Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-41574
An access-control vulnerability in Gradle Enterprise 2022.4 up to and including 2022.3.1 allows remote malicious users to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to a...
Gradle Enterprise
7.5
CVSSv3
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 up to and including 2022.3.3 allows remote malicious users to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
Gradle Enterprise
9.8
CVSSv3
CVE-2022-27919
Gradle Enterprise prior to 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
Gradle Enterprise
9.8
CVSSv3
CVE-2019-11402
In Gradle Enterprise prior to 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
Gradle Enterprise
5.5
CVSSv3
CVE-2020-15770
An issue exists in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
Gradle Enterprise 2018.5
6.5
CVSSv3
CVE-2023-39152
Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.
Jenkins Gradle 2.8
6.5
CVSSv3
CVE-2023-30853
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially ex...
Gradle Build Action
6.5
CVSSv3
CVE-2020-7599
All versions of com.gradle.plugin-publish prior to 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this ...
Gradle Plugin Publishing
7.5
CVSSv3
CVE-2019-9843
In DiffPlug Spotless prior to 1.20.0 (library and Maven plugin) and prior to 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file co...
Diffplug Gradle
Diffplug Maven
8.3
CVSSv4
CVE-2025-24858
Develocity (formerly Gradle Enterprise) prior to 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provi...
Gradle Enterprise
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
directory listings wordpress plugin – ulisting
postquantum-feldman-vss
matio
CVE-2025-20115
CVE-2025-2025
HTML injection
SSTI
CVE-2025-2310
CVE-2025-27363
CVE-2025-2343
logicaldoc enterprise
CVE-2025-2163
dos
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon