Gradle Vulnerability Scanner
Check your Gradle dependencies against a curated list of known-vulnerable library versions. (Not a full CVE database.)
About Gradle Vulnerability Scanner
Check your Gradle dependencies against a curated list of known-vulnerable library versions. (Not a full CVE database.)
Gradle Vulnerability Scanner is part of APKLint’s code quality toolkit — Static analysis for Kotlin, Java, and your Gradle build. It’s free to use and needs no account.
Your privacy is the default: what you submit is processed on our servers over an encrypted connection for that request only — it isn’t written to file or object storage, and never shared.
What Gradle Vulnerability Scanner checks
- Matches your dependencies against a curated known-vulnerable list
- Flags versions with documented security issues
- Suggests upgrading flagged libraries
- Reads from your pasted build.gradle
Good to know: Uses a curated list of well-known vulnerable versions — it is not a full CVE/OSV database scan.
When to use Gradle Vulnerability Scanner
- Best for
- Checking pasted Gradle dependencies against a curated list of known-vulnerable library versions.
- Not the right tool for
- Not a full SCA/CVE feed and not a dependency-conflict checker (use the Dependency Checker for that).
- What you get back
- Matches where a declared dependency version appears on a curated known-vulnerable list.
- How it differs from related APKLint tools
- Where the Dependency Checker is about versions and conflicts, this is about whether those versions are known to be vulnerable.
- Limitations
- A curated list is not exhaustive; absence of a match is not proof of safety. Verify against an up-to-date advisory source.
How to use Gradle Vulnerability Scanner
- Paste your dependencies — Paste your build.gradle / build.gradle.kts dependency block.
- Send for analysis — APKLint checks it on our servers over an encrypted connection.
- Review the findings — Work through each result with a short explanation of why it matters.
- Nothing is stored — Your pasted text is processed for this request only — it isn't written to file or object storage, logged for analytics, or shared.
Why use APKLint
Every tool is free with no login and no paywall. Reasonable file and input limits keep the free service stable.
A clean, focused interface with no third-party ad banners cluttering your results.
What you submit is processed for the request only — it isn't written to file or object storage, and never shared.
A pure-Python Gradle and dependency parser.
Start immediately — no account, login, or email required.
Runs in any modern browser, on desktop or mobile.
Frequently asked questions
What does Gradle Vulnerability Scanner do?
Check your Gradle dependencies against a curated list of known-vulnerable library versions. (Not a full CVE database.)
Is this a full CVE scan?
No. It checks a curated set of widely-known vulnerable versions. For complete coverage, run OSV-Scanner or Trivy with your lockfiles.
Is it free to use?
Yes. Every tool on APKLint is completely free, with no sign-up and no account.
How is my data handled?
What you submit is sent to our backend over an encrypted connection only to produce your result. It isn't written to file storage, used for analytics, or shared.
What should I paste in?
Paste your build.gradle / build.gradle.kts dependency block.