Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: JWT Validator - Vertx

uk.co.spudsoft:jwt-validator-vertx:0.2.2

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
error_prone_annotations-2.41.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.41.0 029
failureaccess-1.0.3.jarpkg:maven/com.google.guava/failureaccess@1.0.3 032
guava-33.5.0-jre.jarcpe:2.3:a:google:guava:33.5.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.5.0-jre 0Highest25
j2objc-annotations-3.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.1 033
jackson-annotations-2.20.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.20 0Low36
jackson-core-2.20.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.20.1 0Low47
jackson-databind-2.20.1.jarcpe:2.3:a:fasterxml:jackson-databind:2.20.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.20.1 0Highest41
jackson-dataformat-yaml-2.20.1.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.20.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.20.1 0Highest39
jspecify-1.0.0.jarpkg:maven/org.jspecify/jspecify@1.0.0 032
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
netty-common-4.2.7.Final.jar (shaded: org.jctools:jctools-core:4.0.5)pkg:maven/org.jctools/jctools-core@4.0.5 09
netty-transport-4.2.7.Final.jarcpe:2.3:a:netty:netty:4.2.7:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.2.7.Final 0Highest35
slf4j-api-2.1.0-alpha1.jarpkg:maven/org.slf4j/slf4j-api@2.1.0-alpha1 027
snakeyaml-2.4.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.4:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.4 0Highest42
vertx-core-5.0.5.jarcpe:2.3:a:eclipse:vert.x:5.0.5:*:*:*:*:*:*:*pkg:maven/io.vertx/vertx-core@5.0.5 0High29
vertx-web-5.0.5.jarcpe:2.3:a:web_project:web:5.0.5:*:*:*:*:*:*:*pkg:maven/io.vertx/vertx-web@5.0.5 0Highest29

Dependencies (vulnerable)

error_prone_annotations-2.41.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.41.0/error_prone_annotations-2.41.0.jar
MD5: 75e3b25da8b8a2136463c4674f5e49bf
SHA1: 4381275efdef6ddfae38f002c31e84cd001c97f0
SHA256:a56e782b5b50811ac204073a355a21d915a2107fce13ec711331ad036f660fcc
Referenced In Project/Scope: JWT Validator - Vertx:compile
error_prone_annotations-2.41.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/com.google.errorprone/error_prone_annotations@2.41.0  (Confidence:High)

failureaccess-1.0.3.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/failureaccess/1.0.3/failureaccess-1.0.3.jar
MD5: 29a782e90f6b37218b18bb880d2a8f4a
SHA1: aeaffd00d57023a2c947393ed251f0354f0985fc
SHA256:cbfc3906b19b8f55dd7cfd6dfe0aa4532e834250d7f080bd8d211a3e246b59cb
Referenced In Project/Scope: JWT Validator - Vertx:compile
failureaccess-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/com.google.guava/failureaccess@1.0.3  (Confidence:High)

guava-33.5.0-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/guava/33.5.0-jre/guava-33.5.0-jre.jar
MD5: d9fbf39a41a5bab891348f07668e18c5
SHA1: 8699de25f2f979108d6c1b804a7ba38cda1116bc
SHA256:1e301f0c52ac248b0b14fdc3d12283c77252d4d6f48521d572e7d8c4c2cc4ac7
Referenced In Project/Scope: JWT Validator - Vertx:compile
guava-33.5.0-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.2.2

Identifiers

j2objc-annotations-3.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.1/j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256:84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: JWT Validator - Vertx:compile
j2objc-annotations-3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/com.google.j2objc/j2objc-annotations@3.1  (Confidence:High)

jackson-annotations-2.20.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.20/jackson-annotations-2.20.jar
MD5: b901def3c20752817f27130e4b8d6640
SHA1: 6a5e7291ea3f2b590a7ce400adb7b3aea4d7e12c
SHA256:959a2ffb2d591436f51f183c6a521fc89347912f711bf0cae008cdf045d95319
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-annotations-2.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.20.1

Identifiers

  • pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.20  (Confidence:High)
  • cpe:2.3:a:fasterxml:jackson-modules-java8:2.20:*:*:*:*:*:*:*  (Confidence:Low)  

jackson-core-2.20.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.20.1/jackson-core-2.20.1.jar
MD5: 889b2c417b61c9f4f460b06957147234
SHA1: 5734323adfece72111769b0ae38a6cf803e3d178
SHA256:ffab4d957daa2796cf24cb66d0b78a7090f1bcbe17c3a4578f09affaaf137089
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-core-2.20.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.20.1

Identifiers

  • pkg:maven/com.fasterxml.jackson.core/jackson-core@2.20.1  (Confidence:High)
  • cpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:*  (Confidence:Low)  

jackson-databind-2.20.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.20.1/jackson-databind-2.20.1.jar
MD5: 49d7b7226df5ed4a036e48997a03d066
SHA1: 9586a7fe0e1775de0e54237fa6a2c8455c93ac06
SHA256:34bbeb4526fff4f8565b12106bf85a6afcbae858966d489b54214ac46b2e26e8
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-databind-2.20.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.2.2

Identifiers

jackson-dataformat-yaml-2.20.1.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.20.1/jackson-dataformat-yaml-2.20.1.jar
MD5: 66dc3c5f31150557109b14182ed7ed8a
SHA1: e6da043059c9ec631a3429ded461d5d92f240c3f
SHA256:030f1d91f7df278e86e1ba3e129fb520871ac16ce53017c735f708823be970db
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-dataformat-yaml-2.20.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.2.2

Identifiers

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: JWT Validator - Vertx:compile
jspecify-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/org.jspecify/jspecify@1.0.0  (Confidence:High)

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /home/runner/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: JWT Validator - Vertx:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava  (Confidence:High)

netty-common-4.2.7.Final.jar (shaded: org.jctools:jctools-core:4.0.5)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/netty/netty-common/4.2.7.Final/netty-common-4.2.7.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 5d5135397b920a7dcbca5c1fb0576cf2
SHA1: eaa05d6ad937464312a2681a3236c0e06602bbb7
SHA256:a69897b8ff0c2198b4b8cd7d4f93fde6d42b8e9dbfc95553585e27587b24e211
Referenced In Project/Scope: JWT Validator - Vertx:compile

Identifiers

  • pkg:maven/org.jctools/jctools-core@4.0.5  (Confidence:High)

netty-transport-4.2.7.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/io/netty/netty-transport/4.2.7.Final/netty-transport-4.2.7.Final.jar
MD5: 355369c4efc693ca3a108ec4fc94311c
SHA1: 83ea548981d0d8c4a98027cc1a6f9624f902e142
SHA256:aadc6fb05c14fb789368ca3f854721549c72f6c0d81798bbccf9de1bb716892b
Referenced In Project/Scope: JWT Validator - Vertx:compile
netty-transport-4.2.7.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.vertx/vertx-web@5.0.5

Identifiers

slf4j-api-2.1.0-alpha1.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.1.0-alpha1/slf4j-api-2.1.0-alpha1.jar
MD5: 22d0512f94f321721b28b3365b2d7ea1
SHA1: 4e2525fc4327cc553c52e3937427c7cf2114735f
SHA256:9ab7ffa646202b499d05995a3ec82f31bccb7a50345c1514d8cb42ec8ccea353
Referenced In Project/Scope: JWT Validator - Vertx:compile
slf4j-api-2.1.0-alpha1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.2.2

Identifiers

  • pkg:maven/org.slf4j/slf4j-api@2.1.0-alpha1  (Confidence:High)

snakeyaml-2.4.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.4/snakeyaml-2.4.jar
MD5: 29410ee3a987e3bff7b847933c591972
SHA1: e0666b825b796f85521f02360e77f4c92c5a7a07
SHA256:ef779af5d29a9dde8cc70ce0341f5c6f7735e23edff9685ceaa9d35359b7bb7f
Referenced In Project/Scope: JWT Validator - Vertx:compile
snakeyaml-2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.20.1

Identifiers

vertx-core-5.0.5.jar

File Path: /home/runner/.m2/repository/io/vertx/vertx-core/5.0.5/vertx-core-5.0.5.jar
MD5: 532838368138f7a77cb8321273c613a2
SHA1: 032f32033410fb86e95cdef3e26d362e7c71f495
SHA256:403f6e900b0dc4f71ab11042ba5890ba46c04e80f07f8375c96d20b314f31a52
Referenced In Project/Scope: JWT Validator - Vertx:compile
vertx-core-5.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.vertx/vertx-web@5.0.5

Identifiers

vertx-web-5.0.5.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
Eclipse Public License - v 2.0: http://www.eclipse.org/legal/epl-v20.html
File Path: /home/runner/.m2/repository/io/vertx/vertx-web/5.0.5/vertx-web-5.0.5.jar
MD5: b524bf7ba1853f993e681de1cd9fa02f
SHA1: 28ab2ee027784bc837b0cb074f487b548b792ff4
SHA256:0abcc9736632c216e52feae11946b6f31a7697989c34f00b04433760a724a058
Referenced In Project/Scope: JWT Validator - Vertx:compile
vertx-web-5.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.2.2

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.