CVE-2022-24770

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on the...

CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

CVE-2024-47084

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation , where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio ...

CVE-2024-47870

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the update_root_in_config function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker c...