Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: JWT Validator - Vertx

uk.co.spudsoft:jwt-validator-vertx:0.0.45

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
error_prone_annotations-2.36.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.36.0 029
failureaccess-1.0.3.jarpkg:maven/com.google.guava/failureaccess@1.0.3 032
guava-33.4.8-jre.jarcpe:2.3:a:google:guava:33.4.8:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.4.8-jre 0Highest25
j2objc-annotations-3.0.0.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 033
jackson-annotations-2.20-rc1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20:rc1:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.20-rc1 0Low35
jackson-core-2.20.0-rc1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20.0:rc1:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.20.0-rc1 0Low45
jackson-databind-2.20.0-rc1.jarcpe:2.3:a:fasterxml:jackson-databind:2.20.0:rc1:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.20.0:rc1:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.20.0-rc1 0Highest39
jackson-dataformat-yaml-2.20.0-rc1.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.20.0:rc1:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.20.0-rc1 0Highest37
jspecify-1.0.0.jarpkg:maven/org.jspecify/jspecify@1.0.0 032
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
netty-common-4.2.4.Final.jar (shaded: org.jctools:jctools-core:4.0.5)pkg:maven/org.jctools/jctools-core@4.0.5 09
netty-transport-4.2.4.Final.jarcpe:2.3:a:netty:netty:4.2.4:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.2.4.Final 0Highest35
slf4j-api-2.1.0-alpha1.jarpkg:maven/org.slf4j/slf4j-api@2.1.0-alpha1 027
snakeyaml-2.4.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.4:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.4 0Highest42
vertx-core-5.0.3.jarcpe:2.3:a:eclipse:vert.x:5.0.3:*:*:*:*:*:*:*pkg:maven/io.vertx/vertx-core@5.0.3 0High29
vertx-web-5.0.3.jarcpe:2.3:a:web_project:web:5.0.3:*:*:*:*:*:*:*pkg:maven/io.vertx/vertx-web@5.0.3 0Highest29

Dependencies (vulnerable)

error_prone_annotations-2.36.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256:77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Project/Scope: JWT Validator - Vertx:compile
error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.4.8-jre

Identifiers

failureaccess-1.0.3.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/failureaccess/1.0.3/failureaccess-1.0.3.jar
MD5: 29a782e90f6b37218b18bb880d2a8f4a
SHA1: aeaffd00d57023a2c947393ed251f0354f0985fc
SHA256:cbfc3906b19b8f55dd7cfd6dfe0aa4532e834250d7f080bd8d211a3e246b59cb
Referenced In Project/Scope: JWT Validator - Vertx:compile
failureaccess-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.4.8-jre

Identifiers

guava-33.4.8-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/guava/33.4.8-jre/guava-33.4.8-jre.jar
MD5: 72920caab34426c5815e3b00f80e3b01
SHA1: e70a3268e6cd3e7d458aa15787ce6811c34e96ae
SHA256:f3d7f57f67fd622f4d468dfdd692b3a5e3909246c28017ac3263405f0fe617ed
Referenced In Project/Scope: JWT Validator - Vertx:compile
guava-33.4.8-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.0.45

Identifiers

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: JWT Validator - Vertx:compile
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.4.8-jre

Identifiers

jackson-annotations-2.20-rc1.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.20-rc1/jackson-annotations-2.20-rc1.jar
MD5: bc5c5949ea1491871352584c09ece06d
SHA1: 0374f15ce6ee0e290f49eb2d6ac744dbacdaeacf
SHA256:de04bcaa63854081b85dfcaebe9a4b7b79205d0230d691160c4ad78263f2238a
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-annotations-2.20-rc1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.20.0-rc1

Identifiers

jackson-core-2.20.0-rc1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.20.0-rc1/jackson-core-2.20.0-rc1.jar
MD5: d1b86bf5e5495ffa3f09713ae86f9d03
SHA1: 0790a8a47716213fa366752ea167fa1bea9fd58b
SHA256:ac4c17404fed4c4cf1da25ade3fac331d65fc4cfa05a85028e73b4bef128c78a
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-core-2.20.0-rc1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.20.0-rc1

Identifiers

jackson-databind-2.20.0-rc1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.20.0-rc1/jackson-databind-2.20.0-rc1.jar
MD5: 3ca1ff7793449a0cd654b953306cfb5b
SHA1: fa6dda74c021c4b17158f66ce9e1fdb260455714
SHA256:956d79c16df2820040e764051fc3a09c47fe35dc83d27cdf7311cb5e98e42619
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-databind-2.20.0-rc1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.0.45

Identifiers

jackson-dataformat-yaml-2.20.0-rc1.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.20.0-rc1/jackson-dataformat-yaml-2.20.0-rc1.jar
MD5: 0e58bc698b54df686620231e59348c9b
SHA1: 4921c6aff317afa6bc5d95283fced44b97ce139f
SHA256:63e19922856dbee3852d9e45ad7a32c6e1beae001b77914a9e728796bb4f47b8
Referenced In Project/Scope: JWT Validator - Vertx:compile
jackson-dataformat-yaml-2.20.0-rc1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.0.45

Identifiers

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: JWT Validator - Vertx:compile
jspecify-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.4.8-jre

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /home/runner/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: JWT Validator - Vertx:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.4.8-jre

Identifiers

netty-common-4.2.4.Final.jar (shaded: org.jctools:jctools-core:4.0.5)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/netty/netty-common/4.2.4.Final/netty-common-4.2.4.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 5d5135397b920a7dcbca5c1fb0576cf2
SHA1: eaa05d6ad937464312a2681a3236c0e06602bbb7
SHA256:a69897b8ff0c2198b4b8cd7d4f93fde6d42b8e9dbfc95553585e27587b24e211
Referenced In Project/Scope: JWT Validator - Vertx:compile

Identifiers

netty-transport-4.2.4.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/io/netty/netty-transport/4.2.4.Final/netty-transport-4.2.4.Final.jar
MD5: 1cf0d3654f4490887cb0ff072155c893
SHA1: dcc86deff7735fe678a9159e3ba991cc85a6870b
SHA256:c7873858bcf25d59211f99d3dd35a52d644efc5116cd0a00cd4402b3d23c6372
Referenced In Project/Scope: JWT Validator - Vertx:compile
netty-transport-4.2.4.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.vertx/vertx-web@5.0.3

Identifiers

slf4j-api-2.1.0-alpha1.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.1.0-alpha1/slf4j-api-2.1.0-alpha1.jar
MD5: 22d0512f94f321721b28b3365b2d7ea1
SHA1: 4e2525fc4327cc553c52e3937427c7cf2114735f
SHA256:9ab7ffa646202b499d05995a3ec82f31bccb7a50345c1514d8cb42ec8ccea353
Referenced In Project/Scope: JWT Validator - Vertx:compile
slf4j-api-2.1.0-alpha1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.0.45

Identifiers

snakeyaml-2.4.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.4/snakeyaml-2.4.jar
MD5: 29410ee3a987e3bff7b847933c591972
SHA1: e0666b825b796f85521f02360e77f4c92c5a7a07
SHA256:ef779af5d29a9dde8cc70ce0341f5c6f7735e23edff9685ceaa9d35359b7bb7f
Referenced In Project/Scope: JWT Validator - Vertx:compile
snakeyaml-2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.20.0-rc1

Identifiers

vertx-core-5.0.3.jar

File Path: /home/runner/.m2/repository/io/vertx/vertx-core/5.0.3/vertx-core-5.0.3.jar
MD5: 959265108883d503452e9b0d9a278357
SHA1: 12a5b052d28bb0754f4d7590982b930b28279565
SHA256:942d0754056bdb1437f043f41cdf9cd43d93857d254ca4d0fddb14abbf380d03
Referenced In Project/Scope: JWT Validator - Vertx:compile
vertx-core-5.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.vertx/vertx-web@5.0.3

Identifiers

vertx-web-5.0.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
Eclipse Public License - v 2.0: http://www.eclipse.org/legal/epl-v20.html
File Path: /home/runner/.m2/repository/io/vertx/vertx-web/5.0.3/vertx-web-5.0.3.jar
MD5: 0fd035a732061be50a816557e47e54bb
SHA1: c9cf6c55218c600e1daa94e7280a51e078118e5b
SHA256:75581dca9b379cf6f945e79910eba6bedebb674d282f3bcb8783d93774644e57
Referenced In Project/Scope: JWT Validator - Vertx:compile
vertx-web-5.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/uk.co.spudsoft/jwt-validator-vertx@0.0.45

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.