Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: com.github.pmonks/lice-comb 2.0.348-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
clj-base62-0.1.1.jarpkg:maven/miikka/clj-base62@0.1.1 012
clj-spdx-1.0.176.jarpkg:maven/com.github.pmonks/clj-spdx@1.0.176 020
clj-xml-validation-1.0.2.jarpkg:maven/clj-xml-validation/clj-xml-validation@1.0.2 012
clojure-1.12.0.jarcpe:2.3:a:clojure:clojure:1.12.0:*:*:*:*:*:*:*pkg:maven/org.clojure/clojure@1.12.0 0Highest22
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest167
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest83
commons-digester-2.1.jarpkg:maven/commons-digester/commons-digester@2.1 097
commons-lang3-3.5.jarpkg:maven/org.apache.commons/commons-lang3@3.5 0138
commons-logging-1.3.2.jarpkg:maven/commons-logging/commons-logging@1.3.2 0128
commons-validator-1.9.0.jarpkg:maven/commons-validator/commons-validator@1.9.0 0129
core.specs.alpha-0.4.74.jarcpe:2.3:a:alex_project:alex:0.4.74:*:*:*:*:*:*:*pkg:maven/org.clojure/core.specs.alpha@0.4.74 0Low17
data.xml-0.2.0-alpha9.jarpkg:maven/org.clojure/data.xml@0.2.0-alpha9 028
embroidery-1.0.44.jarpkg:maven/com.github.pmonks/embroidery@1.0.44 020
gson-2.8.9.jarcpe:2.3:a:google:gson:2.8.9:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.9 0Highest28
hato-1.0.0.jarpkg:maven/hato/hato@1.0.0 017
instaparse-1.5.0.jarpkg:maven/instaparse/instaparse@1.5.0 017
java-spdx-library-1.1.11.jarpkg:maven/org.spdx/java-spdx-library@1.1.11 036
jsoup-1.15.3.jarcpe:2.3:a:jsoup:jsoup:1.15.3:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.15.3 0Highest39
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 016
medley-1.8.1.jarpkg:maven/dev.weavejester/medley@1.8.1 015
rencg-1.0.51.jarpkg:maven/com.github.pmonks/rencg@1.0.51 020
slf4j-api-2.0.13.jarpkg:maven/org.slf4j/slf4j-api@2.0.13 028
spec.alpha-0.5.238.jarpkg:maven/org.clojure/spec.alpha@0.5.238 026
tools.logging-1.3.0.jarcpe:2.3:a:alex_project:alex:1.3.0:*:*:*:*:*:*:*pkg:maven/org.clojure/tools.logging@1.3.0 0Low15
xml-in-0.1.1.jarpkg:maven/tolitius/xml-in@0.1.1 012

Dependencies (vulnerable)

clj-base62-0.1.1.jar

Description:

Base62 encoding and decoding for Clojure

File Path: /home/runner/.m2/repository/miikka/clj-base62/0.1.1/clj-base62-0.1.1.jar
MD5: 4d1ff2cba176169428c21fb9ddab0528
SHA1: e983866be496ce97fc442c07561be31cf1d95ecd
SHA256:b835393a3ef4d3f45574824f42d1fcc7980378971b484cd1994d70cbb0d54862

Identifiers

clj-spdx-1.0.176.jar

Description:

Clojure wrapper around spdx/Spdx-Java-Library.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/runner/.m2/repository/com/github/pmonks/clj-spdx/1.0.176/clj-spdx-1.0.176.jar
MD5: 46ed7ecc296a2521a84cd6de9c8859c1
SHA1: 790f0ed1581fb8c3daffd5de947174efd440bc6c
SHA256:f36deae199ea7282f2de5e860c94ed591f4d8dfac824e046ac9e860fcd91ac98

Identifiers

clj-xml-validation-1.0.2.jar

Description:

Simple XML Schema validation library for Clojure

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/clj-xml-validation/clj-xml-validation/1.0.2/clj-xml-validation-1.0.2.jar
MD5: ab69483eecdcab00c0eaa011b056c351
SHA1: be28bbe42941f00acfa073e986fa7b386a7c4f2d
SHA256:e4210b7290f38bf90ce0dfb6c4398b74f54c7636baef37598c05e2852b59bf43

Identifiers

clojure-1.12.0.jar

Description:

Clojure core environment and runtime library.

License:

Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php
File Path: /home/runner/.m2/repository/org/clojure/clojure/1.12.0/clojure-1.12.0.jar
MD5: 674322e2210fcd1a807b3526f74c9242
SHA1: 8e0b7e60ea3c8f1ef4273d695b27a6cb85000571
SHA256:c45333006441a059ea9fdb1341fc6c1f40b921a10dccd82665311e48a0384763

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8

Identifiers

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d

Identifiers

commons-lang3-3.5.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
SHA256:8ac96fc686512d777fca85e144f196cd7cfe0c0aec23127229497d1a38ff651c

Identifiers

commons-logging-1.3.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.2/commons-logging-1.3.2.jar
MD5: 4b970f3b14a5e53d8e8edff1cf2ecd91
SHA1: 3dc966156ef19d23c839715165435e582fafa753
SHA256:6b858424f518015f32bfcd1183a373f4a827d72d026b6031da0c91cf0e8f3489

Identifiers

commons-validator-1.9.0.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-validator/commons-validator/1.9.0/commons-validator-1.9.0.jar
MD5: 0adeb5a4d23a33b9c80f5fcb2fa2ab3f
SHA1: 26e49d333890ccad072eb530a85fceb9c07818df
SHA256:c3c14748e2d78db58df88808740711bd643b32c45ffa7b8a739f00fb467cd7d7

Identifiers

core.specs.alpha-0.4.74.jar

Description:

Specs for clojure.core

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/
File Path: /home/runner/.m2/repository/org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar
MD5: ebd37b9a3c39e6b769fc1463737cb8d4
SHA1: d56a8d4c666ff8140e6d0a62d41263134be39254
SHA256:eb73ac08cf49ba840c88ba67beef11336ca554333d9408808d78946e0feb9ddb

Identifiers

data.xml-0.2.0-alpha9.jar

Description:

Functions to parse XML into lazy sequences and lazy trees and emit these as text

File Path: /home/runner/.m2/repository/org/clojure/data.xml/0.2.0-alpha9/data.xml-0.2.0-alpha9.jar
MD5: ef1cfdccb910d381ad0b1ae75853dc32
SHA1: 424e7fd03bc5fd2df9db477fc892d1db955879cd
SHA256:1fe706c3830860dbc4f8d8b737f6b1236ef08fcbad85e5db40b8aa93da98004b

Identifiers

embroidery-1.0.44.jar

Description:

A Clojure micro-library for leveraging virtual threads on JVMs that support them.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/runner/.m2/repository/com/github/pmonks/embroidery/1.0.44/embroidery-1.0.44.jar
MD5: 0141ce9e67e5c76af519e98fc5a8bf5d
SHA1: 0ce7accc8b0fe2fcb13b0e509c322de914390ad2
SHA256:f978771dcca1ef87a0668cee9911882fea462791f20a6166b93edc356d35f152

Identifiers

gson-2.8.9.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.8.9/gson-2.8.9.jar
MD5: e67627f67e03301092dc7de0a2d7cef8
SHA1: 8a432c1d6825781e21a02db2e2c33c5fde2833b9
SHA256:d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e

Identifiers

hato-1.0.0.jar

Description:

An HTTP client for Clojure, wrapping JDK 11's HttpClient.

License:

The MIT License: http://opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/hato/hato/1.0.0/hato-1.0.0.jar
MD5: 169f69866f7e0eaf8f5a38ad049bcecf
SHA1: 6a1bea52787ef5419f9d4475bce4997581ee6276
SHA256:6b65a8f6145ec577b015cbfa3703c2d00f5e9f964bc6fca7b71dfc56a4ffe029

Identifiers

instaparse-1.5.0.jar

Description:

Instaparse: No grammar left behind

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/instaparse/instaparse/1.5.0/instaparse-1.5.0.jar
MD5: b858977bcb62c8913768cfb0fb01a4c9
SHA1: edc617bd20362b2fc870df88f1687426a69fe007
SHA256:c2bcd6f3a74d1a114973e6ac71e3536f6b035f29f769e9d1ec528ffe5e56cc27

Identifiers

java-spdx-library-1.1.11.jar

Description:

Java library which implements the Java object model for SPDX and provides useful helper functions.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/spdx/java-spdx-library/1.1.11/java-spdx-library-1.1.11.jar
MD5: bbee14269e94c903bcb75c1d7fc250d5
SHA1: f438688f8eb61f975c4c6f79c7c8b7d6fcc2c814
SHA256:5ca113ac2a885b264e0d1bdf684f4948b375adf3ffde84981944baf8f8fcc55a

Identifiers

jsoup-1.15.3.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: /home/runner/.m2/repository/org/jsoup/jsoup/1.15.3/jsoup-1.15.3.jar
MD5: 4f16c3b17b8c1b0173b1ed9f99f2c27c
SHA1: f6e1d8a8819f854b681c8eaa57fd59a42329e10c
SHA256:e20a5e78b1372f2a4e620832db4442d5077e5cbde280b24c666a3770844999bc

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7

Identifiers

medley-1.8.1.jar

Description:

A lightweight library of useful, mostly pure functions

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/dev/weavejester/medley/1.8.1/medley-1.8.1.jar
MD5: 2aa0e85a14ea0275b857b8f6aa085722
SHA1: 9940f1e5411a2760d54ff21566257bc0427fafe5
SHA256:0a8492f5c46d110f8e2003056733b6b62911e2bd204ea8119b8edacd33adc2d5

Identifiers

rencg-1.0.51.jar

Description:

A micro-library for Clojure that provides first class support for named-capturing groups in regular expressions.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/runner/.m2/repository/com/github/pmonks/rencg/1.0.51/rencg-1.0.51.jar
MD5: 57d5cb137b1955a15fadc6074da8550d
SHA1: bdd0836b60caf5ee0bdadeb4de20dd87c1398ab3
SHA256:82f0ff7e7e1aa63d27b593faaa6f0a9d15af32623bbcea1d825368315110d70d

Identifiers

slf4j-api-2.0.13.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.13/slf4j-api-2.0.13.jar
MD5: 7f4028aa04f75427327f3f30cd62ba4e
SHA1: 80229737f704b121a318bba5d5deacbcf395bc77
SHA256:e7c2a48e8515ba1f49fa637d57b4e2f590b3f5bd97407ac699c3aa5efb1204a9

Identifiers

spec.alpha-0.5.238.jar

Description:

Specification of data and functions

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/
File Path: /home/runner/.m2/repository/org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar
MD5: 9f5ea5239dc04d6a8115add1e4f5f23a
SHA1: 4eb5dea521c4e6e1f68c2c47517f14a922003e60
SHA256:94cd99b6ea639641f37af4860a643b6ed399ee5a8be5d717cff0b663c8d75077

Identifiers

tools.logging-1.3.0.jar

File Path: /home/runner/.m2/repository/org/clojure/tools.logging/1.3.0/tools.logging-1.3.0.jar
MD5: b6b3c2ffeb27a25eab2d6e0e3a6e6b57
SHA1: 07d45477c1b61230b0d1fcf36afccc02155a4b32
SHA256:826969b78d9ada327de6b7da0f176457d95614fa38c280326610f31a6b515c91

Identifiers

xml-in-0.1.1.jar

Description:

your friendly XML navigator

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/tolitius/xml-in/0.1.1/xml-in-0.1.1.jar
MD5: 754502ef9d8c1574d6d893b22f6101dc
SHA1: 0a68865842a0fa7484bca3a7be33f182d8213a97
SHA256:43ab632812fe03b86b1a154723d809bb393e11a0ff0e6677167f14ece40f5543

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.