Gradle
This hub aggregates every CVE we track for Gradle, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
42
CVEs tracked
2
Critical
18
High
0
In CISA KEV
Severity distribution
MEDIUM20HIGH18LOW2CRITICAL2
Monthly trend
0
0
1
0
0
0
1
1
0
2
0
1
0
0
0
0
0
2
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Gradle.
- CVE-2026-22865Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts7.4
- CVE-2026-22816Gradle fails to disable repositories which can expose builds to malicious artifacts7.4
- CVE-2025-48924Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs5.3
- CVE-2025-4949XXE vulnerability in Eclipse JGit5.3
- CVE-2024-13009Eclipse Jetty GZIP buffer release7.2
- CVE-2020-36843The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message A...4.3
- CVE-2025-27148Gradle vulnerable to local privilege escalation through system temporary directory8.8
- CVE-2024-8184Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks5.9
- CVE-2023-42445Possible local file exfiltration by XML External entity injection6.8
- CVE-2023-44387Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations3.2
- CVE-2023-39152Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.6.5
- CVE-2023-35946Dependency cache path traversal in Gradle6.9
- CVE-2023-35947Path traversal vulnerabilities in handling of Tar archives in Gradle6.9
- CVE-2023-26049Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty2.4
- CVE-2023-26048OutOfMemoryError for large multipart without filename in Eclipse Jetty5.3
Product normalization is registry-driven with AI assist and human review. How it works