CRITICAL9.8CVE-2019-15052The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. from 0
CRITICAL9.8CVE-2016-6199ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. from 0, < 2.13-1
HIGH8.1CVE-2023-35947Path traversal vulnerabilities in handling of Tar archives in Gradle from 0
HIGH7.8Local privilege escalation through system temporary directory
from 0
HIGH7.5Arbitrary code execution via specially crafted environment variables
from 0
HIGH7.4Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts
from 0
HIGH7.4Gradle fails to disable repositories which can expose builds to malicious artifacts
from 0
MEDIUM6.5Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations
from 0
MEDIUM5.9Use of a weak cryptographic algorithm in Gradle
from 0
MEDIUM5.9Insecure transport protocol in Gradle
from 0, < 4.4.1-10
MEDIUM5.5Dependency cache path traversal in Gradle
from 0
MEDIUM5.5Information disclosure through temporary directory permissions
from 0
MEDIUM5.3Possible local file exfiltration by XML External entity injection
from 0