Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: com.github.pmonks/clj-spdx 1.0.234-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
clojure-1.12.0.jarcpe:2.3:a:clojure:clojure:1.12.0:*:*:*:*:*:*:*pkg:maven/org.clojure/clojure@1.12.0 0Highest22
commons-lang3-3.5.jarpkg:maven/org.apache.commons/commons-lang3@3.5 0138
core.specs.alpha-0.4.74.jarcpe:2.3:a:alex_project:alex:0.4.74:*:*:*:*:*:*:*pkg:maven/org.clojure/core.specs.alpha@0.4.74 0Low17
gson-2.8.9.jarcpe:2.3:a:google:gson:2.8.9:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.9 0Highest28
instaparse-1.5.0.jarpkg:maven/instaparse/instaparse@1.5.0 017
java-spdx-library-1.1.12.jarpkg:maven/org.spdx/java-spdx-library@1.1.12 036
jsoup-1.15.3.jarcpe:2.3:a:jsoup:jsoup:1.15.3:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.15.3 0Highest39
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 016
rencg-1.0.64.jarpkg:maven/com.github.pmonks/rencg@1.0.64 020
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 028
spec.alpha-0.5.238.jarpkg:maven/org.clojure/spec.alpha@0.5.238 026
wreck-0.1.66.jarpkg:maven/com.github.pmonks/wreck@0.1.66 020

Dependencies (vulnerable)

clojure-1.12.0.jar

Description:

Clojure core environment and runtime library.

License:

Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php
File Path: /home/runner/.m2/repository/org/clojure/clojure/1.12.0/clojure-1.12.0.jar
MD5: 674322e2210fcd1a807b3526f74c9242
SHA1: 8e0b7e60ea3c8f1ef4273d695b27a6cb85000571
SHA256:c45333006441a059ea9fdb1341fc6c1f40b921a10dccd82665311e48a0384763

Identifiers

commons-lang3-3.5.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
SHA256:8ac96fc686512d777fca85e144f196cd7cfe0c0aec23127229497d1a38ff651c

Identifiers

core.specs.alpha-0.4.74.jar

Description:

Specs for clojure.core

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/
File Path: /home/runner/.m2/repository/org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar
MD5: ebd37b9a3c39e6b769fc1463737cb8d4
SHA1: d56a8d4c666ff8140e6d0a62d41263134be39254
SHA256:eb73ac08cf49ba840c88ba67beef11336ca554333d9408808d78946e0feb9ddb

Identifiers

gson-2.8.9.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.8.9/gson-2.8.9.jar
MD5: e67627f67e03301092dc7de0a2d7cef8
SHA1: 8a432c1d6825781e21a02db2e2c33c5fde2833b9
SHA256:d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e

Identifiers

instaparse-1.5.0.jar

Description:

Instaparse: No grammar left behind

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/instaparse/instaparse/1.5.0/instaparse-1.5.0.jar
MD5: b858977bcb62c8913768cfb0fb01a4c9
SHA1: edc617bd20362b2fc870df88f1687426a69fe007
SHA256:c2bcd6f3a74d1a114973e6ac71e3536f6b035f29f769e9d1ec528ffe5e56cc27

Identifiers

java-spdx-library-1.1.12.jar

Description:

Java library which implements the Java object model for SPDX and provides useful helper functions.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/spdx/java-spdx-library/1.1.12/java-spdx-library-1.1.12.jar
MD5: f74dd1e326452ed9e296beb569f39b0b
SHA1: 78369b642a4dc9d239aff8723aba383dbece9085
SHA256:e13e011b6c6481b06dfd4e4413397d7520b296de4dd4c87518383cb5e882893c

Identifiers

jsoup-1.15.3.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: /home/runner/.m2/repository/org/jsoup/jsoup/1.15.3/jsoup-1.15.3.jar
MD5: 4f16c3b17b8c1b0173b1ed9f99f2c27c
SHA1: f6e1d8a8819f854b681c8eaa57fd59a42329e10c
SHA256:e20a5e78b1372f2a4e620832db4442d5077e5cbde280b24c666a3770844999bc

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7

Identifiers

rencg-1.0.64.jar

Description:

A micro-library for Clojure that provides first class support for named-capturing groups in regular expressions.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/runner/.m2/repository/com/github/pmonks/rencg/1.0.64/rencg-1.0.64.jar
MD5: 5fc6641890f0d3c73ae6d8fe32f30908
SHA1: 2420de94e551842b4d6e4749ce49dda9c0547b80
SHA256:32ca868b506b8516b4c295838943b5ea9f30939ca3e9923d3b9a30fd16d94729

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832

Identifiers

spec.alpha-0.5.238.jar

Description:

Specification of data and functions

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/
File Path: /home/runner/.m2/repository/org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar
MD5: 9f5ea5239dc04d6a8115add1e4f5f23a
SHA1: 4eb5dea521c4e6e1f68c2c47517f14a922003e60
SHA256:94cd99b6ea639641f37af4860a643b6ed399ee5a8be5d717cff0b663c8d75077

Identifiers

wreck-0.1.66.jar

Description:

A micro-library for Clojure(Script) that provides regular expression construction functions.

License:

MPL-2.0: https://www.mozilla.org/en-US/MPL/2.0/
File Path: /home/runner/.m2/repository/com/github/pmonks/wreck/0.1.66/wreck-0.1.66.jar
MD5: 93609748b03e1b1e40114171c7f0d15a
SHA1: 1937426fbd5b90100be53dcbb631e5416f12c381
SHA256:d22413de6d58f4bbd6090f3857f69d42db82411789edc5f64bf18d1a2f266837

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.