Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.2.0
Report Generated On: Tue, 24 Mar 2026 05:48:04 GMT
Dependencies Scanned: 17 (17 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2026-03-24T05:47:55Z
NVD API Last Modified: 2026-03-24T05:16:25Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Confidence	Evidence Count
clojure-1.12.4.jar	cpe:2.3:a:clojure:clojure:1.12.4:::::::*	pkg:maven/org.clojure/clojure@1.12.4	Highest	22
commons-lang3-3.20.0.jar	cpe:2.3:a:apache:commons_lang:3.20.0:::::::*	pkg:maven/org.apache.commons/commons-lang3@3.20.0	Highest	144
core.specs.alpha-0.4.74.jar	cpe:2.3:a:alex_project:alex:0.4.74:::::::*	pkg:maven/org.clojure/core.specs.alpha@0.4.74	Low	17
embroidery-1.0.44.jar		pkg:maven/com.github.pmonks/embroidery@1.0.44		20
error_prone_annotations-2.41.0.jar		pkg:maven/com.google.errorprone/error_prone_annotations@2.41.0		28
gson-2.13.2.jar	cpe:2.3:a:google:gson:2.13.2:::::::*	pkg:maven/com.google.code.gson/gson@2.13.2	Highest	30
instaparse-1.5.0.jar		pkg:maven/instaparse/instaparse@1.5.0		17
java-spdx-library-2.0.3.jar		pkg:maven/org.spdx/java-spdx-library@2.0.3		34
jsoup-1.22.1.jar	cpe:2.3:a:jsoup:jsoup:1.22.1:::::::*	pkg:maven/org.jsoup/jsoup@1.22.1	Highest	43
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		16
rencg-1.0.90.jar		pkg:maven/com.github.pmonks/rencg@1.0.90		20
slf4j-api-2.0.17.jar		pkg:maven/org.slf4j/slf4j-api@2.0.17		28
spdx-java-core-1.0.3.jar		pkg:maven/org.spdx/spdx-java-core@1.0.3		34
spdx-java-model-2_X-1.0.3.jar		pkg:maven/org.spdx/spdx-java-model-2_X@1.0.3		36
spdx-java-model-3_0-1.0.3.jar		pkg:maven/org.spdx/spdx-java-model-3_0@1.0.3		34
spec.alpha-0.5.238.jar		pkg:maven/org.clojure/spec.alpha@0.5.238		26
wreck-1.0.151.jar		pkg:maven/com.github.pmonks/wreck@1.0.151		20

Dependencies (vulnerable)

clojure-1.12.4.jar

Description:

Clojure core environment and runtime library.

License:

Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php

File Path: /home/runner/.m2/repository/org/clojure/clojure/1.12.4/clojure-1.12.4.jar
MD5: c9e27ed601e1c83392c78fd9f3e7ecec
SHA1: 580cd548600f63b597efea7e94c3e55be2d12537
SHA256:4b81e9ba6da38c45d9cc58023c674062b8c9f0714f33ff00ded22e6a949da177

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	clojure	High
Vendor	jar	package name	clojure	Highest
Vendor	jar	package name	core	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	clojure	Low
Vendor	pom	developer email	richhickey@gmail.com	Low
Vendor	pom	developer name	Rich Hickey	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	clojure	High
Vendor	pom	url	http://clojure.org/	Highest
Product	file	name	clojure	High
Product	jar	package name	clojure	Highest
Product	jar	package name	core	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	artifactid	clojure	Highest
Product	pom	developer email	richhickey@gmail.com	Low
Product	pom	developer name	Rich Hickey	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	clojure	High
Product	pom	url	http://clojure.org/	Medium
Version	file	version	1.12.4	High
Version	pom	version	1.12.4	Highest

Identifiers

pkg:maven/org.clojure/clojure@1.12.4 (Confidence:High)
cpe:2.3:a:clojure:clojure:1.12.4:*:*:*:*:*:*:* (Confidence:Highest)

commons-lang3-3.20.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17, 21 and 25 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.20.0/commons-lang3-3.20.0.jar
MD5: 4b29562ded527aa074e1d44f8646dac5
SHA1: 65897b3e5731220962e659e001904af3c3cbeba9
SHA256:69e5c9fa35da7a51a5fd2099dfe56a2d8d32cf233e2f6d770e796146440263f4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	build-jdk-spec	25	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	build-jdk-spec	25	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.20.0	High
Version	Manifest	Bundle-Version	3.20.0	High
Version	Manifest	Implementation-Version	3.20.0	High
Version	pom	parent-version	3.20.0	Low
Version	pom	version	3.20.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.20.0 (Confidence:High)
cpe:2.3:a:apache:commons_lang:3.20.0:*:*:*:*:*:*:* (Confidence:Highest)

core.specs.alpha-0.4.74.jar

Description:

Specs for clojure.core

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/

File Path: /home/runner/.m2/repository/org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar
MD5: ebd37b9a3c39e6b769fc1463737cb8d4
SHA1: d56a8d4c666ff8140e6d0a62d41263134be39254
SHA256:eb73ac08cf49ba840c88ba67beef11336ca554333d9408808d78946e0feb9ddb

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	core.specs.alpha	High
Vendor	pom	artifactid	core.specs.alpha	Low
Vendor	pom	developer id	puredanger	Medium
Vendor	pom	developer name	Alex Miller	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	core.specs.alpha	High
Vendor	pom	parent-artifactid	pom.contrib	Low
Product	file	name	core.specs.alpha	High
Product	pom	artifactid	core.specs.alpha	Highest
Product	pom	developer id	puredanger	Low
Product	pom	developer name	Alex Miller	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	core.specs.alpha	High
Product	pom	parent-artifactid	pom.contrib	Medium
Version	file	version	0.4.74	High
Version	pom	parent-version	0.4.74	Low
Version	pom	version	0.4.74	Highest

Identifiers

pkg:maven/org.clojure/core.specs.alpha@0.4.74 (Confidence:High)
cpe:2.3:a:alex_project:alex:0.4.74:*:*:*:*:*:*:* (Confidence:Low)

embroidery-1.0.44.jar

Description:

A Clojure micro-library for leveraging virtual threads on JVMs that support them.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/com/github/pmonks/embroidery/1.0.44/embroidery-1.0.44.jar
MD5: 0141ce9e67e5c76af519e98fc5a8bf5d
SHA1: 0ce7accc8b0fe2fcb13b0e509c322de914390ad2
SHA256:f978771dcca1ef87a0668cee9911882fea462791f20a6166b93edc356d35f152

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	embroidery	High
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	pom	artifactid	embroidery	Low
Vendor	pom	developer email	pmonks+embroidery@gmail.com	Low
Vendor	pom	developer id	pmonks	Medium
Vendor	pom	developer name	Peter Monks	Medium
Vendor	pom	groupid	com.github.pmonks	Highest
Vendor	pom	name	embroidery	High
Vendor	pom	url	pmonks/embroidery	Highest
Product	file	name	embroidery	High
Product	Manifest	build-jdk-spec	21	Low
Product	pom	artifactid	embroidery	Highest
Product	pom	developer email	pmonks+embroidery@gmail.com	Low
Product	pom	developer id	pmonks	Low
Product	pom	developer name	Peter Monks	Low
Product	pom	groupid	com.github.pmonks	Highest
Product	pom	name	embroidery	High
Product	pom	url	pmonks/embroidery	High
Version	file	version	1.0.44	High
Version	pom	version	1.0.44	Highest

Identifiers

pkg:maven/com.github.pmonks/embroidery@1.0.44 (Confidence:High)

error_prone_annotations-2.41.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.41.0/error_prone_annotations-2.41.0.jar
MD5: 75e3b25da8b8a2136463c4674f5e49bf
SHA1: 4381275efdef6ddfae38f002c31e84cd001c97f0
SHA256:a56e782b5b50811ac204073a355a21d915a2107fce13ec711331ad036f660fcc

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	error_prone_annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Vendor	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	pom	name	error-prone annotations	High
Vendor	pom	parent-artifactid	error_prone_parent	Low
Product	file	name	error_prone_annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	errorprone	Highest
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Product	Manifest	Bundle-Name	error-prone annotations	Medium
Product	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	groupid	com.google.errorprone	Highest
Product	pom	name	error-prone annotations	High
Product	pom	parent-artifactid	error_prone_parent	Medium
Version	file	version	2.41.0	High
Version	Manifest	Bundle-Version	2.41.0	High
Version	pom	version	2.41.0	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.41.0 (Confidence:High)

gson-2.13.2.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.13.2/gson-2.13.2.jar
MD5: a2c47e14ce5e956105458fe455f5d542
SHA1: 48b8230771e573b54ce6e867a9001e75977fe78e
SHA256:dd0ce1b55a3ed2080cb70f9c655850cda86c206862310009dcb5e5c95265a5e0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	gson	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	gson	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/gson	Low
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	gson	Low
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	name	Gson	High
Vendor	pom	parent-artifactid	gson-parent	Low
Product	file	name	gson	High
Product	jar	package name	google	Highest
Product	jar	package name	gson	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Product	Manifest	bundle-docurl	https://github.com/google/gson	Low
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	gson	Highest
Product	pom	groupid	com.google.code.gson	Highest
Product	pom	name	Gson	High
Product	pom	parent-artifactid	gson-parent	Medium
Version	file	version	2.13.2	High
Version	Manifest	Bundle-Version	2.13.2	High
Version	pom	version	2.13.2	Highest

Identifiers

pkg:maven/com.google.code.gson/gson@2.13.2 (Confidence:High)
cpe:2.3:a:google:gson:2.13.2:*:*:*:*:*:*:* (Confidence:Highest)

instaparse-1.5.0.jar

Description:

Instaparse: No grammar left behind

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/runner/.m2/repository/instaparse/instaparse/1.5.0/instaparse-1.5.0.jar
MD5: b858977bcb62c8913768cfb0fb01a4c9
SHA1: edc617bd20362b2fc870df88f1687426a69fe007
SHA256:c2bcd6f3a74d1a114973e6ac71e3536f6b035f29f769e9d1ec528ffe5e56cc27

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	instaparse	High
Vendor	Manifest	leiningen-project-artifactid	instaparse	Low
Vendor	Manifest	leiningen-project-groupid	instaparse	Low
Vendor	pom	artifactid	instaparse	Low
Vendor	pom	groupid	instaparse	Highest
Vendor	pom	name	instaparse	High
Vendor	pom	url	Engelberg/instaparse	Highest
Product	file	name	instaparse	High
Product	Manifest	leiningen-project-artifactid	instaparse	Low
Product	Manifest	leiningen-project-groupid	instaparse	Low
Product	pom	artifactid	instaparse	Highest
Product	pom	groupid	instaparse	Highest
Product	pom	name	instaparse	High
Product	pom	url	Engelberg/instaparse	High
Version	file	version	1.5.0	High
Version	Manifest	leiningen-project-version	1.5.0	Medium
Version	pom	version	1.5.0	Highest

Identifiers

pkg:maven/instaparse/instaparse@1.5.0 (Confidence:High)

java-spdx-library-2.0.3.jar

Description:

Java library which implements the Java object model for SPDX and provides useful helper functions.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/spdx/java-spdx-library/2.0.3/java-spdx-library-2.0.3.jar
MD5: f8f4547a4c1cda2e2e29008784772197
SHA1: 584b420a9cc6db37dc7ce82addb71ab646825e16
SHA256:0f90da5cf2b47731079abcdf64cac00490ee367e0ce448003963034bf772c513

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	java-spdx-library	High
Vendor	jar	package name	library	Highest
Vendor	jar	package name	spdx	Highest
Vendor	Manifest	automatic-module-name	org.spdx.library	Medium
Vendor	Manifest	build-jdk-spec	23	Low
Vendor	pom	artifactid	java-spdx-library	Low
Vendor	pom	developer email	gary@sourceauditor.com	Low
Vendor	pom	developer id	goneall	Medium
Vendor	pom	developer name	Gary O'Neall	Medium
Vendor	pom	developer org	SPDX	Medium
Vendor	pom	developer org URL	http://spdx.org	Medium
Vendor	pom	groupid	org.spdx	Highest
Vendor	pom	name	java-spdx-library	High
Vendor	pom	organization name	SPDX	High
Vendor	pom	organization url	http://spdx.org	Medium
Vendor	pom	url	spdx/Spdx-Java-Library	Highest
Product	file	name	java-spdx-library	High
Product	jar	package name	library	Highest
Product	jar	package name	spdx	Highest
Product	Manifest	automatic-module-name	org.spdx.library	Medium
Product	Manifest	build-jdk-spec	23	Low
Product	pom	artifactid	java-spdx-library	Highest
Product	pom	developer email	gary@sourceauditor.com	Low
Product	pom	developer id	goneall	Low
Product	pom	developer name	Gary O'Neall	Low
Product	pom	developer org	SPDX	Low
Product	pom	developer org URL	http://spdx.org	Low
Product	pom	groupid	org.spdx	Highest
Product	pom	name	java-spdx-library	High
Product	pom	organization name	SPDX	Low
Product	pom	organization url	http://spdx.org	Low
Product	pom	url	spdx/Spdx-Java-Library	High
Version	file	version	2.0.3	High
Version	pom	version	2.0.3	Highest

Identifiers

pkg:maven/org.spdx/java-spdx-library@2.0.3 (Confidence:High)

jsoup-1.22.1.jar

Description:

jsoup is a Java library that simplifies working with real-world HTML and XML. It offers an easy-to-use API for URL fetching, data parsing, extraction, and manipulation using DOM API methods, CSS, and xpath selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers.

License:

The MIT License: https://jsoup.org/license

File Path: /home/runner/.m2/repository/org/jsoup/jsoup/1.22.1/jsoup-1.22.1.jar
MD5: 650c793f2362dd13d13355e558ea56f0
SHA1: 9085290f1032d8bdd4ab0a279d176a4bd9e282ca
SHA256:cfd3298d8720cddfb0545109ccc6ea0ef39eff7e9c40a10ad95c93a65f01c916

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsoup	High
Vendor	jar	package name	jsoup	Highest
Vendor	jar	package name	org	Highest
Vendor	jar	package name	parser	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://jsoup.org/	Low
Vendor	Manifest	bundle-symbolicname	org.jsoup	Medium
Vendor	Manifest	Implementation-Vendor	Jonathan Hedley	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Vendor	pom	artifactid	jsoup	Low
Vendor	pom	developer email	jonathan@hedley.net	Low
Vendor	pom	developer id	jhy	Medium
Vendor	pom	developer name	Jonathan Hedley	Medium
Vendor	pom	groupid	org.jsoup	Highest
Vendor	pom	name	jsoup Java HTML Parser	High
Vendor	pom	organization name	Jonathan Hedley	High
Vendor	pom	organization url	https://jhedley.com/	Medium
Vendor	pom	url	https://jsoup.org/	Highest
Product	file	name	jsoup	High
Product	jar	package name	jsoup	Highest
Product	jar	package name	org	Highest
Product	jar	package name	parser	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://jsoup.org/	Low
Product	Manifest	Bundle-Name	jsoup Java HTML Parser	Medium
Product	Manifest	bundle-symbolicname	org.jsoup	Medium
Product	Manifest	Implementation-Title	jsoup Java HTML Parser	High
Product	Manifest	multi-release	true	Low
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Product	pom	artifactid	jsoup	Highest
Product	pom	developer email	jonathan@hedley.net	Low
Product	pom	developer id	jhy	Low
Product	pom	developer name	Jonathan Hedley	Low
Product	pom	groupid	org.jsoup	Highest
Product	pom	name	jsoup Java HTML Parser	High
Product	pom	organization name	Jonathan Hedley	Low
Product	pom	organization url	https://jhedley.com/	Low
Product	pom	url	https://jsoup.org/	Medium
Version	file	version	1.22.1	High
Version	Manifest	Bundle-Version	1.22.1	High
Version	Manifest	Implementation-Version	1.22.1	High
Version	pom	version	1.22.1	Highest

Identifiers

pkg:maven/org.jsoup/jsoup@1.22.1 (Confidence:High)
cpe:2.3:a:jsoup:jsoup:1.22.1:*:*:*:*:*:*:* (Confidence:Highest)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

rencg-1.0.90.jar

Description:

A micro-library for Clojure that provides first class support for named-capturing groups in regular expressions.

License:

MPL-2.0: https://www.mozilla.org/en-US/MPL/2.0/

File Path: /home/runner/.m2/repository/com/github/pmonks/rencg/1.0.90/rencg-1.0.90.jar
MD5: 66a7867a696c5b2285c2bf7b89209343
SHA1: 2c0a7115d50c49b89bec84d45de8fbe93fd4809c
SHA256:1f4e5269fcd0b52287deddddb53f9112d7b7cbc866a11960ae64851894c51af1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	rencg	High
Vendor	Manifest	build-jdk-spec	25	Low
Vendor	pom	artifactid	rencg	Low
Vendor	pom	developer email	pmonks+rencg@gmail.com	Low
Vendor	pom	developer id	pmonks	Medium
Vendor	pom	developer name	Peter Monks	Medium
Vendor	pom	groupid	com.github.pmonks	Highest
Vendor	pom	name	rencg	High
Vendor	pom	url	pmonks/rencg	Highest
Product	file	name	rencg	High
Product	Manifest	build-jdk-spec	25	Low
Product	pom	artifactid	rencg	Highest
Product	pom	developer email	pmonks+rencg@gmail.com	Low
Product	pom	developer id	pmonks	Low
Product	pom	developer name	Peter Monks	Low
Product	pom	groupid	com.github.pmonks	Highest
Product	pom	name	rencg	High
Product	pom	url	pmonks/rencg	High
Version	file	version	1.0.90	High
Version	pom	version	1.0.90	Highest

Identifiers

pkg:maven/com.github.pmonks/rencg@1.0.90 (Confidence:High)

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.17	High
Version	Manifest	Bundle-Version	2.0.17	High
Version	Manifest	Implementation-Version	2.0.17	High
Version	pom	version	2.0.17	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.17 (Confidence:High)

spdx-java-core-1.0.3.jar

Description:

Core libraries for SPDX

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/spdx/spdx-java-core/1.0.3/spdx-java-core-1.0.3.jar
MD5: eda865ec8f20f3452c6f97d03f17f466
SHA1: ddf4751cec50b29d0806a995d67b0ba6b071ae05
SHA256:3624a8edc894e4d9dba53a0acecc1d5d31bb68135a5c4759873535821e35fc02

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spdx-java-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	spdx	Highest
Vendor	Manifest	automatic-module-name	org.spdx.core	Medium
Vendor	Manifest	build-jdk-spec	23	Low
Vendor	pom	artifactid	spdx-java-core	Low
Vendor	pom	developer email	gary@sourceauditor.com	Low
Vendor	pom	developer id	goneall	Medium
Vendor	pom	developer name	Gary O'Neall	Medium
Vendor	pom	developer org	SPDX	Medium
Vendor	pom	developer org URL	http://spdx.org	Medium
Vendor	pom	groupid	org.spdx	Highest
Vendor	pom	name	spdx-java-core	High
Vendor	pom	organization name	SPDX	High
Vendor	pom	organization url	http://spdx.org	Medium
Vendor	pom	url	spdx/spdx-java-core	Highest
Product	file	name	spdx-java-core	High
Product	jar	package name	core	Highest
Product	jar	package name	spdx	Highest
Product	Manifest	automatic-module-name	org.spdx.core	Medium
Product	Manifest	build-jdk-spec	23	Low
Product	pom	artifactid	spdx-java-core	Highest
Product	pom	developer email	gary@sourceauditor.com	Low
Product	pom	developer id	goneall	Low
Product	pom	developer name	Gary O'Neall	Low
Product	pom	developer org	SPDX	Low
Product	pom	developer org URL	http://spdx.org	Low
Product	pom	groupid	org.spdx	Highest
Product	pom	name	spdx-java-core	High
Product	pom	organization name	SPDX	Low
Product	pom	organization url	http://spdx.org	Low
Product	pom	url	spdx/spdx-java-core	High
Version	file	version	1.0.3	High
Version	pom	version	1.0.3	Highest

Identifiers

pkg:maven/org.spdx/spdx-java-core@1.0.3 (Confidence:High)

spdx-java-model-2_X-1.0.3.jar

Description:

SPDX model versions 2.0, 2.1, and 2.3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/spdx/spdx-java-model-2_X/1.0.3/spdx-java-model-2_X-1.0.3.jar
MD5: f3e46827a2d7df81286712a0fb403bff
SHA1: b481453468f814b26cbfc8186dc98a1552949e59
SHA256:97ff4e4b7a4b04d59a3caacd8f67979493549ac5536ab1d0093c53e7aed1bf57

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spdx-java-model-2_X	High
Vendor	jar	package name	model	Highest
Vendor	jar	package name	spdx	Highest
Vendor	jar	package name	v2	Highest
Vendor	Manifest	automatic-module-name	org.spdx.model.v2	Medium
Vendor	Manifest	build-jdk-spec	23	Low
Vendor	pom	artifactid	spdx-java-model-2_X	Low
Vendor	pom	developer email	gary@sourceauditor.com	Low
Vendor	pom	developer id	goneall	Medium
Vendor	pom	developer name	Gary O'Neall	Medium
Vendor	pom	developer org	SPDX	Medium
Vendor	pom	developer org URL	http://spdx.org	Medium
Vendor	pom	groupid	org.spdx	Highest
Vendor	pom	name	spdx-java-model-2_X	High
Vendor	pom	organization name	SPDX	High
Vendor	pom	organization url	http://spdx.org	Medium
Vendor	pom	url	spdx/spdx-java-model-2_X	Highest
Product	file	name	spdx-java-model-2_X	High
Product	jar	package name	model	Highest
Product	jar	package name	spdx	Highest
Product	jar	package name	v2	Highest
Product	Manifest	automatic-module-name	org.spdx.model.v2	Medium
Product	Manifest	build-jdk-spec	23	Low
Product	pom	artifactid	spdx-java-model-2_X	Highest
Product	pom	developer email	gary@sourceauditor.com	Low
Product	pom	developer id	goneall	Low
Product	pom	developer name	Gary O'Neall	Low
Product	pom	developer org	SPDX	Low
Product	pom	developer org URL	http://spdx.org	Low
Product	pom	groupid	org.spdx	Highest
Product	pom	name	spdx-java-model-2_X	High
Product	pom	organization name	SPDX	Low
Product	pom	organization url	http://spdx.org	Low
Product	pom	url	spdx/spdx-java-model-2_X	High
Version	file	version	1.0.3	High
Version	pom	version	1.0.3	Highest

Identifiers

pkg:maven/org.spdx/spdx-java-model-2_X@1.0.3 (Confidence:High)

spdx-java-model-3_0-1.0.3.jar

Description:

Generated java model source code

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/spdx/spdx-java-model-3_0/1.0.3/spdx-java-model-3_0-1.0.3.jar
MD5: 2dc2062035e4dbeeb0b4768b9d4f7a65
SHA1: f9012d906673a486eec9a553f060746689ece219
SHA256:7f2b1286cfbb7427aaaf89fac2037fdc0a0b3ab9f25812fe8872cf3e768a1644

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spdx-java-model-3_0	High
Vendor	jar	package name	model	Highest
Vendor	jar	package name	spdx	Highest
Vendor	Manifest	automatic-module-name	org.spdx.model.v3	Medium
Vendor	Manifest	build-jdk-spec	23	Low
Vendor	pom	artifactid	spdx-java-model-3_0	Low
Vendor	pom	developer email	gary@sourceauditor.com	Low
Vendor	pom	developer id	goneall	Medium
Vendor	pom	developer name	Gary O'Neall	Medium
Vendor	pom	developer org	SPDX	Medium
Vendor	pom	developer org URL	http://spdx.org	Medium
Vendor	pom	groupid	org.spdx	Highest
Vendor	pom	name	spdx-java-model-3	High
Vendor	pom	organization name	SPDX	High
Vendor	pom	organization url	http://spdx.org	Medium
Vendor	pom	url	spdx/spdx-java-model-3_0	Highest
Product	file	name	spdx-java-model-3_0	High
Product	jar	package name	model	Highest
Product	jar	package name	spdx	Highest
Product	Manifest	automatic-module-name	org.spdx.model.v3	Medium
Product	Manifest	build-jdk-spec	23	Low
Product	pom	artifactid	spdx-java-model-3_0	Highest
Product	pom	developer email	gary@sourceauditor.com	Low
Product	pom	developer id	goneall	Low
Product	pom	developer name	Gary O'Neall	Low
Product	pom	developer org	SPDX	Low
Product	pom	developer org URL	http://spdx.org	Low
Product	pom	groupid	org.spdx	Highest
Product	pom	name	spdx-java-model-3	High
Product	pom	organization name	SPDX	Low
Product	pom	organization url	http://spdx.org	Low
Product	pom	url	spdx/spdx-java-model-3_0	High
Version	file	version	1.0.3	High
Version	pom	version	1.0.3	Highest

Identifiers

pkg:maven/org.spdx/spdx-java-model-3_0@1.0.3 (Confidence:High)

spec.alpha-0.5.238.jar

Description:

Specification of data and functions

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/

File Path: /home/runner/.m2/repository/org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar
MD5: 9f5ea5239dc04d6a8115add1e4f5f23a
SHA1: 4eb5dea521c4e6e1f68c2c47517f14a922003e60
SHA256:94cd99b6ea639641f37af4860a643b6ed399ee5a8be5d717cff0b663c8d75077

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spec.alpha	High
Vendor	jar	package name	alpha	Highest
Vendor	jar	package name	clojure	Highest
Vendor	jar	package name	clojure	Low
Vendor	jar	package name	spec	Highest
Vendor	jar	package name	spec	Low
Vendor	pom	artifactid	spec.alpha	Low
Vendor	pom	developer id	richhickey	Medium
Vendor	pom	developer name	Rich Hickey	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	spec.alpha	High
Vendor	pom	parent-artifactid	pom.contrib	Low
Product	file	name	spec.alpha	High
Product	jar	package name	alpha	Highest
Product	jar	package name	clojure	Highest
Product	jar	package name	spec	Highest
Product	jar	package name	spec	Low
Product	pom	artifactid	spec.alpha	Highest
Product	pom	developer id	richhickey	Low
Product	pom	developer name	Rich Hickey	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	spec.alpha	High
Product	pom	parent-artifactid	pom.contrib	Medium
Version	file	version	0.5.238	High
Version	pom	parent-version	0.5.238	Low
Version	pom	version	0.5.238	Highest

Identifiers

pkg:maven/org.clojure/spec.alpha@0.5.238 (Confidence:High)

wreck-1.0.151.jar

Description:

A micro-library for Clojure(Script) that provides regular expression construction functions.

License:

MPL-2.0: https://www.mozilla.org/en-US/MPL/2.0/

File Path: /home/runner/.m2/repository/com/github/pmonks/wreck/1.0.151/wreck-1.0.151.jar
MD5: 5228ff4040d4507d71981abb1147e31a
SHA1: d0155a0a808a36fe357982ea802af782bd2c3a45
SHA256:e8461684855a06dcd664970d79adca22265e571a076c4e09412f80969551bbe4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	wreck	High
Vendor	Manifest	build-jdk-spec	25	Low
Vendor	pom	artifactid	wreck	Low
Vendor	pom	developer email	pmonks+wreck@gmail.com	Low
Vendor	pom	developer id	pmonks	Medium
Vendor	pom	developer name	Peter Monks	Medium
Vendor	pom	groupid	com.github.pmonks	Highest
Vendor	pom	name	wreck	High
Vendor	pom	url	pmonks/wreck	Highest
Product	file	name	wreck	High
Product	Manifest	build-jdk-spec	25	Low
Product	pom	artifactid	wreck	Highest
Product	pom	developer email	pmonks+wreck@gmail.com	Low
Product	pom	developer id	pmonks	Low
Product	pom	developer name	Peter Monks	Low
Product	pom	groupid	com.github.pmonks	Highest
Product	pom	name	wreck	High
Product	pom	url	pmonks/wreck	High
Version	file	version	1.0.151	High
Version	pom	version	1.0.151	Highest

Identifiers

pkg:maven/com.github.pmonks/wreck@1.0.151 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: com.github.pmonks/clj-spdx 1.0.335-SNAPSHOT

Summary

Dependencies (vulnerable)

clojure-1.12.4.jar

Evidence

Identifiers

commons-lang3-3.20.0.jar

Evidence

Identifiers

core.specs.alpha-0.4.74.jar

Evidence

Identifiers

embroidery-1.0.44.jar

Evidence

Identifiers

error_prone_annotations-2.41.0.jar

Evidence

Identifiers

gson-2.13.2.jar

Evidence

Identifiers

instaparse-1.5.0.jar

Evidence

Identifiers

java-spdx-library-2.0.3.jar

Evidence

Identifiers

jsoup-1.22.1.jar

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

rencg-1.0.90.jar

Evidence

Identifiers

slf4j-api-2.0.17.jar

Evidence

Identifiers

spdx-java-core-1.0.3.jar

Evidence

Identifiers

spdx-java-model-2_X-1.0.3.jar

Evidence

Identifiers

spdx-java-model-3_0-1.0.3.jar

Evidence

Identifiers

spec.alpha-0.5.238.jar

Evidence

Identifiers

wreck-1.0.151.jar

Evidence

Identifiers