Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: PowerStatsToolbaselineJava

de.powerstat.toolbaseline:tbl-java-parent:17.2.0

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
log4j-core-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1 0Highest40
log4j-slf4j-impl-2.23.1.jarpkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1 036
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
spotbugs-annotations-4.8.6.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 053

Dependencies (vulnerable)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: PowerStatsToolbaselineJava:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6

Identifiers

log4j-core-2.23.1.jar

Description:

The Apache Log4j Implementation

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-core\2.23.1\log4j-core-2.23.1.jar
MD5: 34fad2df975cf874a2fdf4b797122f16
SHA1: 905802940e2c78042d75b837c136ac477d2b4e4d
SHA256:7079368005fc34f56248f57f8a8a53361c3a53e9007d556dbc66fc669df081b5
Referenced In Project/Scope: PowerStatsToolbaselineJava:compile
log4j-core-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.toolbaseline/tbl-java-parent@17.2.0

Identifiers

log4j-slf4j-impl-2.23.1.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-slf4j-impl\2.23.1\log4j-slf4j-impl-2.23.1.jar
MD5: c5a27e08e18600d379d0ca72d71838b8
SHA1: 9ef67909a1b4eae999af4c7a211ab2379e4b86c2
SHA256:210742c8fb85b0dcc26a9d74a32fbc828e0429087dee3d2920d4a76b1eb96d91
Referenced In Project/Scope: PowerStatsToolbaselineJava:runtime
log4j-slf4j-impl-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.toolbaseline/tbl-java-parent@17.2.0

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: C:\Users\PowerStat\.m2\repository\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: PowerStatsToolbaselineJava:runtime
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1

Identifiers

spotbugs-annotations-4.8.6.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: C:\Users\PowerStat\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.6\spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: PowerStatsToolbaselineJava:compile
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.toolbaseline/tbl-java-parent@17.2.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.