VYPR
Vendor

Gradle

Products
3
CVEs
42
Across products
42
Status
Private

Products

3

Recent CVEs

42
View all 42 CVEs →
  • CVE-2016-6199CriFeb 7, 2017
    risk 0.64cvss 9.8epss 0.05

    ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.

  • CVE-2025-27148HigFeb 25, 2025
    risk 0.57cvss 8.8epss 0.00

    Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library…

  • CVE-2025-24858HigJan 26, 2025
    risk 0.54cvss epss 0.00

    Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and…

  • CVE-2024-46881HigJan 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable…

  • CVE-2026-25063Jan 29, 2026
    risk 0.00cvss epss 0.01

    gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious…

  • CVE-2026-22865Jan 16, 2026
    risk 0.00cvss epss 0.00

    Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered…

  • CVE-2026-22816Jan 16, 2026
    risk 0.00cvss epss 0.00

    Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered…

  • CVE-2023-49238Jan 9, 2024
    risk 0.00cvss epss 0.01

    In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an…

  • CVE-2023-42445Oct 6, 2023
    risk 0.00cvss epss 0.01

    Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to…

  • CVE-2023-44387Oct 5, 2023
    risk 0.00cvss epss 0.00

    Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting…

  • CVE-2023-35946Jun 30, 2023
    risk 0.00cvss epss 0.00

    Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle…

  • CVE-2023-35947Jun 30, 2023
    risk 0.00cvss epss 0.00

    Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being…

  • CVE-2023-26053Mar 2, 2023
    risk 0.00cvss epss 0.01

    Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or…

  • CVE-2022-41575Oct 21, 2022
    risk 0.00cvss epss 0.01

    A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.

  • CVE-2022-31156Jul 14, 2022
    risk 0.00cvss epss 0.00

    Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which…

  • CVE-2022-30586Jun 6, 2022
    risk 0.00cvss epss 0.01

    Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.

  • CVE-2022-27919Mar 25, 2022
    risk 0.00cvss epss 0.02

    Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.

  • CVE-2022-27225Mar 16, 2022
    risk 0.00cvss epss 0.01

    Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards…

  • CVE-2022-23630Feb 10, 2022
    risk 0.00cvss epss 0.01

    Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency…

  • CVE-2021-41589Oct 27, 2021
    risk 0.00cvss epss 0.02

    In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user…