Security Advisories · gradle/gradle · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Failure to disable repositories failing to answer can expose builds to malicious artifacts
GHSA-mqwm-5m85-gmcv published Jan 16, 2026 by cobexer

High
Failure to disable repositories with unknown host can expose builds to malicious artifacts
GHSA-w78c-w6vf-rw82 published Jan 16, 2026 by cobexer

High
Local privilege escalation through system temporary directory
GHSA-465q-w4mf-4f4r published Feb 25, 2025 by cobexer

High
Incorrect permission assignment for symlinked files used in copy or archiving operations
GHSA-43r3-pqhv-f7h9 published Oct 4, 2023 by ljacomet

Low
Possible local text file exfiltration by XML External entity injection
GHSA-mrff-q8qj-xvg8 published Oct 4, 2023 by ljacomet

Moderate
Dependency cache path traversal
GHSA-2h6c-rv6q-494v published Jun 30, 2023 by ljacomet

Moderate
Path traversal vulnerabilities in handling of Tar archives
GHSA-84mw-qh6q-v842 published Jun 30, 2023 by ljacomet

Moderate
Dependency verification: Usage of long IDs for PGP keys is unsafe and is subject to collision attacks
GHSA-c724-3xg7-g3hf published Feb 28, 2023 by ljacomet

Moderate
Dependency verification can ignore checksum verification when signature verification cannot be performed
GHSA-j6wc-xfg8-jx2j published Jul 14, 2022 by ljacomet

Moderate
Dependency verification can be bypassed when using `ResolutionStrategy.disableDependencyVerification()`
GHSA-9pf5-88jw-3qgr published Feb 10, 2022 by ljacomet

Moderate