threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gradle
Product
gradle
49 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-25063
<= 9.3.0
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-compl
7.8
HIGH
CVE-2026-22865
< 8.14.4
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencie
7.4
HIGH
CVE-2026-22816
< 8.14.4
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencie
7.4
HIGH
CVE-2023-49238
< 2023.1
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation sc
9.8
CRITICAL
CVE-2023-42445
< 7.6.3
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle par
6.8
MEDIUM
CVE-2023-44387
< 7.6.3
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving syml
3.2
LOW
CVE-2023-35947
< 7.6.2
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpa
6.9
MEDIUM
CVE-2023-35946
< 7.6.2
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependenc
6.9
MEDIUM
CVE-2023-30853
< 2.4.2
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workfl
7.6
HIGH
CVE-2023-26053
>= 6.2.0 and < 6.9.4
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on
6.6
MEDIUM
CVE-2022-41575
>= 2022.3 and < 2022.3.3
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote att
7.5
HIGH
CVE-2022-41574
>= 2020.4 and < 2022.3.2
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occur
7.5
HIGH
CVE-2022-31156
>= 6.2.0 and < 7.5.0
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation
6.6
MEDIUM
CVE-2022-30586
< 1.3.1
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
7.2
HIGH
CVE-2022-27919
>= 2020.4 and <= 2021.4.3
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration
9.8
CRITICAL
CVE-2022-25364
< 2021.4.2
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was n
8.1
HIGH
CVE-2022-27225
>= 2020.1 and < 2021.4.3
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity manageme
6.5
MEDIUM
CVE-2022-23630
>= 6.2.0 and <= 7.3.3
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip
7.5
HIGH
CVE-2021-41619
>= 2020.4 and < 2021.1.2
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup
7.2
HIGH
CVE-2021-41590
>= 2020.4 and < 2021.3
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The
5.3
MEDIUM
CVE-2021-41589
< 2021.3
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote co
9.8
CRITICAL
CVE-2021-41588
>= 2017.2 and < 2021.1.3
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker
8.1
HIGH
CVE-2021-41587
>= 2017.6 and < 2021.1.3
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials fo
7.5
HIGH
CVE-2021-41586
>= 2020.4 and < 2021.1.3
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user p
7.5
HIGH
CVE-2021-41584
>= 2020.4 and < 2021.1.3
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build
7.5
HIGH
CVE-2021-32751
< 7.2
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the
application
pl
7.5
HIGH
CVE-2021-29428
< 7.0
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow
8.8
HIGH
CVE-2021-29427
>= 5.1 and < 7.0
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or depende
8.0
HIGH
CVE-2021-29429
< 7.0
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to acces
4.0
MEDIUM
CVE-2021-26719
>= 1.8 and <= 1.8.1
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gra
6.5
MEDIUM
CVE-2020-11979
< 6.8.0
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u
7.5
HIGH
CVE-2020-15773
< 2020.2.4
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in t
6.5
MEDIUM
CVE-2020-15776
>= 2018.2 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is no
8.8
HIGH
CVE-2020-15775
>= 2017.1 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build info
7.5
HIGH
CVE-2020-15774
>= 2018.5 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has
6.8
MEDIUM
CVE-2020-15772
>= 2018.5 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identi
4.9
MEDIUM
CVE-2020-15771
all versions
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie
7.5
HIGH
CVE-2020-15770
all versions
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's pa
5.5
MEDIUM
CVE-2020-15769
>= 2020.2 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
6.1
MEDIUM
CVE-2020-15768
>= 2017.3 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP
7.5
HIGH
CVE-2020-15767
< 2020.2.5
An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated
5.3
MEDIUM
CVE-2020-15777
< 1.6
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to
7.8
HIGH
CVE-2019-16370
< 6.0
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact wi
5.9
MEDIUM
CVE-2019-15052
< 5.6
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host re
9.8
CRITICAL
CVE-2019-9843
< 3.20.0
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve exte
7.5
HIGH
CVE-2019-11403
< 2018.5.2
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page sour
9.8
CRITICAL
CVE-2019-11402
< 2018.5.3
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
9.8
CRITICAL
CVE-2019-11065
>= 1.4 and <= 5.3.1
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript G
5.9
MEDIUM
CVE-2016-6199
all versions
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin