Live data from GitHub and PyPI, updated daily.
Data last fetched: 2026-06-29
10 active CVEs reported via OSV.dev
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Gradio uses insecure communication between the FRP client and server
Gradio's Component Server does not properly consider` _is_server_fn` for functions
Gradio has a one-level read path traversal in `/custom_component`
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
Gradios's CORS origin validation is not performed when the request has a cookie
gradio Server Side Request Forgery vulnerability
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Update share links to use FRP instead of SSH tunneling
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Other Data Science projects in the Python ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Gradio — without relying on volunteer maintainers.