12 matches found
CVE-2026-22816
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
CVE-2026-22816
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...
EUVD-2023-48735
Malicious code in bioql PyPI...
EUVD-2023-29930
Malicious code in bioql PyPI...
EUVD-2023-46893
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-44387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves...
Default configuration
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...
CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...
CVE-2023-30853
CVE-2023-30853 describes an information disclosure in the Gradle Build Action for GitHub Actions when the configuration cache is enabled in versions prior to 2.4.2. Environment variables passed to Gradle can be persisted into GitHub Actions cache entries, which may be read by untrusted workflows ...
PT-2023-23009 · Gradle +1 · Gradle Build Tool +1
Name of the Vulnerable Software and Affected Versions: Gradle Build Action versions prior to 2.4.2 Description: A vulnerability in the Gradle Build Action impacts GitHub workflows that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configure...
CVE-2022-31156
CVE-2022-31156 : Gradle’s dependency verification can skip checksum verification when signature verification cannot be performed. Affected versions: 6.2–7.4.2. If verification metadata contains only a gpg element (no checksum) or if there is no signature file on the remote repo, Gradle may accept...
CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...