Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: smartsprites

com.github.hazendaz:smartsprites:0.4.1

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
ant-1.10.15.jarcpe:2.3:a:apache:ant:1.10.15:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.15 0Highest24
args4j-2.37.jarcpe:2.3:a:jsite:jsite:2.37:*:*:*:*:*:*:*pkg:maven/args4j/args4j@2.37 0Low26
checker-qual-3.51.1.jarpkg:maven/org.checkerframework/checker-qual@3.51.1 044
commons-io-2.21.0.jarcpe:2.3:a:apache:commons_io:2.21.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.21.0 0Highest127
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
error_prone_annotations-2.43.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.43.0 029
failureaccess-1.0.3.jarpkg:maven/com.google.guava/failureaccess@1.0.3 032
guava-33.5.0-jre.jarcpe:2.3:a:google:guava:33.5.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.5.0-jre 0Highest25
j2objc-annotations-3.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.1 033
jspecify-1.0.0.jarpkg:maven/org.jspecify/jspecify@1.0.0 032
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
lombok-1.18.42.jar: mavenEcjBootstrapAgent.jar 07
lombok-1.18.42.jarpkg:maven/org.projectlombok/lombok@1.18.42 036
modernizer-maven-annotations-3.2.0.jarpkg:maven/org.gaul/modernizer-maven-annotations@3.2.0 019
spotbugs-annotations-4.9.8.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8 053

Dependencies (vulnerable)

ant-1.10.15.jar

File Path: C:\Users\Jeremy\.m2\repository\org\apache\ant\ant\1.10.15\ant-1.10.15.jar
MD5: 688b6e5ca5900863c26af4fe4ee7e924
SHA1: da854f5503ee061a5a3b2cfcbe98ee27aa4a5ef9
SHA256:763acda4a69588c9ea8817a952851ff0c2fc4bffa1d081c2565dc407f29d5794
Referenced In Project/Scope: smartsprites:provided
ant-1.10.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

args4j-2.37.jar

Description:

args4j : Java command line arguments parser

License:

http://www.opensource.org/licenses/mit-license.php
File Path: C:\Users\Jeremy\.m2\repository\args4j\args4j\2.37\args4j-2.37.jar
MD5: f58e89e55a715448f1eac17edaf4b511
SHA1: 244f60c057d72a785227c0562d3560f42a7ea54b
SHA256:5a13b0f7ff519183e55b8f453b8faaa23b92ccf0443f1fac515fedf2246bdc18
Referenced In Project/Scope: smartsprites:compile
args4j-2.37.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/args4j/args4j@2.37  (Confidence:High)
  • cpe:2.3:a:jsite:jsite:2.37:*:*:*:*:*:*:*  (Confidence:Low)  

checker-qual-3.51.1.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\3.51.1\checker-qual-3.51.1.jar
MD5: 1b247ba89d3b8776fa6223324b934f56
SHA1: d69c339a293b5ec04b26c9d994cbeffb7056d122
SHA256:153aeffe56ca24f3a9b8b6c6ff813eace9620ccf35adfab91d491682e56cd5ce
Referenced In Project/Scope: smartsprites:compile
checker-qual-3.51.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/org.checkerframework/checker-qual@3.51.1  (Confidence:High)

commons-io-2.21.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.21.0\commons-io-2.21.0.jar
MD5: bc7e020873f086ede85f97bd9f013215
SHA1: 52a6f68fe5afe335cde95461dd5c3412f04996f7
SHA256:7d643a2afea8b058b762aa6fb90e5b256f6c729739f8b3784c3370ddc609e88d
Referenced In Project/Scope: smartsprites:compile
commons-io-2.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-math3\3.6.1\commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: smartsprites:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/org.apache.commons/commons-math3@3.6.1  (Confidence:High)

error_prone_annotations-2.43.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.43.0\error_prone_annotations-2.43.0.jar
MD5: 59fe4a79ce3218423f4f8918f04ef22f
SHA1: a4f9062316c31850b03085e45717f564fd563ceb
SHA256:48272e75c16e1f7bdc7bd19529ccacd5ee170404701d7f5a23441bb5847957f5
Referenced In Project/Scope: smartsprites:provided
error_prone_annotations-2.43.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/com.google.errorprone/error_prone_annotations@2.43.0  (Confidence:High)

failureaccess-1.0.3.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\failureaccess\1.0.3\failureaccess-1.0.3.jar
MD5: 29a782e90f6b37218b18bb880d2a8f4a
SHA1: aeaffd00d57023a2c947393ed251f0354f0985fc
SHA256:cbfc3906b19b8f55dd7cfd6dfe0aa4532e834250d7f080bd8d211a3e246b59cb
Referenced In Project/Scope: smartsprites:compile
failureaccess-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/com.google.guava/failureaccess@1.0.3  (Confidence:High)

guava-33.5.0-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\33.5.0-jre\guava-33.5.0-jre.jar
MD5: d9fbf39a41a5bab891348f07668e18c5
SHA1: 8699de25f2f979108d6c1b804a7ba38cda1116bc
SHA256:1e301f0c52ac248b0b14fdc3d12283c77252d4d6f48521d572e7d8c4c2cc4ac7
Referenced In Project/Scope: smartsprites:compile
guava-33.5.0-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

j2objc-annotations-3.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\3.1\j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256:84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: smartsprites:provided
j2objc-annotations-3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/com.google.j2objc/j2objc-annotations@3.1  (Confidence:High)

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\jspecify\jspecify\1.0.0\jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: smartsprites:compile
jspecify-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/org.jspecify/jspecify@1.0.0  (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: smartsprites:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8

Identifiers

  • pkg:maven/com.google.code.findbugs/jsr305@3.0.2  (Confidence:High)

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: smartsprites:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.5.0-jre

Identifiers

  • pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava  (Confidence:High)

lombok-1.18.42.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.42\lombok-1.18.42.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9
Referenced In Project/Scope: smartsprites:provided

Identifiers

  • None

lombok-1.18.42.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.42\lombok-1.18.42.jar
MD5: f29149836e0187fb9fd95d82dc718d36
SHA1: 8365263844ebb62398e0dc33057ba10ba472d3b8
SHA256:3488a4e9994c26596baaceebee58cad36a50e3bdaec5be72b5834d3c3b560306
Referenced In Project/Scope: smartsprites:provided
lombok-1.18.42.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/org.projectlombok/lombok@1.18.42  (Confidence:High)

modernizer-maven-annotations-3.2.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\3.2.0\modernizer-maven-annotations-3.2.0.jar
MD5: 127396b14eb51fd93eb587308f079768
SHA1: 23a99089ff682152e86ab1691a8232db325def09
SHA256:9f9396f361f0d45d435355c1f2b57980307abd81f3131083ec18f54fbbaa5ecb
Referenced In Project/Scope: smartsprites:provided
modernizer-maven-annotations-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/org.gaul/modernizer-maven-annotations@3.2.0  (Confidence:High)

spotbugs-annotations-4.9.8.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.9.8\spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: smartsprites:provided
spotbugs-annotations-4.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.1

Identifiers

  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8  (Confidence:High)


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.