| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25063 | gradle-completion has a Bash command injection issue | gradle | gradle-completion | - | - | 2026-01-29 21:47:17 | Deep Dive |
| CVE-2026-22865 | Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts | gradle | gradle | 高危 | - | 2026-01-16 22:46:20 | Deep Dive |
| CVE-2026-22816 | Gradle fails to disable repositories which can expose builds to malicious artifacts | gradle | gradle | 高危 | - | 2026-01-16 22:45:49 | Deep Dive |
| CVE-2025-27148 | Gradle vulnerable to local privilege escalation through system temporary directory | gradle | gradle | High | 8.8 | 2025-02-25 20:13:52 | Deep Dive |
| CVE-2025-24858 | Gradle 安全漏洞 | Gradle | Enterprise | 中危 | - | 2025-01-26 00:00:00 | Deep Dive |
| CVE-2024-46881 | Gradle 安全漏洞 | Gradle | Enterprise | High | 7.1 | 2025-01-26 00:00:00 | Deep Dive |
| CVE-2024-48964 | Snyk CLI 安全漏洞 | Snyk | Snyk Cli | High | 7.5 | 2024-10-23 18:24:42 | Deep Dive |
| CVE-2023-5720 | Quarkus: build env information disclosure via gradle plugin | - | gradle-plugin | High | 7.7 | 2023-11-15 13:57:52 | Deep Dive |
| CVE-2023-42445 | Possible local file exfiltration by XML External entity injection | gradle | gradle | Medium | 6.8 | 2023-10-06 13:52:03 | Deep Dive |
| CVE-2023-44387 | Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations | gradle | gradle | Low | 3.2 | 2023-10-05 17:51:15 | Deep Dive |
| CVE-2023-39152 | Jenkins Gradle Plugin 安全漏洞 | Jenkins Project | Jenkins Gradle Plugin | 中危 | - | 2023-07-26 13:54:53 | Deep Dive |
| CVE-2023-35946 | Dependency cache path traversal in Gradle | gradle | gradle | Medium | 6.9 | 2023-06-30 20:21:17 | Deep Dive |
| CVE-2023-35947 | Path traversal vulnerabilities in handling of Tar archives in Gradle | gradle | gradle | Medium | 6.9 | 2023-06-30 20:18:06 | Deep Dive |
| CVE-2023-30853 | Gradle Build Action data written to GitHub Actions Cache may expose secrets | gradle | gradle-build-action | High | 7.6 | 2023-04-28 15:10:18 | Deep Dive |
| CVE-2023-26053 | Gradle usage of long IDs for PGP keys opens potential for collision attacks | gradle | gradle | Medium | 6.6 | 2023-03-02 03:11:31 | Deep Dive |
| CVE-2022-22984 | Command Injection | - | snyk | Medium | 5.0 | 2022-11-30 00:00:00 | Deep Dive |
| CVE-2022-26049 | Arbitrary File Write via Archive Extraction (Zip Slip) | - | com.diffplug.gradle:goomph | Medium | 5.3 | 2022-09-11 13:45:16 | Deep Dive |
| CVE-2022-31156 | Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed | gradle | gradle | Medium | 6.6 | 2022-07-14 20:05:11 | Deep Dive |
| CVE-2022-23630 | Dependency verification bypass in Gradle | gradle | gradle | High | 7.5 | 2022-02-10 20:10:09 | Deep Dive |
| CVE-2021-32751 | Arbitrary code execution via specially crafted environment variables | gradle | gradle | High | 7.5 | 2021-07-20 22:55:12 | Deep Dive |