CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

865 matches found

CNNVD•added 2026/01/16 12:0 a.m.•2 views

Gradle security vulnerabilities

Gradle is a project build tool based on the JVM, developed by the American company Gradle Inc. It supports Maven, Ivy repositories, etc. Versions of Gradle prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that certain exceptions were not treated as...

8.6CVSS5.8AI score0.0003EPSS

Exploits0References2

EUVD•added 2026/01/13 7:54 p.m.•2 views

EUVD-2026-2098

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious distributionUrl...

7.2AI score

Exploits0References3

OSV•added 2026/01/13 7:54 p.m.•1 views

GHSA-PFQ2-HH62-7M96 Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious distributionUrl in gradle/wrapper/gradle-wrapper.properties can lead to command execution in the Renovate runtime. Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper...

6.7CVSS6.1AI score

Exploits0References3

Snyk•added 2026/01/13 7:54 p.m.•2 views

Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Command Injection via the distributionUrl parameter in the Gradle Wrapper update process. An attacker can execute arbitrary commands within the runtime environment by injecting shell command substitutio...

8.4CVSS7.8AI score

Exploits0References2

Github Security Blog•added 2026/01/13 7:54 p.m.•6 views

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

7.6AI score

Exploits0References3Affected Software1

EUVD•added 2026/01/12 1:57 a.m.•3 views

EUVD-2026-1980

Malicious code in gradle-plugin npm...

6.6AI score

Exploits0References1

Snyk•added 2026/01/12 1:57 a.m.•2 views

Malicious Package

Overview gradle-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/01/12 1:57 a.m.•5 views

Malicious code in gradle-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2250213d706eee1473dafe9b75172ac8e22adbf885bf28e4b2b85270de1ffbc8 The package gradle-plugin was found to contain malicious code. Source: ghsa-malware 0d6c8dc0207f1992c957598d80609ff61b750f041d94dde7984a3e0a6133d54e...

6.9AI score

Exploits0References1

OSV•added 2026/01/12 1:57 a.m.•12 views

MAL-2026-221 Malicious code in gradle-plugin (npm)

6.8AI score

Exploits0References1

RedhatCVE•added 2026/01/09 12:36 p.m.•2 views

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

9.8CVSS7.2AI score0.00822EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:36 a.m.•2 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...

7.5CVSS6.7AI score0.00511EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:36 a.m.•5 views

CVE-2021-41586

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...

7.5CVSS6.9AI score0.00195EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:11 a.m.•5 views

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...

9.8CVSS7AI score0.00346EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:58 a.m.•7 views

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

6.5CVSS6.8AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:37 a.m.•5 views

CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

8.1CVSS6.9AI score0.00307EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:48 a.m.•7 views

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...

9.8CVSS7.9AI score0.02148EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-7132

Malware in sbrugna...

9.8CVSS9.3AI score0.02251EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-12292

Malware in sbrugna...

7.4CVSS7.6AI score0.00341EPSS

Exploits1References4