H Server-Side Request Forgery (SSRF)	[,4.18.0)
M Cross-Site Request Forgery (CSRF)	[,4.19.2)
H Arbitrary Command Injection	[,4.1.2)
C Timing Attack	[,4.19.2)
H Directory Traversal	[,4.9.0)
M Server-side Request Forgery (SSRF)	[,4.10.0)
M Server-side Request Forgery (SSRF)	[,4.11.0)
H Improper Input Validation	[,3.34.0)
M Use of Hard-coded Credentials	[,3.13.1)
H Improper Neutralization of Formula Elements in a CSV File	[,2.8.11)
M Arbitrary File Read	[,2.6.0)
H Arbitrary File Read	[,2.5.0)

Vulnerability

Vulnerable Version

Origin Validation Error

[0,)

Arbitrary File Upload

[,5.31.0)

Allocation of Resources Without Limits or Throttling

[0,5.35.0)

Path Equivalence

[0,)

Open Redirect

[0,)

Denial of Service (DoS)

[,5.8.0)

Undefined Behavior for Input to API

[4.0.0,)

Regular Expression Denial of Service (ReDoS)

[4.38.0,5.29.0)

Arbitrary File Write via Archive Extraction (Zip Slip)

[4.0.0,5.34.1)

Regular Expression Denial of Service (ReDoS)

[,5.13.0)

Improper Handling of Case Sensitivity

[,5.11.0)

Directory Traversal

[5.0.0,5.5.0)

Server-side Request Forgery (SSRF)

[,5.0.0b5)

Race Condition

[,5.0.0b5)

Directory Traversal

[,4.44.0)

Origin Validation Error

[,4.44.0)

Timing Attack

[,4.44.0)

Always-Incorrect Control Flow Implementation

[,4.44.0)

Origin Validation Error

[,5.0.0)

Directory Traversal

[,5.0.0)

Race Condition

[,5.0.0)

Directory Traversal

[,5.0.0)

Cross-site Scripting (XSS)

[,5.0.0)

Server-side Request Forgery (SSRF)

[,5.0.0)

Resources Downloaded over Insecure Protocol

[,5.0.0)

Improper Input Validation

[,5.0.0)

Missing Encryption of Sensitive Data

[,5.0.0)

Arbitrary Code Injection

[0,)

Open Redirect

[0,)

Server-Side Request Forgery (SSRF)

[,5.0.0b1)

Directory Traversal

[,4.31.3)

Credential Exposure

[,4.20.0)

Server-side Request Forgery (SSRF)

[,4.10.0)

Improper Access Control

[,4.13.0)

Directory Traversal

[,4.19.2)

Race Condition

[,4.22.0)

Improper Command Line Parameter Handling

[,4.18.0)

Server-Side Request Forgery (SSRF)

[,4.18.0)

Cross-Site Request Forgery (CSRF)

[,4.19.2)

Arbitrary Command Injection

[,4.1.2)

Timing Attack

[,4.19.2)

Directory Traversal

[,4.9.0)

Server-side Request Forgery (SSRF)

[,4.10.0)

Server-side Request Forgery (SSRF)

[,4.11.0)

Improper Input Validation

[,3.34.0)

Use of Hard-coded Credentials

[,3.13.1)

Improper Neutralization of Formula Elements in a CSV File

[,2.8.11)

Arbitrary File Read

[,2.6.0)

Arbitrary File Read

[,2.5.0)

Package versions

635 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
6.0.0.dev0	13 Oct, 2025	0 C 1 H 5 M 0 L
5.49.1	8 Oct, 2025	0 C 1 H 5 M 0 L
5.49.0	3 Oct, 2025	0 C 1 H 5 M 0 L
5.48.0	2 Oct, 2025	0 C 1 H 5 M 0 L
5.47.2	26 Sep, 2025	0 C 1 H 5 M 0 L
5.47.1	25 Sep, 2025	0 C 1 H 5 M 0 L
5.47.0	23 Sep, 2025	0 C 1 H 5 M 0 L
5.46.1	19 Sep, 2025	0 C 1 H 5 M 0 L
5.46.0	16 Sep, 2025	0 C 1 H 5 M 0 L
5.45.0	10 Sep, 2025	0 C 1 H 5 M 0 L

gradio vulnerabilities

Python library for easily interacting with trained machine learning models

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?

Package versions