Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all):
- dependency-check version: 5.1.0
- Report Generated On: Mon, 1 Jul 2019 21:08:54 -0700
- Dependencies Scanned: 6 (6 unique)
- Vulnerable Dependencies: 0
- Vulnerabilities Found: 0
- Vulnerabilities Suppressed: 0
- ...
- NVD CVE Checked: 2019-07-01T20:43:28
- NVD CVE Modified: 2019-07-01T17:06:50
- VersionCheckOn: 2019-07-01T20:43:28
Display:
Showing Vulnerable Dependencies (click to show all)Dependencies
gson-2.8.5.jar
Description:
Gson JSON library
File Path: /Users/rex/.m2/repository/com/google/code/gson/gson/2.8.5/gson-2.8.5.jar
MD5: 089104cb90d8b4e1aa00b1f5faef0742
SHA1: f645ed69d595b24d4cf8b3fbb64cc505bede8829
SHA256:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81
Referenced In Project/Scope:AptSpringProcessor:compile
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | jar | package name | google | Highest |
| Vendor | Manifest | bundle-contactaddress | https://github.com/google/gson | Low |
| Vendor | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" | Low |
| Vendor | Manifest | bundle-requiredexecutionenvironment | J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 | Low |
| Vendor | pom | artifactid | gson | Low |
| Vendor | pom | parent-artifactid | gson-parent | Low |
| Vendor | file | name | gson | High |
| Vendor | pom | groupid | com.google.code.gson | Highest |
| Vendor | jar | package name | gson | Highest |
| Vendor | pom | parent-groupid | com.google.code.gson | Medium |
| Vendor | pom | groupid | google.code.gson | Highest |
| Vendor | pom | name | Gson | High |
| Vendor | Manifest | bundle-symbolicname | com.google.gson | Medium |
| Product | Manifest | Bundle-Name | Gson | Medium |
| Product | jar | package name | google | Highest |
| Product | Manifest | bundle-contactaddress | https://github.com/google/gson | Low |
| Product | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" | Low |
| Product | Manifest | bundle-requiredexecutionenvironment | J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 | Low |
| Product | file | name | gson | High |
| Product | pom | artifactid | gson | Highest |
| Product | pom | groupid | google.code.gson | Low |
| Product | pom | parent-groupid | com.google.code.gson | Low |
| Product | jar | package name | gson | Highest |
| Product | pom | parent-artifactid | gson-parent | Medium |
| Product | pom | name | Gson | High |
| Product | Manifest | bundle-symbolicname | com.google.gson | Medium |
| Version | file | version | 2.8.5 | Highest |
| Version | pom | version | 2.8.5 | Highest |
| Version | Manifest | Bundle-Version | 2.8.5 | High |
javapoet-1.11.1.jar
Description:
Use beautiful Java code to generate beautiful Java code.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rex/.m2/repository/com/squareup/javapoet/1.11.1/javapoet-1.11.1.jar
MD5: 88fd987568b1a8581eb3b77f611e4240
SHA1: 210e69f58dfa76c5529a303913b4a30c2bfeb76b
SHA256:9cbf2107be499ec6e95afd36b58e3ca122a24166cdd375732e51267d64058e90
Referenced In Project/Scope:AptSpringProcessor:compile
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | pom | organization url | http://squareup.com | Medium |
| Vendor | pom | url | http://github.com/square/javapoet/ | Highest |
| Vendor | jar | package name | javapoet | Highest |
| Vendor | pom | groupid | squareup | Highest |
| Vendor | pom | groupid | com.squareup | Highest |
| Vendor | file | name | javapoet | High |
| Vendor | pom | name | JavaPoet | High |
| Vendor | Manifest | automatic-module-name | com.squareup.javapoet | Medium |
| Vendor | pom | organization name | Square, Inc. | High |
| Vendor | jar | package name | squareup | Highest |
| Vendor | pom | artifactid | javapoet | Low |
| Product | jar | package name | javapoet | Highest |
| Product | pom | organization name | Square, Inc. | Low |
| Product | pom | url | http://github.com/square/javapoet/ | Medium |
| Product | file | name | javapoet | High |
| Product | pom | name | JavaPoet | High |
| Product | pom | artifactid | javapoet | Highest |
| Product | Manifest | automatic-module-name | com.squareup.javapoet | Medium |
| Product | pom | organization url | http://squareup.com | Low |
| Product | jar | package name | squareup | Highest |
| Product | pom | groupid | squareup | Low |
| Version | pom | version | 1.11.1 | Highest |
| Version | file | version | 1.11.1 | Highest |
jgrapht-ext-1.3.1.jar
Description:
A Java class library for graph-theory data structures and algorithms.
License:
GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 2.0: http://www.eclipse.org/legal/epl-v20.html
File Path: /Users/rex/.m2/repository/org/jgrapht/jgrapht-ext/1.3.1/jgrapht-ext-1.3.1.jar
MD5: 043747d320bd40ae6e078ab99476017f
SHA1: 29e8262c9bce3f978b608de538f2367ae9192eb8
SHA256:4ba151731c89833c6b9e0df5410d4852e48d618d961655af42a5af87a37a4000
Referenced In Project/Scope:AptSpringProcessor:compile
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | pom | artifactid | jgrapht-ext | Low |
| Vendor | pom | parent-groupid | org.jgrapht | Medium |
| Vendor | jar | package name | jgrapht | Highest |
| Vendor | pom | groupid | jgrapht | Highest |
| Vendor | Manifest | automatic-module-name | org.jgrapht.ext | Medium |
| Vendor | file | name | jgrapht-ext | High |
| Vendor | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" | Low |
| Vendor | Manifest | bundle-symbolicname | org.jgrapht.ext | Medium |
| Vendor | pom | parent-artifactid | jgrapht | Low |
| Vendor | pom | groupid | org.jgrapht | Highest |
| Vendor | jar | package name | ext | Highest |
| Vendor | pom | name | JGraphT - Ext | High |
| Product | jar | package name | jgrapht | Highest |
| Product | pom | groupid | jgrapht | Low |
| Product | Manifest | Bundle-Name | JGraphT - Ext | Medium |
| Product | Manifest | automatic-module-name | org.jgrapht.ext | Medium |
| Product | file | name | jgrapht-ext | High |
| Product | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" | Low |
| Product | pom | parent-groupid | org.jgrapht | Low |
| Product | Manifest | bundle-symbolicname | org.jgrapht.ext | Medium |
| Product | pom | artifactid | jgrapht-ext | Highest |
| Product | jar | package name | ext | Highest |
| Product | pom | parent-artifactid | jgrapht | Medium |
| Product | pom | name | JGraphT - Ext | High |
| Version | file | version | 1.3.1 | Highest |
| Version | Manifest | Bundle-Version | 1.3.1 | High |
| Version | pom | version | 1.3.1 | Highest |
jgraphx-3.9.8.1.jar
Description:
JGraphX is a Java Swing diagramming (graph visualisation) library
License:
BSD: https://github.com/vlsi/jgraphx-publish/LICENSE
File Path: /Users/rex/.m2/repository/com/github/vlsi/mxgraph/jgraphx/3.9.8.1/jgraphx-3.9.8.1.jar
MD5: bd65b3d94a7b44ace59bdb61aa207e52
SHA1: e10723d4811701cc7247dcf0fdac5e5b5daaba17
SHA256:91e270af2943f2a80ddff8155fe82e954af2ab5854a3c7020ad5a0baecaba6cc
Referenced In Project/Scope:AptSpringProcessor:compile
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | jar | package name | swing | Highest |
| Vendor | pom | artifactid | jgraphx | Low |
| Vendor | Manifest | bundle-docurl | https://github.com/vlsi/jgraphx-package | Low |
| Vendor | pom | name | jgraphx | High |
| Vendor | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" | Low |
| Vendor | pom | url | vlsi/jgraphx-publish | Highest |
| Vendor | Manifest | bundle-symbolicname | com.github.vlsi.mxgraph.jgraphx | Medium |
| Vendor | jar | package name | mxgraph | Highest |
| Vendor | file | name | jgraphx | High |
| Vendor | pom | groupid | github.vlsi.mxgraph | Highest |
| Vendor | pom | groupid | com.github.vlsi.mxgraph | Highest |
| Vendor | Manifest | automatic-module-name | com.github.vlsi.mxgraph.jgraphx | Medium |
| Product | jar | package name | swing | Highest |
| Product | Manifest | bundle-docurl | https://github.com/vlsi/jgraphx-package | Low |
| Product | pom | groupid | github.vlsi.mxgraph | Low |
| Product | pom | name | jgraphx | High |
| Product | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" | Low |
| Product | Manifest | bundle-symbolicname | com.github.vlsi.mxgraph.jgraphx | Medium |
| Product | pom | url | vlsi/jgraphx-publish | High |
| Product | jar | package name | mxgraph | Highest |
| Product | file | name | jgraphx | High |
| Product | pom | artifactid | jgraphx | Highest |
| Product | Manifest | Bundle-Name | jgraphx | Medium |
| Product | Manifest | automatic-module-name | com.github.vlsi.mxgraph.jgraphx | Medium |
| Version | file | version | 3.9.8.1 | Highest |
| Version | pom | version | 3.9.8.1 | Highest |
| Version | Manifest | Bundle-Version | 3.9.8.1 | High |
jgrapht-core-1.3.1.jar
Description:
A Java class library for graph-theory data structures and algorithms.
License:
GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 2.0: http://www.eclipse.org/legal/epl-v20.html
File Path: /Users/rex/.m2/repository/org/jgrapht/jgrapht-core/1.3.1/jgrapht-core-1.3.1.jar
MD5: ca4f38f464f7ceb542553af4117e0598
SHA1: 02a60359a72bea12c2336400408cebd0254b63be
SHA256:71dc44221c43ae89e59e42d024cce9d1dfaef844afb544ca1cdbf96a4bdf2736
Referenced In Project/Scope:AptSpringProcessor:compile
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | pom | groupid | jgrapht | Highest |
| Vendor | pom | parent-groupid | org.jgrapht | Medium |
| Vendor | pom | name | JGraphT - Core | High |
| Vendor | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" | Low |
| Vendor | jar | package name | jgrapht | Highest |
| Vendor | Manifest | bundle-symbolicname | org.jgrapht.core | Medium |
| Vendor | pom | parent-artifactid | jgrapht | Low |
| Vendor | pom | groupid | org.jgrapht | Highest |
| Vendor | pom | artifactid | jgrapht-core | Low |
| Vendor | Manifest | automatic-module-name | org.jgrapht.core | Medium |
| Vendor | file | name | jgrapht-core | High |
| Product | pom | artifactid | jgrapht-core | Highest |
| Product | pom | name | JGraphT - Core | High |
| Product | jar | package name | jgrapht | Highest |
| Product | pom | groupid | jgrapht | Low |
| Product | Manifest | require-capability | osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" | Low |
| Product | pom | parent-groupid | org.jgrapht | Low |
| Product | Manifest | bundle-symbolicname | org.jgrapht.core | Medium |
| Product | Manifest | Bundle-Name | JGraphT - Core | Medium |
| Product | pom | parent-artifactid | jgrapht | Medium |
| Product | Manifest | automatic-module-name | org.jgrapht.core | Medium |
| Product | file | name | jgrapht-core | High |
| Product | jar | package name | graph | Highest |
| Version | file | version | 1.3.1 | Highest |
| Version | Manifest | Bundle-Version | 1.3.1 | High |
| Version | pom | version | 1.3.1 | Highest |
jheaps-0.10.jar
Description:
A free, production-ready, efficient Java library containing a collection of heap data-structures.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/rex/.m2/repository/org/jheaps/jheaps/0.10/jheaps-0.10.jar
MD5: bc6109d64453c1edb97f27d91e146dfb
SHA1: 4a85245d16284f555e94dd2a05b6de377f542e9a
SHA256:1c04ab9ed8bb649fe70baa9996dae58c987da87b91ee21b82db023d98b2af59f
Referenced In Project/Scope:AptSpringProcessor:compile
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | pom | groupid | org.jheaps | Highest |
| Vendor | jar | package name | jheaps | Highest |
| Vendor | Manifest | automatic-module-name | org.jheaps | Medium |
| Vendor | pom | artifactid | jheaps | Low |
| Vendor | jar | package name | heap | Highest |
| Vendor | pom | groupid | jheaps | Highest |
| Vendor | pom | name | JHeaps | High |
| Vendor | file | name | jheaps | High |
| Vendor | pom | url | http://www.jheaps.org | Highest |
| Product | jar | package name | jheaps | Highest |
| Product | Manifest | automatic-module-name | org.jheaps | Medium |
| Product | jar | package name | heap | Highest |
| Product | pom | groupid | jheaps | Low |
| Product | pom | name | JHeaps | High |
| Product | pom | url | http://www.jheaps.org | Medium |
| Product | file | name | jheaps | High |
| Product | pom | artifactid | jheaps | Highest |
| Version | pom | version | 0.10 | Highest |
| Version | file | version | 0.10 | Highest |