Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.2.0
Report Generated On: Tue, 27 Jan 2026 04:04:22 GMT
Dependencies Scanned: 25 (25 unique)
Vulnerable Dependencies: 2
Vulnerabilities Found: 2
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2026-01-27T04:04:12Z
NVD API Last Modified: 2026-01-27T02:16:01Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
clj-base62-0.1.1.jar		pkg:maven/miikka/clj-base62@0.1.1		0		12
clj-spdx-1.0.176.jar		pkg:maven/com.github.pmonks/clj-spdx@1.0.176		0		20
clj-xml-validation-1.0.2.jar		pkg:maven/clj-xml-validation/clj-xml-validation@1.0.2		0		12
clojure-1.12.4.jar	cpe:2.3:a:clojure:clojure:1.12.4:::::::*	pkg:maven/org.clojure/clojure@1.12.4		0	Highest	22
commons-beanutils-1.9.4.jar	cpe:2.3:a:apache:commons_beanutils:1.9.4:::::::*	pkg:maven/commons-beanutils/commons-beanutils@1.9.4	HIGH	1	Highest	167
commons-collections-3.2.2.jar	cpe:2.3:a:apache:commons_collections:3.2.2:::::::*	pkg:maven/commons-collections/commons-collections@3.2.2		0	Highest	83
commons-digester-2.1.jar		pkg:maven/commons-digester/commons-digester@2.1		0		97
commons-lang3-3.5.jar	cpe:2.3:a:apache:commons_lang:3.5:::::::*	pkg:maven/org.apache.commons/commons-lang3@3.5	MEDIUM	1	Highest	138
commons-logging-1.3.2.jar		pkg:maven/commons-logging/commons-logging@1.3.2		0		128
commons-validator-1.9.0.jar		pkg:maven/commons-validator/commons-validator@1.9.0		0		129
core.specs.alpha-0.4.74.jar	cpe:2.3:a:alex_project:alex:0.4.74:::::::*	pkg:maven/org.clojure/core.specs.alpha@0.4.74		0	Low	17
data.xml-0.2.0-alpha9.jar		pkg:maven/org.clojure/data.xml@0.2.0-alpha9		0		28
embroidery-1.0.44.jar		pkg:maven/com.github.pmonks/embroidery@1.0.44		0		20
gson-2.8.9.jar	cpe:2.3:a:google:gson:2.8.9:::::::*	pkg:maven/com.google.code.gson/gson@2.8.9		0	Highest	28
hato-1.0.0.jar		pkg:maven/hato/hato@1.0.0		0		17
instaparse-1.5.0.jar		pkg:maven/instaparse/instaparse@1.5.0		0		17
java-spdx-library-1.1.11.jar		pkg:maven/org.spdx/java-spdx-library@1.1.11		0		36
jsoup-1.15.3.jar	cpe:2.3:a:jsoup:jsoup:1.15.3:::::::*	pkg:maven/org.jsoup/jsoup@1.15.3		0	Highest	39
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		16
medley-1.8.1.jar		pkg:maven/dev.weavejester/medley@1.8.1		0		15
rencg-1.0.51.jar		pkg:maven/com.github.pmonks/rencg@1.0.51		0		20
slf4j-api-2.0.13.jar		pkg:maven/org.slf4j/slf4j-api@2.0.13		0		28
spec.alpha-0.5.238.jar		pkg:maven/org.clojure/spec.alpha@0.5.238		0		26
tools.logging-1.3.0.jar	cpe:2.3:a:alex_project:alex:1.3.0:::::::*	pkg:maven/org.clojure/tools.logging@1.3.0		0	Low	15
xml-in-0.1.1.jar		pkg:maven/tolitius/xml-in@0.1.1		0		12

Dependencies (vulnerable)

clj-base62-0.1.1.jar

Description:

Base62 encoding and decoding for Clojure

File Path: /home/runner/.m2/repository/miikka/clj-base62/0.1.1/clj-base62-0.1.1.jar
MD5: 4d1ff2cba176169428c21fb9ddab0528
SHA1: e983866be496ce97fc442c07561be31cf1d95ecd
SHA256:b835393a3ef4d3f45574824f42d1fcc7980378971b484cd1994d70cbb0d54862

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	clj-base62	High
Vendor	pom	artifactid	clj-base62	Low
Vendor	pom	groupid	miikka	Highest
Vendor	pom	name	clj-base62	High
Vendor	pom	url	https://sr.ht/~miikka/clj-base62	Highest
Product	file	name	clj-base62	High
Product	pom	artifactid	clj-base62	Highest
Product	pom	groupid	miikka	Highest
Product	pom	name	clj-base62	High
Product	pom	url	https://sr.ht/~miikka/clj-base62	Medium
Version	file	version	0.1.1	High
Version	pom	version	0.1.1	Highest

Identifiers

pkg:maven/miikka/clj-base62@0.1.1 (Confidence:High)

clj-spdx-1.0.176.jar

Description:

Clojure wrapper around spdx/Spdx-Java-Library.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/com/github/pmonks/clj-spdx/1.0.176/clj-spdx-1.0.176.jar
MD5: 46ed7ecc296a2521a84cd6de9c8859c1
SHA1: 790f0ed1581fb8c3daffd5de947174efd440bc6c
SHA256:f36deae199ea7282f2de5e860c94ed591f4d8dfac824e046ac9e860fcd91ac98

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	clj-spdx	High
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	pom	artifactid	clj-spdx	Low
Vendor	pom	developer email	pmonks+clj-spdx@gmail.com	Low
Vendor	pom	developer id	pmonks	Medium
Vendor	pom	developer name	Peter Monks	Medium
Vendor	pom	groupid	com.github.pmonks	Highest
Vendor	pom	name	clj-spdx	High
Vendor	pom	url	pmonks/clj-spdx	Highest
Product	file	name	clj-spdx	High
Product	Manifest	build-jdk-spec	21	Low
Product	pom	artifactid	clj-spdx	Highest
Product	pom	developer email	pmonks+clj-spdx@gmail.com	Low
Product	pom	developer id	pmonks	Low
Product	pom	developer name	Peter Monks	Low
Product	pom	groupid	com.github.pmonks	Highest
Product	pom	name	clj-spdx	High
Product	pom	url	pmonks/clj-spdx	High
Version	file	version	1.0.176	High
Version	pom	version	1.0.176	Highest

Identifiers

pkg:maven/com.github.pmonks/clj-spdx@1.0.176 (Confidence:High)

clj-xml-validation-1.0.2.jar

Description:

Simple XML Schema validation library for Clojure

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/runner/.m2/repository/clj-xml-validation/clj-xml-validation/1.0.2/clj-xml-validation-1.0.2.jar
MD5: ab69483eecdcab00c0eaa011b056c351
SHA1: be28bbe42941f00acfa073e986fa7b386a7c4f2d
SHA256:e4210b7290f38bf90ce0dfb6c4398b74f54c7636baef37598c05e2852b59bf43

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	clj-xml-validation	High
Vendor	pom	artifactid	clj-xml-validation	Low
Vendor	pom	groupid	clj-xml-validation	Highest
Vendor	pom	name	clj-xml-validation	High
Vendor	pom	url	bbbates/clj-xml-validation	Highest
Product	file	name	clj-xml-validation	High
Product	pom	artifactid	clj-xml-validation	Highest
Product	pom	groupid	clj-xml-validation	Highest
Product	pom	name	clj-xml-validation	High
Product	pom	url	bbbates/clj-xml-validation	High
Version	file	version	1.0.2	High
Version	pom	version	1.0.2	Highest

Identifiers

pkg:maven/clj-xml-validation/clj-xml-validation@1.0.2 (Confidence:High)

clojure-1.12.4.jar

Description:

Clojure core environment and runtime library.

License:

Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php

File Path: /home/runner/.m2/repository/org/clojure/clojure/1.12.4/clojure-1.12.4.jar
MD5: c9e27ed601e1c83392c78fd9f3e7ecec
SHA1: 580cd548600f63b597efea7e94c3e55be2d12537
SHA256:4b81e9ba6da38c45d9cc58023c674062b8c9f0714f33ff00ded22e6a949da177

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	clojure	High
Vendor	jar	package name	clojure	Highest
Vendor	jar	package name	core	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	clojure	Low
Vendor	pom	developer email	richhickey@gmail.com	Low
Vendor	pom	developer name	Rich Hickey	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	clojure	High
Vendor	pom	url	http://clojure.org/	Highest
Product	file	name	clojure	High
Product	jar	package name	clojure	Highest
Product	jar	package name	core	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	artifactid	clojure	Highest
Product	pom	developer email	richhickey@gmail.com	Low
Product	pom	developer name	Rich Hickey	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	clojure	High
Product	pom	url	http://clojure.org/	Medium
Version	file	version	1.12.4	High
Version	pom	version	1.12.4	Highest

Identifiers

pkg:maven/org.clojure/clojure@1.12.4 (Confidence:High)
cpe:2.3:a:clojure:clojure:1.12.4:*:*:*:*:*:*:* (Confidence:Highest)

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-beanutils	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	beanutils	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-beanutils/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-beanutils	Medium
Vendor	Manifest	implementation-build	UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000	Low
Vendor	Manifest	implementation-url	https://commons.apache.org/proper/commons-beanutils/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-beanutils	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	dion@apache.org	Low
Vendor	pom	developer email	epugh@apache.org	Low
Vendor	pom	developer email	geirm@apache.org	Low
Vendor	pom	developer email	ggregory@apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	jconlon@apache.org	Low
Vendor	pom	developer email	jstrachan@apache.org	Low
Vendor	pom	developer email	morgand@apache.org	Low
Vendor	pom	developer email	mvdb@apache.org	Low
Vendor	pom	developer email	niallp@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer email	scolebourne@apache.org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	stain@apache.org	Low
Vendor	pom	developer email	tobrien@apache.org	Low
Vendor	pom	developer email	yoavs@apache.org	Low
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dion	Medium
Vendor	pom	developer id	epugh	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	jconlon	Medium
Vendor	pom	developer id	jstrachan	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	mvdb	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	stain	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer id	yoavs	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	David Eric Pugh	Medium
Vendor	pom	developer name	Dion Gillard	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Geir Magnusson Jr.	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	James Strachan	Medium
Vendor	pom	developer name	John E. Conlon	Medium
Vendor	pom	developer name	Martin van den Bemt	Medium
Vendor	pom	developer name	Morgan James Delagrange	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Stian Soiland-Reyes	Medium
Vendor	pom	developer name	Tim O'Brien	Medium
Vendor	pom	developer name	Yoav Shapira	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	groupid	commons-beanutils	Highest
Vendor	pom	name	Apache Commons BeanUtils	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-beanutils/	Highest
Product	file	name	commons-beanutils	High
Product	jar	package name	apache	Highest
Product	jar	package name	beanutils	Highest
Product	jar	package name	commons	Highest
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-beanutils/	Low
Product	Manifest	Bundle-Name	Apache Commons BeanUtils	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-beanutils	Medium
Product	Manifest	implementation-build	UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000	Low
Product	Manifest	Implementation-Title	Apache Commons BeanUtils	High
Product	Manifest	implementation-url	https://commons.apache.org/proper/commons-beanutils/	Low
Product	Manifest	specification-title	Apache Commons BeanUtils	Medium
Product	pom	artifactid	commons-beanutils	Highest
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	dion@apache.org	Low
Product	pom	developer email	epugh@apache.org	Low
Product	pom	developer email	geirm@apache.org	Low
Product	pom	developer email	ggregory@apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	jconlon@apache.org	Low
Product	pom	developer email	jstrachan@apache.org	Low
Product	pom	developer email	morgand@apache.org	Low
Product	pom	developer email	mvdb@apache.org	Low
Product	pom	developer email	niallp@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer email	scolebourne@apache.org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	stain@apache.org	Low
Product	pom	developer email	tobrien@apache.org	Low
Product	pom	developer email	yoavs@apache.org	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dion	Low
Product	pom	developer id	epugh	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	jconlon	Low
Product	pom	developer id	jstrachan	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	mvdb	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	stain	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer id	yoavs	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	David Eric Pugh	Low
Product	pom	developer name	Dion Gillard	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Geir Magnusson Jr.	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	James Strachan	Low
Product	pom	developer name	John E. Conlon	Low
Product	pom	developer name	Martin van den Bemt	Low
Product	pom	developer name	Morgan James Delagrange	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Stian Soiland-Reyes	Low
Product	pom	developer name	Tim O'Brien	Low
Product	pom	developer name	Yoav Shapira	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	groupid	commons-beanutils	Highest
Product	pom	name	Apache Commons BeanUtils	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-beanutils/	Medium
Version	file	version	1.9.4	High
Version	Manifest	Bundle-Version	1.9.4	High
Version	Manifest	Implementation-Version	1.9.4	High
Version	pom	parent-version	1.9.4	Low
Version	pom	version	1.9.4	Highest

Identifiers

pkg:maven/commons-beanutils/commons-beanutils@1.9.4 (Confidence:High)
cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2025-48734

Improper Access Control vulnerability in Apache Commons.



A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.





Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.

This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils

 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.


Users of the artifact org.apache.commons:commons-beanutils2

 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

CWE-284 Improper Access Control, NVD-CWE-Other

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

References:

af854a3a-2127-422b-91ae-364da2661108 - https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY
security@apache.org - MAILING_LIST,VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-collections	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	collections	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/collections/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.collections	Medium
Vendor	Manifest	implementation-build	tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100	Low
Vendor	Manifest	implementation-url	http://commons.apache.org/collections/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-collections	Low
Vendor	pom	developer id	amamment	Medium
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	psteitz	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Arun M. Thomas	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Geir Magnusson	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Phil Steitz	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	groupid	commons-collections	Highest
Vendor	pom	name	Apache Commons Collections	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/collections/	Highest
Product	file	name	commons-collections	High
Product	jar	package name	apache	Highest
Product	jar	package name	collections	Highest
Product	jar	package name	commons	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/collections/	Low
Product	Manifest	Bundle-Name	Apache Commons Collections	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.collections	Medium
Product	Manifest	implementation-build	tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100	Low
Product	Manifest	Implementation-Title	Apache Commons Collections	High
Product	Manifest	implementation-url	http://commons.apache.org/collections/	Low
Product	Manifest	specification-title	Apache Commons Collections	Medium
Product	pom	artifactid	commons-collections	Highest
Product	pom	developer id	amamment	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	psteitz	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Arun M. Thomas	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Geir Magnusson	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Phil Steitz	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	groupid	commons-collections	Highest
Product	pom	name	Apache Commons Collections	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/collections/	Medium
Version	file	version	3.2.2	High
Version	Manifest	Bundle-Version	3.2.2	High
Version	Manifest	Implementation-Version	3.2.2	High
Version	pom	parent-version	3.2.2	Low
Version	pom	version	3.2.2	Highest

Identifiers

pkg:maven/commons-collections/commons-collections@3.2.2 (Confidence:High)
cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:* (Confidence:Highest)

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-digester	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	digester	Highest
Vendor	jar	package name	rules	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/digester/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.digester	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-digester	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	jfarcand@apache.org	Low
Vendor	pom	developer email	jstrachan@apache.org	Low
Vendor	pom	developer email	jvanzyl@apache.org	Low
Vendor	pom	developer email	rahul AT apache DOT org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	sanders@totalsync.com	Low
Vendor	pom	developer email	simonetripodi AT apache DOT org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	tobrien@apache.org	Low
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	jfarcand	Medium
Vendor	pom	developer id	jstrachan	Medium
Vendor	pom	developer id	jvanzyl	Medium
Vendor	pom	developer id	rahul	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	simonetripodi	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	James Strachan	Medium
Vendor	pom	developer name	Jason van Zyl	Medium
Vendor	pom	developer name	Jean-Francois Arcand	Medium
Vendor	pom	developer name	Rahul Akolkar	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Simone Tripodi	Medium
Vendor	pom	developer name	Tim OBrien	Medium
Vendor	pom	groupid	commons-digester	Highest
Vendor	pom	name	Commons Digester	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/digester/	Highest
Product	file	name	commons-digester	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	digester	Highest
Product	jar	package name	rules	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/digester/	Low
Product	Manifest	Bundle-Name	Commons Digester	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.digester	Medium
Product	Manifest	Implementation-Title	Commons Digester	High
Product	Manifest	specification-title	Commons Digester	Medium
Product	pom	artifactid	commons-digester	Highest
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	jfarcand@apache.org	Low
Product	pom	developer email	jstrachan@apache.org	Low
Product	pom	developer email	jvanzyl@apache.org	Low
Product	pom	developer email	rahul AT apache DOT org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	sanders@totalsync.com	Low
Product	pom	developer email	simonetripodi AT apache DOT org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	tobrien@apache.org	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	jfarcand	Low
Product	pom	developer id	jstrachan	Low
Product	pom	developer id	jvanzyl	Low
Product	pom	developer id	rahul	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	simonetripodi	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	James Strachan	Low
Product	pom	developer name	Jason van Zyl	Low
Product	pom	developer name	Jean-Francois Arcand	Low
Product	pom	developer name	Rahul Akolkar	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Simone Tripodi	Low
Product	pom	developer name	Tim OBrien	Low
Product	pom	groupid	commons-digester	Highest
Product	pom	name	Commons Digester	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/digester/	Medium
Version	file	version	2.1	High
Version	Manifest	Bundle-Version	2.1	High
Version	Manifest	Implementation-Version	2.1	High
Version	pom	parent-version	2.1	Low
Version	pom	version	2.1	Highest

Identifiers

pkg:maven/commons-digester/commons-digester@2.1 (Confidence:High)

commons-lang3-3.5.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
SHA256:8ac96fc686512d777fca85e144f196cd7cfe0c0aec23127229497d1a38ff651c

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	implementation-build	release@r36f98d87b24c2f542b02abbf6ec1ee742f1b158b; 2016-10-13 19:52:17+0000	Low
Vendor	Manifest	implementation-url	http://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory@apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary D. Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	http://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	implementation-build	release@r36f98d87b24c2f542b02abbf6ec1ee742f1b158b; 2016-10-13 19:52:17+0000	Low
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	implementation-url	http://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory@apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary D. Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	http://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.5	High
Version	Manifest	Implementation-Version	3.5	High
Version	pom	parent-version	3.5	Low
Version	pom	version	3.5	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.5 (Confidence:High)
cpe:2.3:a:apache:commons_lang:3.5:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CWE-674 Uncontrolled Recursion

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

af854a3a-2127-422b-91ae-364da2661108 - http://www.openwall.com/lists/oss-security/2025/07/11/1
af854a3a-2127-422b-91ae-364da2661108 - https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108 - https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html
af854a3a-2127-422b-91ae-364da2661108 - https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html
af854a3a-2127-422b-91ae-364da2661108 - https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html
security@apache.org - MAILING_LIST,VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

commons-logging-1.3.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.2/commons-logging-1.3.2.jar
MD5: 4b970f3b14a5e53d8e8edff1cf2ecd91
SHA1: 3dc966156ef19d23c839715165435e582fafa753
SHA256:6b858424f518015f32bfcd1183a373f4a827d72d026b6031da0c91cf0e8f3489

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-logging	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	logging	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-logging/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-logging	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-logging	Low
Vendor	pom	developer email	baliuka@apache.org	Low
Vendor	pom	developer email	costin@apache.org	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	dennisl@apache.org	Low
Vendor	pom	developer email	donaldp@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	morgand@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	rsitze@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	tn@apache.org	Low
Vendor	pom	developer id	baliuka	Medium
Vendor	pom	developer id	bstansberry	Medium
Vendor	pom	developer id	costin	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dennisl	Medium
Vendor	pom	developer id	donaldp	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rsitze	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer name	Brian Stansberry	Medium
Vendor	pom	developer name	Costin Manolache	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Dennis Lundberg	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Juozas Baliuka	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Peter Donald	Medium
Vendor	pom	developer name	Richard Sitze	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	developer org	Apache	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-logging	Highest
Vendor	pom	name	Apache Commons Logging	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-logging/	Highest
Product	file	name	commons-logging	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	logging	Highest
Product	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-logging/	Low
Product	Manifest	Bundle-Name	Apache Commons Logging	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-logging	Medium
Product	Manifest	Implementation-Title	Apache Commons Logging	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Logging	Medium
Product	pom	artifactid	commons-logging	Highest
Product	pom	developer email	baliuka@apache.org	Low
Product	pom	developer email	costin@apache.org	Low
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	dennisl@apache.org	Low
Product	pom	developer email	donaldp@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	morgand@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	rsitze@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	tn@apache.org	Low
Product	pom	developer id	baliuka	Low
Product	pom	developer id	bstansberry	Low
Product	pom	developer id	costin	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dennisl	Low
Product	pom	developer id	donaldp	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rsitze	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	tn	Low
Product	pom	developer name	Brian Stansberry	Low
Product	pom	developer name	Costin Manolache	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Dennis Lundberg	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Juozas Baliuka	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Peter Donald	Low
Product	pom	developer name	Richard Sitze	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	developer org	Apache	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-logging	Highest
Product	pom	name	Apache Commons Logging	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-logging/	Medium
Version	file	version	1.3.2	High
Version	Manifest	Bundle-Version	1.3.2	High
Version	Manifest	Implementation-Version	1.3.2	High
Version	pom	parent-version	1.3.2	Low
Version	pom	version	1.3.2	Highest

Identifiers

pkg:maven/commons-logging/commons-logging@1.3.2 (Confidence:High)

commons-validator-1.9.0.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-validator/commons-validator/1.9.0/commons-validator-1.9.0.jar
MD5: 0adeb5a4d23a33b9c80f5fcb2fa2ab3f
SHA1: 26e49d333890ccad072eb530a85fceb9c07818df
SHA256:c3c14748e2d78db58df88808740711bd643b32c45ffa7b8a739f00fb467cd7d7

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-validator	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	validator	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-validator/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-validator	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-validator	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	dgraham@apache.org	Low
Vendor	pom	developer email	dwinterfeldt@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	husted@apache.org	Low
Vendor	pom	developer email	jmitchell NOSPAM apache.org	Low
Vendor	pom	developer email	martinc@apache.org	Low
Vendor	pom	developer email	mrdon@apache.org	Low
Vendor	pom	developer email	rleland at apache.org	Low
Vendor	pom	developer email	turner@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	bspeakmon	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dgraham	Medium
Vendor	pom	developer id	dwinterfeldt	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	husted	Medium
Vendor	pom	developer id	jmitchell	Medium
Vendor	pom	developer id	martinc	Medium
Vendor	pom	developer id	mrdon	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	nick	Medium
Vendor	pom	developer id	rleland	Medium
Vendor	pom	developer id	simonetripodi	Medium
Vendor	pom	developer id	turner	Medium
Vendor	pom	developer name	Ben Speakmon	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	David Graham	Medium
Vendor	pom	developer name	David Winterfeldt	Medium
Vendor	pom	developer name	Don Brown	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Mitchell	Medium
Vendor	pom	developer name	James Turner	Medium
Vendor	pom	developer name	Martin Cooper	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Nick Burch	Medium
Vendor	pom	developer name	Rob Leland	Medium
Vendor	pom	developer name	SimoneTripodi	Medium
Vendor	pom	developer name	Ted Husted	Medium
Vendor	pom	developer org	EdgeTech, Inc	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-validator	Highest
Vendor	pom	name	Apache Commons Validator	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/proper/commons-validator/	Highest
Product	file	name	commons-validator	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	validator	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-validator/	Low
Product	Manifest	Bundle-Name	Apache Commons Validator	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-validator	Medium
Product	Manifest	Implementation-Title	Apache Commons Validator	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Validator	Medium
Product	pom	artifactid	commons-validator	Highest
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	dgraham@apache.org	Low
Product	pom	developer email	dwinterfeldt@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	husted@apache.org	Low
Product	pom	developer email	jmitchell NOSPAM apache.org	Low
Product	pom	developer email	martinc@apache.org	Low
Product	pom	developer email	mrdon@apache.org	Low
Product	pom	developer email	rleland at apache.org	Low
Product	pom	developer email	turner@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	bspeakmon	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dgraham	Low
Product	pom	developer id	dwinterfeldt	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	husted	Low
Product	pom	developer id	jmitchell	Low
Product	pom	developer id	martinc	Low
Product	pom	developer id	mrdon	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	nick	Low
Product	pom	developer id	rleland	Low
Product	pom	developer id	simonetripodi	Low
Product	pom	developer id	turner	Low
Product	pom	developer name	Ben Speakmon	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	David Graham	Low
Product	pom	developer name	David Winterfeldt	Low
Product	pom	developer name	Don Brown	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Mitchell	Low
Product	pom	developer name	James Turner	Low
Product	pom	developer name	Martin Cooper	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Nick Burch	Low
Product	pom	developer name	Rob Leland	Low
Product	pom	developer name	SimoneTripodi	Low
Product	pom	developer name	Ted Husted	Low
Product	pom	developer org	EdgeTech, Inc	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-validator	Highest
Product	pom	name	Apache Commons Validator	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/proper/commons-validator/	Medium
Version	file	version	1.9.0	High
Version	Manifest	Bundle-Version	1.9.0	High
Version	Manifest	Implementation-Version	1.9.0	High
Version	pom	parent-version	1.9.0	Low
Version	pom	version	1.9.0	Highest

Identifiers

pkg:maven/commons-validator/commons-validator@1.9.0 (Confidence:High)

core.specs.alpha-0.4.74.jar

Description:

Specs for clojure.core

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/

File Path: /home/runner/.m2/repository/org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar
MD5: ebd37b9a3c39e6b769fc1463737cb8d4
SHA1: d56a8d4c666ff8140e6d0a62d41263134be39254
SHA256:eb73ac08cf49ba840c88ba67beef11336ca554333d9408808d78946e0feb9ddb

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	core.specs.alpha	High
Vendor	pom	artifactid	core.specs.alpha	Low
Vendor	pom	developer id	puredanger	Medium
Vendor	pom	developer name	Alex Miller	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	core.specs.alpha	High
Vendor	pom	parent-artifactid	pom.contrib	Low
Product	file	name	core.specs.alpha	High
Product	pom	artifactid	core.specs.alpha	Highest
Product	pom	developer id	puredanger	Low
Product	pom	developer name	Alex Miller	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	core.specs.alpha	High
Product	pom	parent-artifactid	pom.contrib	Medium
Version	file	version	0.4.74	High
Version	pom	parent-version	0.4.74	Low
Version	pom	version	0.4.74	Highest

Identifiers

pkg:maven/org.clojure/core.specs.alpha@0.4.74 (Confidence:High)
cpe:2.3:a:alex_project:alex:0.4.74:*:*:*:*:*:*:* (Confidence:Low)

data.xml-0.2.0-alpha9.jar

Description:

Functions to parse XML into lazy sequences and lazy trees and emit these as text

File Path: /home/runner/.m2/repository/org/clojure/data.xml/0.2.0-alpha9/data.xml-0.2.0-alpha9.jar
MD5: ef1cfdccb910d381ad0b1ae75853dc32
SHA1: 424e7fd03bc5fd2df9db477fc892d1db955879cd
SHA256:1fe706c3830860dbc4f8d8b737f6b1236ef08fcbad85e5db40b8aa93da98004b

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	data.xml	High
Vendor	pom	artifactid	data.xml	Low
Vendor	pom	developer email	amalloy@4clojure.com	Low
Vendor	pom	developer email	chouser@n01se.net	Low
Vendor	pom	developer email	herwig@bendlas.net	Low
Vendor	pom	developer email	senior.ryan@gmail.com	Low
Vendor	pom	developer name	Alan Malloy	Medium
Vendor	pom	developer name	Chouser	Medium
Vendor	pom	developer name	Herwig Hochleitner	Medium
Vendor	pom	developer name	Ryan Senior	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	data.xml	High
Vendor	pom	parent-artifactid	pom.contrib	Low
Product	file	name	data.xml	High
Product	pom	artifactid	data.xml	Highest
Product	pom	developer email	amalloy@4clojure.com	Low
Product	pom	developer email	chouser@n01se.net	Low
Product	pom	developer email	herwig@bendlas.net	Low
Product	pom	developer email	senior.ryan@gmail.com	Low
Product	pom	developer name	Alan Malloy	Low
Product	pom	developer name	Chouser	Low
Product	pom	developer name	Herwig Hochleitner	Low
Product	pom	developer name	Ryan Senior	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	data.xml	High
Product	pom	parent-artifactid	pom.contrib	Medium
Version	pom	parent-version	0.2.0-alpha9	Low
Version	pom	version	0.2.0-alpha9	Highest

Identifiers

pkg:maven/org.clojure/data.xml@0.2.0-alpha9 (Confidence:High)

embroidery-1.0.44.jar

Description:

A Clojure micro-library for leveraging virtual threads on JVMs that support them.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/com/github/pmonks/embroidery/1.0.44/embroidery-1.0.44.jar
MD5: 0141ce9e67e5c76af519e98fc5a8bf5d
SHA1: 0ce7accc8b0fe2fcb13b0e509c322de914390ad2
SHA256:f978771dcca1ef87a0668cee9911882fea462791f20a6166b93edc356d35f152

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	embroidery	High
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	pom	artifactid	embroidery	Low
Vendor	pom	developer email	pmonks+embroidery@gmail.com	Low
Vendor	pom	developer id	pmonks	Medium
Vendor	pom	developer name	Peter Monks	Medium
Vendor	pom	groupid	com.github.pmonks	Highest
Vendor	pom	name	embroidery	High
Vendor	pom	url	pmonks/embroidery	Highest
Product	file	name	embroidery	High
Product	Manifest	build-jdk-spec	21	Low
Product	pom	artifactid	embroidery	Highest
Product	pom	developer email	pmonks+embroidery@gmail.com	Low
Product	pom	developer id	pmonks	Low
Product	pom	developer name	Peter Monks	Low
Product	pom	groupid	com.github.pmonks	Highest
Product	pom	name	embroidery	High
Product	pom	url	pmonks/embroidery	High
Version	file	version	1.0.44	High
Version	pom	version	1.0.44	Highest

Identifiers

pkg:maven/com.github.pmonks/embroidery@1.0.44 (Confidence:High)

gson-2.8.9.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.8.9/gson-2.8.9.jar
MD5: e67627f67e03301092dc7de0a2d7cef8
SHA1: 8a432c1d6825781e21a02db2e2c33c5fde2833b9
SHA256:d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	gson	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	gson	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/gson/gson	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	pom	artifactid	gson	Low
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	name	Gson	High
Vendor	pom	parent-artifactid	gson-parent	Low
Product	file	name	gson	High
Product	jar	package name	google	Highest
Product	jar	package name	gson	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-docurl	https://github.com/google/gson/gson	Low
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	pom	artifactid	gson	Highest
Product	pom	groupid	com.google.code.gson	Highest
Product	pom	name	Gson	High
Product	pom	parent-artifactid	gson-parent	Medium
Version	file	version	2.8.9	High
Version	Manifest	Bundle-Version	2.8.9	High
Version	pom	version	2.8.9	Highest

Identifiers

pkg:maven/com.google.code.gson/gson@2.8.9 (Confidence:High)
cpe:2.3:a:google:gson:2.8.9:*:*:*:*:*:*:* (Confidence:Highest)

hato-1.0.0.jar

Description:

An HTTP client for Clojure, wrapping JDK 11's HttpClient.

License:

The MIT License: http://opensource.org/licenses/mit-license.php

File Path: /home/runner/.m2/repository/hato/hato/1.0.0/hato-1.0.0.jar
MD5: 169f69866f7e0eaf8f5a38ad049bcecf
SHA1: 6a1bea52787ef5419f9d4475bce4997581ee6276
SHA256:6b65a8f6145ec577b015cbfa3703c2d00f5e9f964bc6fca7b71dfc56a4ffe029

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	hato	High
Vendor	Manifest	leiningen-project-artifactid	hato	Low
Vendor	Manifest	leiningen-project-groupid	hato	Low
Vendor	pom	artifactid	hato	Low
Vendor	pom	groupid	hato	Highest
Vendor	pom	name	hato	High
Vendor	pom	url	gnarroway/hato	Highest
Product	file	name	hato	High
Product	Manifest	leiningen-project-artifactid	hato	Low
Product	Manifest	leiningen-project-groupid	hato	Low
Product	pom	artifactid	hato	Highest
Product	pom	groupid	hato	Highest
Product	pom	name	hato	High
Product	pom	url	gnarroway/hato	High
Version	file	version	1.0.0	High
Version	Manifest	leiningen-project-version	1.0.0	Medium
Version	pom	version	1.0.0	Highest

Identifiers

pkg:maven/hato/hato@1.0.0 (Confidence:High)

instaparse-1.5.0.jar

Description:

Instaparse: No grammar left behind

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/runner/.m2/repository/instaparse/instaparse/1.5.0/instaparse-1.5.0.jar
MD5: b858977bcb62c8913768cfb0fb01a4c9
SHA1: edc617bd20362b2fc870df88f1687426a69fe007
SHA256:c2bcd6f3a74d1a114973e6ac71e3536f6b035f29f769e9d1ec528ffe5e56cc27

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	instaparse	High
Vendor	Manifest	leiningen-project-artifactid	instaparse	Low
Vendor	Manifest	leiningen-project-groupid	instaparse	Low
Vendor	pom	artifactid	instaparse	Low
Vendor	pom	groupid	instaparse	Highest
Vendor	pom	name	instaparse	High
Vendor	pom	url	Engelberg/instaparse	Highest
Product	file	name	instaparse	High
Product	Manifest	leiningen-project-artifactid	instaparse	Low
Product	Manifest	leiningen-project-groupid	instaparse	Low
Product	pom	artifactid	instaparse	Highest
Product	pom	groupid	instaparse	Highest
Product	pom	name	instaparse	High
Product	pom	url	Engelberg/instaparse	High
Version	file	version	1.5.0	High
Version	Manifest	leiningen-project-version	1.5.0	Medium
Version	pom	version	1.5.0	Highest

Identifiers

pkg:maven/instaparse/instaparse@1.5.0 (Confidence:High)

java-spdx-library-1.1.11.jar

Description:

Java library which implements the Java object model for SPDX and provides useful helper functions.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/spdx/java-spdx-library/1.1.11/java-spdx-library-1.1.11.jar
MD5: bbee14269e94c903bcb75c1d7fc250d5
SHA1: f438688f8eb61f975c4c6f79c7c8b7d6fcc2c814
SHA256:5ca113ac2a885b264e0d1bdf684f4948b375adf3ffde84981944baf8f8fcc55a

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	java-spdx-library	High
Vendor	jar	package name	library	Highest
Vendor	jar	package name	model	Highest
Vendor	jar	package name	spdx	Highest
Vendor	Manifest	automatic-module-name	org.spdx.library	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	pom	artifactid	java-spdx-library	Low
Vendor	pom	developer email	gary@sourceauditor.com	Low
Vendor	pom	developer id	goneall	Medium
Vendor	pom	developer name	Gary O'Neall	Medium
Vendor	pom	developer org	SPDX	Medium
Vendor	pom	developer org URL	http://spdx.org	Medium
Vendor	pom	groupid	org.spdx	Highest
Vendor	pom	name	java-spdx-library	High
Vendor	pom	organization name	SPDX	High
Vendor	pom	organization url	http://spdx.org	Medium
Vendor	pom	url	spdx/Spdx-Java-Library	Highest
Product	file	name	java-spdx-library	High
Product	jar	package name	library	Highest
Product	jar	package name	model	Highest
Product	jar	package name	spdx	Highest
Product	Manifest	automatic-module-name	org.spdx.library	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	pom	artifactid	java-spdx-library	Highest
Product	pom	developer email	gary@sourceauditor.com	Low
Product	pom	developer id	goneall	Low
Product	pom	developer name	Gary O'Neall	Low
Product	pom	developer org	SPDX	Low
Product	pom	developer org URL	http://spdx.org	Low
Product	pom	groupid	org.spdx	Highest
Product	pom	name	java-spdx-library	High
Product	pom	organization name	SPDX	Low
Product	pom	organization url	http://spdx.org	Low
Product	pom	url	spdx/Spdx-Java-Library	High
Version	file	version	1.1.11	High
Version	pom	version	1.1.11	Highest

Identifiers

pkg:maven/org.spdx/java-spdx-library@1.1.11 (Confidence:High)

jsoup-1.15.3.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license

File Path: /home/runner/.m2/repository/org/jsoup/jsoup/1.15.3/jsoup-1.15.3.jar
MD5: 4f16c3b17b8c1b0173b1ed9f99f2c27c
SHA1: f6e1d8a8819f854b681c8eaa57fd59a42329e10c
SHA256:e20a5e78b1372f2a4e620832db4442d5077e5cbde280b24c666a3770844999bc

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsoup	High
Vendor	jar	package name	jsoup	Highest
Vendor	jar	package name	parser	Highest
Vendor	Manifest	automatic-module-name	org.jsoup	Medium
Vendor	Manifest	build-jdk-spec	18	Low
Vendor	Manifest	bundle-docurl	https://jsoup.org/	Low
Vendor	Manifest	bundle-symbolicname	org.jsoup	Medium
Vendor	Manifest	Implementation-Vendor	Jonathan Hedley	High
Vendor	pom	artifactid	jsoup	Low
Vendor	pom	developer email	jonathan@hedley.net	Low
Vendor	pom	developer id	jhy	Medium
Vendor	pom	developer name	Jonathan Hedley	Medium
Vendor	pom	groupid	org.jsoup	Highest
Vendor	pom	name	jsoup Java HTML Parser	High
Vendor	pom	organization name	Jonathan Hedley	High
Vendor	pom	organization url	https://jhy.io/	Medium
Vendor	pom	url	https://jsoup.org/	Highest
Product	file	name	jsoup	High
Product	jar	package name	jsoup	Highest
Product	jar	package name	parser	Highest
Product	Manifest	automatic-module-name	org.jsoup	Medium
Product	Manifest	build-jdk-spec	18	Low
Product	Manifest	bundle-docurl	https://jsoup.org/	Low
Product	Manifest	Bundle-Name	jsoup Java HTML Parser	Medium
Product	Manifest	bundle-symbolicname	org.jsoup	Medium
Product	Manifest	Implementation-Title	jsoup Java HTML Parser	High
Product	pom	artifactid	jsoup	Highest
Product	pom	developer email	jonathan@hedley.net	Low
Product	pom	developer id	jhy	Low
Product	pom	developer name	Jonathan Hedley	Low
Product	pom	groupid	org.jsoup	Highest
Product	pom	name	jsoup Java HTML Parser	High
Product	pom	organization name	Jonathan Hedley	Low
Product	pom	organization url	https://jhy.io/	Low
Product	pom	url	https://jsoup.org/	Medium
Version	file	version	1.15.3	High
Version	Manifest	Bundle-Version	1.15.3	High
Version	Manifest	Implementation-Version	1.15.3	High
Version	pom	version	1.15.3	Highest

Identifiers

pkg:maven/org.jsoup/jsoup@1.15.3 (Confidence:High)
cpe:2.3:a:jsoup:jsoup:1.15.3:*:*:*:*:*:*:* (Confidence:Highest)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

medley-1.8.1.jar

Description:

A lightweight library of useful, mostly pure functions

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/runner/.m2/repository/dev/weavejester/medley/1.8.1/medley-1.8.1.jar
MD5: 2aa0e85a14ea0275b857b8f6aa085722
SHA1: 9940f1e5411a2760d54ff21566257bc0427fafe5
SHA256:0a8492f5c46d110f8e2003056733b6b62911e2bd204ea8119b8edacd33adc2d5

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	medley	High
Vendor	Manifest	leiningen-project-artifactid	medley	Low
Vendor	pom	artifactid	medley	Low
Vendor	pom	groupid	dev.weavejester	Highest
Vendor	pom	name	medley	High
Vendor	pom	url	weavejester/medley	Highest
Product	file	name	medley	High
Product	Manifest	leiningen-project-artifactid	medley	Low
Product	pom	artifactid	medley	Highest
Product	pom	groupid	dev.weavejester	Highest
Product	pom	name	medley	High
Product	pom	url	weavejester/medley	High
Version	file	version	1.8.1	High
Version	Manifest	leiningen-project-version	1.8.1	Medium
Version	pom	version	1.8.1	Highest

Identifiers

pkg:maven/dev.weavejester/medley@1.8.1 (Confidence:High)

rencg-1.0.51.jar

Description:

A micro-library for Clojure that provides first class support for named-capturing groups in regular expressions.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/com/github/pmonks/rencg/1.0.51/rencg-1.0.51.jar
MD5: 57d5cb137b1955a15fadc6074da8550d
SHA1: bdd0836b60caf5ee0bdadeb4de20dd87c1398ab3
SHA256:82f0ff7e7e1aa63d27b593faaa6f0a9d15af32623bbcea1d825368315110d70d

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	rencg	High
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	pom	artifactid	rencg	Low
Vendor	pom	developer email	pmonks+rencg@gmail.com	Low
Vendor	pom	developer id	pmonks	Medium
Vendor	pom	developer name	Peter Monks	Medium
Vendor	pom	groupid	com.github.pmonks	Highest
Vendor	pom	name	rencg	High
Vendor	pom	url	pmonks/rencg	Highest
Product	file	name	rencg	High
Product	Manifest	build-jdk-spec	21	Low
Product	pom	artifactid	rencg	Highest
Product	pom	developer email	pmonks+rencg@gmail.com	Low
Product	pom	developer id	pmonks	Low
Product	pom	developer name	Peter Monks	Low
Product	pom	groupid	com.github.pmonks	Highest
Product	pom	name	rencg	High
Product	pom	url	pmonks/rencg	High
Version	file	version	1.0.51	High
Version	pom	version	1.0.51	Highest

Identifiers

pkg:maven/com.github.pmonks/rencg@1.0.51 (Confidence:High)

slf4j-api-2.0.13.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.13/slf4j-api-2.0.13.jar
MD5: 7f4028aa04f75427327f3f30cd62ba4e
SHA1: 80229737f704b121a318bba5d5deacbcf395bc77
SHA256:e7c2a48e8515ba1f49fa637d57b4e2f590b3f5bd97407ac699c3aa5efb1204a9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.13	High
Version	Manifest	Bundle-Version	2.0.13	High
Version	Manifest	Implementation-Version	2.0.13	High
Version	pom	version	2.0.13	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.13 (Confidence:High)

spec.alpha-0.5.238.jar

Description:

Specification of data and functions

License:

Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/

File Path: /home/runner/.m2/repository/org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar
MD5: 9f5ea5239dc04d6a8115add1e4f5f23a
SHA1: 4eb5dea521c4e6e1f68c2c47517f14a922003e60
SHA256:94cd99b6ea639641f37af4860a643b6ed399ee5a8be5d717cff0b663c8d75077

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spec.alpha	High
Vendor	jar	package name	alpha	Highest
Vendor	jar	package name	clojure	Highest
Vendor	jar	package name	clojure	Low
Vendor	jar	package name	spec	Highest
Vendor	jar	package name	spec	Low
Vendor	pom	artifactid	spec.alpha	Low
Vendor	pom	developer id	richhickey	Medium
Vendor	pom	developer name	Rich Hickey	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	spec.alpha	High
Vendor	pom	parent-artifactid	pom.contrib	Low
Product	file	name	spec.alpha	High
Product	jar	package name	alpha	Highest
Product	jar	package name	clojure	Highest
Product	jar	package name	spec	Highest
Product	jar	package name	spec	Low
Product	pom	artifactid	spec.alpha	Highest
Product	pom	developer id	richhickey	Low
Product	pom	developer name	Rich Hickey	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	spec.alpha	High
Product	pom	parent-artifactid	pom.contrib	Medium
Version	file	version	0.5.238	High
Version	pom	parent-version	0.5.238	Low
Version	pom	version	0.5.238	Highest

Identifiers

pkg:maven/org.clojure/spec.alpha@0.5.238 (Confidence:High)

tools.logging-1.3.0.jar

File Path: /home/runner/.m2/repository/org/clojure/tools.logging/1.3.0/tools.logging-1.3.0.jar
MD5: b6b3c2ffeb27a25eab2d6e0e3a6e6b57
SHA1: 07d45477c1b61230b0d1fcf36afccc02155a4b32
SHA256:826969b78d9ada327de6b7da0f176457d95614fa38c280326610f31a6b515c91

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	tools.logging	High
Vendor	pom	artifactid	tools.logging	Low
Vendor	pom	developer name	Alex Taggart	Medium
Vendor	pom	groupid	org.clojure	Highest
Vendor	pom	name	tools.logging	High
Vendor	pom	parent-artifactid	pom.contrib	Low
Product	file	name	tools.logging	High
Product	pom	artifactid	tools.logging	Highest
Product	pom	developer name	Alex Taggart	Low
Product	pom	groupid	org.clojure	Highest
Product	pom	name	tools.logging	High
Product	pom	parent-artifactid	pom.contrib	Medium
Version	file	version	1.3.0	High
Version	pom	parent-version	1.3.0	Low
Version	pom	version	1.3.0	Highest

Identifiers

pkg:maven/org.clojure/tools.logging@1.3.0 (Confidence:High)
cpe:2.3:a:alex_project:alex:1.3.0:*:*:*:*:*:*:* (Confidence:Low)

xml-in-0.1.1.jar

Description:

your friendly XML navigator

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/runner/.m2/repository/tolitius/xml-in/0.1.1/xml-in-0.1.1.jar
MD5: 754502ef9d8c1574d6d893b22f6101dc
SHA1: 0a68865842a0fa7484bca3a7be33f182d8213a97
SHA256:43ab632812fe03b86b1a154723d809bb393e11a0ff0e6677167f14ece40f5543

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xml-in	High
Vendor	pom	artifactid	xml-in	Low
Vendor	pom	groupid	tolitius	Highest
Vendor	pom	name	xml-in	High
Vendor	pom	url	tolitius/xml-in	Highest
Product	file	name	xml-in	High
Product	pom	artifactid	xml-in	Highest
Product	pom	groupid	tolitius	Highest
Product	pom	name	xml-in	High
Product	pom	url	tolitius/xml-in	High
Version	file	version	0.1.1	High
Version	pom	version	0.1.1	Highest

Identifiers

pkg:maven/tolitius/xml-in@0.1.1 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: com.github.pmonks/lice-comb 2.0.348-SNAPSHOT

Summary

Dependencies (vulnerable)

clj-base62-0.1.1.jar

Evidence

Identifiers

clj-spdx-1.0.176.jar

Evidence

Identifiers

clj-xml-validation-1.0.2.jar

Evidence

Identifiers

clojure-1.12.4.jar

Evidence

Identifiers

commons-beanutils-1.9.4.jar

Evidence

Identifiers

Published Vulnerabilities

commons-collections-3.2.2.jar

Evidence

Identifiers

commons-digester-2.1.jar

Evidence

Identifiers

commons-lang3-3.5.jar

Evidence

Identifiers

Published Vulnerabilities

commons-logging-1.3.2.jar

Evidence

Identifiers

commons-validator-1.9.0.jar

Evidence

Identifiers

core.specs.alpha-0.4.74.jar

Evidence

Identifiers

data.xml-0.2.0-alpha9.jar

Evidence

Identifiers

embroidery-1.0.44.jar

Evidence

Identifiers

gson-2.8.9.jar

Evidence

Identifiers

hato-1.0.0.jar

Evidence

Identifiers

instaparse-1.5.0.jar

Evidence

Identifiers

java-spdx-library-1.1.11.jar

Evidence

Identifiers

jsoup-1.15.3.jar

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

medley-1.8.1.jar

Evidence

Identifiers

rencg-1.0.51.jar

Evidence

Identifiers

slf4j-api-2.0.13.jar

Evidence

Identifiers

spec.alpha-0.5.238.jar

Evidence

Identifiers

tools.logging-1.3.0.jar

Evidence

Identifiers

xml-in-0.1.1.jar

Evidence