Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how gradle compares to other vendors in security performance

View Risk Score →

npm/gradle-completiongradle-completion has a Bash command injection issue

Risk 50
Severity
8.3
EPSS
0.09%
First published (updated )
CVE-2026-25063

Gradle GradleGradle's failure to disable repositories failing to answer can expose builds to malicious artifacts

Risk 41
Severity
8.6
EPSS
0.03%
First published (updated )
CVE-2026-22865

Gradle GradleGradle fails to disable repositories which can expose builds to malicious artifacts

Risk 41
Severity
8.6
EPSS
0.03%
First published (updated )
CVE-2026-22816

Gradle Gradle 9End of life details

First published (updated )
EOL-gradle-9

Gradle native-platformGradle vulnerable to local privilege escalation through system temporary directory

Risk 53
Severity
8.8
EPSS
0.02%
First published (updated )
CVE-2025-27148
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Gradle DevelocityDevelocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to…

Risk 43
Severity
8.3
EPSS
0.04%
First published (updated )
CVE-2025-24858

Gradle DevelocityDevelocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level …

Risk 48
Severity
7.1
First published (updated )
CVE-2024-46881

Gradle Gradle 8Out of support

Support Ends
Jul 31, 2025
First published (updated )
latest-version-gradle-8

Gradle Gradle 8Out of support

Support Ends
Jul 31, 2025
First published (updated )
EOL-gradle-8

Gradle EnterpriseIn Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installati…

Risk 86
Severity
9.8
First published (updated )
CVE-2023-49238
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

gradle GradlePossible local file exfiltration by XML External entity injection

Risk 51
Severity
6.8
First published (updated )
CVE-2023-42445

redhat/gradleGradle has incorrect permission assignment for symlinked files used in copy or archiving operations

Risk 38
Severity
6.5
First published (updated )
CVE-2023-44387

gradle GradlePath Traversal

Risk 75
Severity
8.1
First published (updated )
CVE-2023-35947

gradle GradlePath Traversal

Risk 50
Severity
6.9
First published (updated )
CVE-2023-35946

Gradle Build ActionGradle Build Action data written to GitHub Actions Cache may expose secrets

Risk 50
Severity
7.6
First published (updated )
CVE-2023-30853
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/gradleGradle usage of long IDs for PGP keys opens potential for collision attacks

Risk 86
Severity
9.8
First published (updated )
CVE-2023-26053

Gradle EnterpriseA credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 thro…

Risk 43
Severity
7.5
First published (updated )
CVE-2022-41575

Gradle EnterpriseAn access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers…

Risk 43
Severity
7.5
First published (updated )
CVE-2022-41574

gradle GradleGradle's dependency verification can ignore checksum verification when signature verification cannot be performed

Risk 61
Severity
6.6
First published (updated )
CVE-2022-31156

Gradle Gradle EnterpriseGradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure…

Risk 43
Severity
7.5
First published (updated )
CVE-2022-30587
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

gradle GradleInfoleak

Risk 66
Severity
7.2
First published (updated )
CVE-2022-30586

Gradle EnterpriseGradle Enterprise before 2022.1 allows remote code execution if the installation process did not spe…

Risk 86
Severity
9.8
First published (updated )
CVE-2022-27919

Gradle EnterpriseIn Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymo…

Risk 79
Severity
9.3
First published (updated )
CVE-2022-25364

Gradle EnterpriseGradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses …

Risk 37
Severity
6.5
First published (updated )
CVE-2022-27225

gradle GradleDependency verification bypass in Gradle

Risk 70
Severity
7.5
First published (updated )
CVE-2022-23630
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Gradle Build Cache NodeIn Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential…

Risk 86
Severity
9.8
First published (updated )
CVE-2021-41589

Gradle EnterpriseCode Injection

Risk 78
Severity
9
First published (updated )
CVE-2021-41619

Gradle EnterpriseIn Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an…

Risk 27
Severity
5.3
First published (updated )
CVE-2021-41590

gradle GradleSSRF

Risk 43
Severity
7.5
First published (updated )
CVE-2021-41586

gradle GradleSSRF

Risk 43
Severity
7.5
First published (updated )
CVE-2021-41587
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203