gradle
DevTools & CIoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting gradle.
- CVE-2026-22865Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts7.4
- CVE-2026-22816Gradle fails to disable repositories which can expose builds to malicious artifacts7.4
- CVE-2025-27148Gradle vulnerable to local privilege escalation through system temporary directory8.8
- CVE-2024-46881Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration func...7.1
- CVE-2023-49238In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Alth...9.8
- CVE-2023-42445Possible local file exfiltration by XML External entity injection6.8
- CVE-2023-44387Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations3.2
- CVE-2023-35946Dependency cache path traversal in Gradle6.9
- CVE-2023-35947Path traversal vulnerabilities in handling of Tar archives in Gradle6.9
- CVE-2023-30853Gradle Build Action data written to GitHub Actions Cache may expose secrets7.6
- CVE-2023-26053Gradle usage of long IDs for PGP keys opens potential for collision attacks6.6
- CVE-2022-41575A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext cred...7.5
- CVE-2022-41574An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured...7.5
- CVE-2022-31156Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed6.6
- CVE-2022-30587Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.7.5