gradle — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in gradle, with AI-generated Chinese analysis, references, and POCs.

Vendor: gradle

CVE ID	Title	CVSS	Severity	Published
CVE-2026-22865	Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts CWE-494	5.3	-	2026-01-16
CVE-2026-22816	Gradle fails to disable repositories which can expose builds to malicious artifacts CWE-829	8.2	-	2026-01-16
CVE-2025-27148	Gradle vulnerable to local privilege escalation through system temporary directory CWE-378	8.8	High	2025-02-25
CVE-2023-42445	Possible local file exfiltration by XML External entity injection CWE-611	6.8	Medium	2023-10-06
CVE-2023-44387	Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations CWE-732	3.2	Low	2023-10-05
CVE-2023-35946	Dependency cache path traversal in Gradle CWE-22	6.9	Medium	2023-06-30
CVE-2023-35947	Path traversal vulnerabilities in handling of Tar archives in Gradle CWE-22	6.9	Medium	2023-06-30
CVE-2023-26053	Gradle usage of long IDs for PGP keys opens potential for collision attacks CWE-829	6.6	Medium	2023-03-02
CVE-2022-31156	Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed CWE-829	6.6	Medium	2022-07-14
CVE-2022-23630	Dependency verification bypass in Gradle CWE-829	7.5	High	2022-02-10
CVE-2021-32751	Arbitrary code execution via specially crafted environment variables CWE-78	7.5	High	2021-07-20
CVE-2021-29427	Repository content filters do not work in Settings pluginManagement CWE-829	8.0	High	2021-04-13
CVE-2021-29428	Local privilege escalation through system temporary directory CWE-379	8.8	High	2021-04-13
CVE-2021-29429	Information disclosure through temporary directory permissions CWE-377	4.0	Medium	2021-04-12

All 14 known CVE vulnerabilities affecting gradle with full Chinese analysis, references, and POCs where available.