Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Gradle — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Gradle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gradle serves as an automation tool for building, testing, and deploying software, primarily used in Java-based projects. Historically, it has been susceptible to remote code execution vulnerabilities through insecure deserialization and path traversal flaws, along with cross-site scripting issues in web interfaces. Privilege escalation risks have also been documented in certain configurations. While no major public security incidents have been widely reported, the 18 recorded CVEs highlight potential risks, particularly in environments where build processes interact with untrusted inputs or legacy systems. Regular updates and proper input validation remain critical for maintaining secure build pipelines.

Top products by Gradle: gradle Enterprise gradle-build-action gradle-completion
CVE IDTitleCVSSSeverityPublished
CVE-2026-25063 gradle-completion has a Bash command injection issue — gradle-completionCWE-78 8.8AIHighAI2026-01-29
CVE-2026-22865 Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts — gradleCWE-494 5.3 -2026-01-16
CVE-2026-22816 Gradle fails to disable repositories which can expose builds to malicious artifacts — gradleCWE-829 8.2 -2026-01-16
CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory — gradleCWE-378 8.8 High2025-02-25
CVE-2024-46881 Gradle 安全漏洞 — EnterpriseCWE-732 7.1 High2025-01-26
CVE-2025-24858 Gradle 安全漏洞 — EnterpriseCWE-201 9.8 -2025-01-26
CVE-2023-42445 Possible local file exfiltration by XML External entity injection — gradleCWE-611 6.8 Medium2023-10-06
CVE-2023-44387 Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations — gradleCWE-732 3.2 Low2023-10-05
CVE-2023-35946 Dependency cache path traversal in Gradle — gradleCWE-22 6.9 Medium2023-06-30
CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle — gradleCWE-22 6.9 Medium2023-06-30
CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets — gradle-build-actionCWE-200 7.6 High2023-04-28
CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks — gradleCWE-829 6.6 Medium2023-03-02
CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed — gradleCWE-829 6.6 Medium2022-07-14
CVE-2022-23630 Dependency verification bypass in Gradle — gradleCWE-829 7.5 High2022-02-10
CVE-2021-32751 Arbitrary code execution via specially crafted environment variables — gradleCWE-78 7.5 High2021-07-20
CVE-2021-29427 Repository content filters do not work in Settings pluginManagement — gradleCWE-829 8.0 High2021-04-13
CVE-2021-29428 Local privilege escalation through system temporary directory — gradleCWE-379 8.8 High2021-04-13
CVE-2021-29429 Information disclosure through temporary directory permissions — gradleCWE-377 4.0 Medium2021-04-12

This page lists every published CVE security advisory associated with Gradle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.