Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all):
- dependency-check version: 12.1.9
- Report Generated On: Sat, 20 Dec 2025 12:02:30 GMT
- Dependencies Scanned: 8 (8 unique)
- Vulnerable Dependencies: 0
- Vulnerabilities Found: 0
- Vulnerabilities Suppressed: 0
- ...
- NVD API Last Checked: 2025-12-20T11:51:11Z
- NVD API Last Modified: 2025-12-20T09:15:55Z
Summary
Summary of Vulnerable Dependencies (click to show all)
annotations-26.0.2-1.jar
Description:
A set of annotations used for code inspection support and code documentation.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/jetbrains/annotations/26.0.2-1/annotations-26.0.2-1.jar
MD5: ef0e782af9ee48fac1156485366d7cc9
SHA1: c7ce3cdeda3d18909368dfe5977332dfad326c6d
SHA256:2037be378980d3ba9333e97955f3b2cde392aa124d04ca73ce2eee6657199297
Referenced In Project/Scope: Java Test:provided
annotations-26.0.2-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/me.chrissw-r1/java-parent-test@3.0.34
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | annotations | High |
| Vendor | jar | package name | annotations | Highest |
| Vendor | jar | package name | jetbrains | Highest |
| Vendor | Manifest | multi-release | true | Low |
| Vendor | pom | artifactid | annotations | Highest |
| Vendor | pom | artifactid | annotations | Low |
| Vendor | pom | developer id | JetBrains | Medium |
| Vendor | pom | developer name | JetBrains Team | Medium |
| Vendor | pom | developer org | JetBrains | Medium |
| Vendor | pom | developer org URL | https://www.jetbrains.com | Medium |
| Vendor | pom | groupid | org.jetbrains | Highest |
| Vendor | pom | name | JetBrains Java Annotations | High |
| Vendor | pom | url | JetBrains/java-annotations | Highest |
| Product | file | name | annotations | High |
| Product | jar | package name | annotations | Highest |
| Product | jar | package name | jetbrains | Highest |
| Product | Manifest | multi-release | true | Low |
| Product | pom | artifactid | annotations | Highest |
| Product | pom | developer id | JetBrains | Low |
| Product | pom | developer name | JetBrains Team | Low |
| Product | pom | developer org | JetBrains | Low |
| Product | pom | developer org URL | https://www.jetbrains.com | Low |
| Product | pom | groupid | org.jetbrains | Highest |
| Product | pom | name | JetBrains Java Annotations | High |
| Product | pom | url | JetBrains/java-annotations | High |
| Version | pom | version | 26.0.2-1 | Highest |
jcip-annotations-1.0-1.jar
Description:
A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope: Java Test:provided
jcip-annotations-1.0-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/me.chrissw-r1/java-parent-test@3.0.34
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | jcip-annotations | High |
| Vendor | jar | package name | annotations | Highest |
| Vendor | jar | package name | annotations | Low |
| Vendor | jar | package name | jcip | Highest |
| Vendor | jar | package name | jcip | Low |
| Vendor | jar | package name | net | Low |
| Vendor | pom | artifactid | jcip-annotations | Highest |
| Vendor | pom | artifactid | jcip-annotations | Low |
| Vendor | pom | developer id | stephenc | Medium |
| Vendor | pom | developer name | Stephen Connolly | Medium |
| Vendor | pom | groupid | com.github.stephenc.jcip | Highest |
| Vendor | pom | name | JCIP Annotations under Apache License | High |
| Vendor | pom | url | http://stephenc.github.com/jcip-annotations | Highest |
| Product | file | name | jcip-annotations | High |
| Product | jar | package name | annotations | Highest |
| Product | jar | package name | annotations | Low |
| Product | jar | package name | jcip | Highest |
| Product | jar | package name | jcip | Low |
| Product | pom | artifactid | jcip-annotations | Highest |
| Product | pom | developer id | stephenc | Low |
| Product | pom | developer name | Stephen Connolly | Low |
| Product | pom | groupid | com.github.stephenc.jcip | Highest |
| Product | pom | name | JCIP Annotations under Apache License | High |
| Product | pom | url | http://stephenc.github.com/jcip-annotations | Medium |
| Version | pom | version | 1.0-1 | Highest |
jsr305-3.0.2.jar
Description:
JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: Java Test:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | jsr305 | High |
| Vendor | Manifest | bundle-symbolicname | org.jsr-305 | Medium |
| Vendor | pom | artifactid | jsr305 | Highest |
| Vendor | pom | artifactid | jsr305 | Low |
| Vendor | pom | groupid | com.google.code.findbugs | Highest |
| Vendor | pom | name | FindBugs-jsr305 | High |
| Vendor | pom | url | http://findbugs.sourceforge.net/ | Highest |
| Product | file | name | jsr305 | High |
| Product | Manifest | Bundle-Name | FindBugs-jsr305 | Medium |
| Product | Manifest | bundle-symbolicname | org.jsr-305 | Medium |
| Product | pom | artifactid | jsr305 | Highest |
| Product | pom | groupid | com.google.code.findbugs | Highest |
| Product | pom | name | FindBugs-jsr305 | High |
| Product | pom | url | http://findbugs.sourceforge.net/ | Medium |
| Version | file | version | 3.0.2 | High |
| Version | Manifest | Bundle-Version | 3.0.2 | High |
| Version | pom | version | 3.0.2 | Highest |
lombok-1.18.42.jar
Description:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.42/lombok-1.18.42.jar
MD5: f29149836e0187fb9fd95d82dc718d36
SHA1: 8365263844ebb62398e0dc33057ba10ba472d3b8
SHA256:3488a4e9994c26596baaceebee58cad36a50e3bdaec5be72b5834d3c3b560306
Referenced In Project/Scope: Java Test:provided
lombok-1.18.42.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/me.chrissw-r1/java-parent-test@3.0.34
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | lombok | High |
| Vendor | jar | package name | java | Highest |
| Vendor | jar | package name | lombok | Highest |
| Vendor | jar | package name | tostring | Highest |
| Vendor | Manifest | automatic-module-name | lombok | Medium |
| Vendor | Manifest | can-redefine-classes | true | Low |
| Vendor | pom | artifactid | lombok | Highest |
| Vendor | pom | artifactid | lombok | Low |
| Vendor | pom | developer email | reinier@projectlombok.org | Low |
| Vendor | pom | developer email | roel@projectlombok.org | Low |
| Vendor | pom | developer id | rspilker | Medium |
| Vendor | pom | developer id | rzwitserloot | Medium |
| Vendor | pom | developer name | Reinier Zwitserloot | Medium |
| Vendor | pom | developer name | Roel Spilker | Medium |
| Vendor | pom | groupid | org.projectlombok | Highest |
| Vendor | pom | name | Project Lombok | High |
| Vendor | pom | url | https://projectlombok.org | Highest |
| Product | file | name | lombok | High |
| Product | jar | package name | java | Highest |
| Product | jar | package name | lombok | Highest |
| Product | jar | package name | tostring | Highest |
| Product | Manifest | automatic-module-name | lombok | Medium |
| Product | Manifest | can-redefine-classes | true | Low |
| Product | pom | artifactid | lombok | Highest |
| Product | pom | developer email | reinier@projectlombok.org | Low |
| Product | pom | developer email | roel@projectlombok.org | Low |
| Product | pom | developer id | rspilker | Low |
| Product | pom | developer id | rzwitserloot | Low |
| Product | pom | developer name | Reinier Zwitserloot | Low |
| Product | pom | developer name | Roel Spilker | Low |
| Product | pom | groupid | org.projectlombok | Highest |
| Product | pom | name | Project Lombok | High |
| Product | pom | url | https://projectlombok.org | Medium |
| Version | file | version | 1.18.42 | High |
| Version | Manifest | lombok-version | 1.18.42 | Medium |
| Version | pom | version | 1.18.42 | Highest |
lombok-1.18.42.jar: mavenEcjBootstrapAgent.jar
File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.42/lombok-1.18.42.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9
Referenced In Project/Scope: Java Test:provided
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | mavenEcjBootstrapAgent | High |
| Vendor | jar | package name | launch | Low |
| Vendor | jar | package name | lombok | Low |
| Vendor | Manifest | can-redefine-classes | true | Low |
| Product | file | name | mavenEcjBootstrapAgent | High |
| Product | jar | package name | launch | Low |
| Product | Manifest | can-redefine-classes | true | Low |
proguard-annotations-7.8.2.jar
Description:
Java annotations to configure ProGuard, the free shrinker, optimizer, obfuscator, and preverifier for Java bytecode
License:
GNU General Public License, Version 2: https://www.gnu.org/licenses/gpl-2.0.txt
File Path: /home/runner/.m2/repository/com/guardsquare/proguard-annotations/7.8.2/proguard-annotations-7.8.2.jar
MD5: d14549b6031f5a0560f15034bfcd5927
SHA1: 938db20b9393793410777f51d7745b74fc7d39d7
SHA256:b5764e56e338468ebd94b7f8e6cbc65a94b3f997cc42d9429143aad8a5498220
Referenced In Project/Scope: Java Test:provided
proguard-annotations-7.8.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/me.chrissw-r1/java-parent-test@3.0.34
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | proguard-annotations | High |
| Vendor | jar | package name | annotation | Low |
| Vendor | jar | package name | proguard | Highest |
| Vendor | jar | package name | proguard | Low |
| Vendor | pom | artifactid | proguard-annotations | Highest |
| Vendor | pom | artifactid | proguard-annotations | Low |
| Vendor | pom | developer id | lafortune | Medium |
| Vendor | pom | developer name | Eric Lafortune | Medium |
| Vendor | pom | developer org | Guardsquare | Medium |
| Vendor | pom | developer org URL | https://www.guardsquare.com/ | Medium |
| Vendor | pom | groupid | com.guardsquare | Highest |
| Vendor | pom | name | com.guardsquare:proguard-annotations | High |
| Vendor | pom | url | https://www.guardsquare.com/proguard | Highest |
| Product | file | name | proguard-annotations | High |
| Product | jar | package name | annotation | Low |
| Product | jar | package name | proguard | Highest |
| Product | pom | artifactid | proguard-annotations | Highest |
| Product | pom | developer id | lafortune | Low |
| Product | pom | developer name | Eric Lafortune | Low |
| Product | pom | developer org | Guardsquare | Low |
| Product | pom | developer org URL | https://www.guardsquare.com/ | Low |
| Product | pom | groupid | com.guardsquare | Highest |
| Product | pom | name | com.guardsquare:proguard-annotations | High |
| Product | pom | url | https://www.guardsquare.com/proguard | Medium |
| Version | file | version | 7.8.2 | High |
| Version | pom | version | 7.8.2 | Highest |
slf4j-api-2.0.17.jar
Description:
The slf4j API
License:
https://opensource.org/license/mit
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: Java Test:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/me.chrissw-r1/java-parent-test@3.0.34
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | slf4j-api | High |
| Vendor | jar | package name | slf4j | Highest |
| Vendor | Manifest | build-jdk-spec | 21 | Low |
| Vendor | Manifest | bundle-docurl | http://www.slf4j.org | Low |
| Vendor | Manifest | bundle-symbolicname | slf4j.api | Medium |
| Vendor | Manifest | multi-release | true | Low |
| Vendor | pom | artifactid | slf4j-api | Highest |
| Vendor | pom | artifactid | slf4j-api | Low |
| Vendor | pom | groupid | org.slf4j | Highest |
| Vendor | pom | name | SLF4J API Module | High |
| Vendor | pom | parent-artifactid | slf4j-parent | Low |
| Vendor | pom | url | http://www.slf4j.org | Highest |
| Product | file | name | slf4j-api | High |
| Product | jar | package name | slf4j | Highest |
| Product | Manifest | build-jdk-spec | 21 | Low |
| Product | Manifest | bundle-docurl | http://www.slf4j.org | Low |
| Product | Manifest | Bundle-Name | SLF4J API Module | Medium |
| Product | Manifest | bundle-symbolicname | slf4j.api | Medium |
| Product | Manifest | Implementation-Title | slf4j-api | High |
| Product | Manifest | multi-release | true | Low |
| Product | pom | artifactid | slf4j-api | Highest |
| Product | pom | groupid | org.slf4j | Highest |
| Product | pom | name | SLF4J API Module | High |
| Product | pom | parent-artifactid | slf4j-parent | Medium |
| Product | pom | url | http://www.slf4j.org | Medium |
| Version | file | version | 2.0.17 | High |
| Version | Manifest | Bundle-Version | 2.0.17 | High |
| Version | Manifest | Implementation-Version | 2.0.17 | High |
| Version | pom | version | 2.0.17 | Highest |
spotbugs-annotations-4.9.8.jar
Description:
Annotations the SpotBugs tool supports
License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.8/spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: Java Test:provided
spotbugs-annotations-4.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/me.chrissw-r1/java-parent-test@3.0.34
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | spotbugs-annotations | High |
| Vendor | Manifest | automatic-module-name | com.github.spotbugs.annotations | Medium |
| Vendor | Manifest | bundle-requiredexecutionenvironment | JavaSE-1.8 | Low |
| Vendor | Manifest | bundle-symbolicname | spotbugs-annotations | Medium |
| Vendor | pom | artifactid | spotbugs-annotations | Highest |
| Vendor | pom | artifactid | spotbugs-annotations | Low |
| Vendor | pom | developer email | andreas.sewe@codetrails.com | Low |
| Vendor | pom | developer email | dbrosius@mebigfatguy.com | Low |
| Vendor | pom | developer email | loskutov@gmx.de | Low |
| Vendor | pom | developer email | skypencil@gmail.com | Low |
| Vendor | pom | developer id | henrik242 | Medium |
| Vendor | pom | developer id | iloveeclipse | Medium |
| Vendor | pom | developer id | jsotuyod | Medium |
| Vendor | pom | developer id | KengoTODA | Medium |
| Vendor | pom | developer id | mebigfatguy | Medium |
| Vendor | pom | developer id | sewe | Medium |
| Vendor | pom | developer id | ThrawnCA | Medium |
| Vendor | pom | developer name | Andreas Sewe | Medium |
| Vendor | pom | developer name | Andrey Loskutov | Medium |
| Vendor | pom | developer name | Dave Brosius | Medium |
| Vendor | pom | developer name | Juan Martín Sotuyo Dodero | Medium |
| Vendor | pom | developer name | Kengo TODA | Medium |
| Vendor | pom | groupid | com.github.spotbugs | Highest |
| Vendor | pom | name | SpotBugs Annotations | High |
| Vendor | pom | url | https://spotbugs.github.io/ | Highest |
| Product | file | name | spotbugs-annotations | High |
| Product | Manifest | automatic-module-name | com.github.spotbugs.annotations | Medium |
| Product | Manifest | Bundle-Name | spotbugs-annotations | Medium |
| Product | Manifest | bundle-requiredexecutionenvironment | JavaSE-1.8 | Low |
| Product | Manifest | bundle-symbolicname | spotbugs-annotations | Medium |
| Product | pom | artifactid | spotbugs-annotations | Highest |
| Product | pom | developer email | andreas.sewe@codetrails.com | Low |
| Product | pom | developer email | dbrosius@mebigfatguy.com | Low |
| Product | pom | developer email | loskutov@gmx.de | Low |
| Product | pom | developer email | skypencil@gmail.com | Low |
| Product | pom | developer id | henrik242 | Low |
| Product | pom | developer id | iloveeclipse | Low |
| Product | pom | developer id | jsotuyod | Low |
| Product | pom | developer id | KengoTODA | Low |
| Product | pom | developer id | mebigfatguy | Low |
| Product | pom | developer id | sewe | Low |
| Product | pom | developer id | ThrawnCA | Low |
| Product | pom | developer name | Andreas Sewe | Low |
| Product | pom | developer name | Andrey Loskutov | Low |
| Product | pom | developer name | Dave Brosius | Low |
| Product | pom | developer name | Juan Martín Sotuyo Dodero | Low |
| Product | pom | developer name | Kengo TODA | Low |
| Product | pom | groupid | com.github.spotbugs | Highest |
| Product | pom | name | SpotBugs Annotations | High |
| Product | pom | url | https://spotbugs.github.io/ | Medium |
| Version | file | version | 4.9.8 | High |
| Version | Manifest | Bundle-Version | 4.9.8 | High |
| Version | pom | version | 4.9.8 | Highest |