BSD 3-clause |  | com.adobe.xmp
»
xmpcore1 vulnerability |
5.1.2 | 6.1.11 |
Collections
Apache 2.0 |  | com.carrotsearch
»
hppc |
0.7.1 | 0.10.0 |
Apache 2.0 |  | com.drewnoakes
»
metadata-extractor2 vulnerabilities |
2.9.1 | 2.19.0 |
Annotation Lib
Apache 2.0 |  | com.fasterxml.jackson.core
»
jackson-annotations |
2.5.4 | 2.20 |
JSON Lib
Apache 2.0 | | com.fasterxml.jackson.core
»
jackson-core2 vulnerabilities |
2.5.4 | 3.0.2 |
JSON Lib
Apache 2.0 | | com.fasterxml.jackson.core
»
jackson-databind48 vulnerabilities |
2.5.4 | 3.0.2 |
Serializer
Apache 2.0 | | com.fasterxml.jackson.dataformat
»
jackson-dataformat-smile |
2.5.4 | 3.0.2 |
Cache Impl
Apache 2.0 |  | com.github.ben-manes.caffeine
»
caffeine |
2.4.0 | 3.2.3 |
Math Lib
BSD 3-clause | | com.github.virtuald
»
curvesapi |
1.04 | 1.08 |
Core Utils
Apache 2.0 |  | com.google.guava
»
guava3 vulnerabilities |
14.0.1 | 33.5.0-jre |
Serializer
BSD 3-clause | | com.google.protobuf
»
protobuf-java6 vulnerabilities |
3.1.0 | 4.33.1 |
MPL 1.1 |  | com.googlecode.juniversalchardet
»
juniversalchardet |
1.0.3 |
✔
|
Apache 2.0 | | com.googlecode.mp4parser
»
isoparser |
1.1.18 | 1.9.56 |
Apache 2.0 |  | com.healthmarketscience.jackcess
»
jackcess |
2.1.8 | 4.0.10 |
I18N Lib
|  | com.ibm.icu
»
icu4j |
56.1 | 78.1 |
Apache 2.0 |  | com.pff
»
java-libpst |
0.8.1 | 0.9.3 |
RSS/Atom
Apache 2.0 |  | com.rometools
»
rome |
1.5.1 | 2.1.0 |
EDL 1.0EPL 2.0GPL |  | com.sun.mail
»
gimap |
1.5.1 | 2.0.2 |
Mail Client
EDL 1.0EPL 2.0GPL | | com.sun.mail
»
javax.mail |
1.5.1 | 2.0.2 |
Apache 2.0 |  | com.tdunning
»
t-digest |
3.1 | 3.3 |
CLI Parser
Apache 2.0 |  | commons-cli
»
commons-cli |
1.2 | 1.11.0 |
Base64
Apache 2.0 |  | commons-codec
»
commons-codec |
1.10 | 1.20.0 |
Collections
Apache 2.0 |  | commons-collections
»
commons-collections |
3.2.2 | 4.5.0 |
Config
Apache 2.0 |  | commons-configuration
»
commons-configuration1 vulnerability |
1.6 | 2.12.0 |
Upload Manager
Apache 2.0 |  | commons-fileupload
»
commons-fileupload3 vulnerabilities |
1.3.2 | 2.0.0-M4 |
I/O
Apache 2.0 |  | commons-io
»
commons-io2 vulnerabilities |
2.5 | 2.21.0 |
Core Utils
Apache 2.0 |  | commons-lang
»
commons-lang1 vulnerability |
2.6 | 3.20.0 |
Apache 2.0 |  | de.l3s.boilerpipe
»
boilerpipe |
1.1.0 |
✔
|
XML Processing
BSD 3-clause |  | dom4j
»
dom4j2 vulnerabilities |
1.6.1 | 2.2.0 |
MIT |  | info.ganglia.gmetric4j
»
gmetric4j |
1.0.7 | 1.0.10 |
Application Metrics
Apache 2.0 |  | io.dropwizard.metrics
»
metrics-core |
3.2.2 | 4.2.37 |
Apache 2.0 | | io.dropwizard.metrics
»
metrics-ganglia |
3.2.2 | 3.2.6 |
Apache 2.0 | | io.dropwizard.metrics
»
metrics-graphite |
3.2.2 | 4.2.37 |
Apache 2.0 | | io.dropwizard.metrics
»
metrics-jetty9 |
3.2.2 | 4.2.37 |
Apache 2.0 | | io.dropwizard.metrics
»
metrics-jvm |
3.2.2 | 4.2.37 |
Java Spec
EDL 1.0 |  | javax.activation
»
activation |
1.1.1 | 2.1.4 |
Java Spec
EPL 2.0GPL | | javax.servlet
»
javax.servlet-api |
3.1.0 | 6.1.0 |
XML Processing
|  | jdom
»
jdom |
1.0 | 2.0.2 |
Date/Time
Apache 2.0 |  | joda-time
»
joda-time |
2.2 | 2.14.0 |
Logging
Apache 2.0 |  | log4j
»
log4j6 vulnerabilities |
1.2.17 | 2.25.2 |
Apache 2.0 |  | net.hydromatic
»
eigenbase-properties |
1.1.5 | 1.1.6 |
Parser Generator
BSD 3-clause |  | org.antlr
»
antlr4-runtime |
4.5.1-1 | 4.13.2 |
Apache 2.0 |  | org.apache.calcite
»
calcite-core2 vulnerabilities |
1.11.0 | 1.41.0 |
Apache 2.0 | | org.apache.calcite
»
calcite-linq4j |
1.11.0 | 1.41.0 |
Apache 2.0 | | org.apache.calcite.avatica
»
avatica-core1 vulnerability |
1.9.0 | 1.27.0 |
Collections
Apache 2.0 |  | org.apache.commons
»
commons-collections4 |
4.1 | 4.5.0 |
Compression
Apache 2.0 | | org.apache.commons
»
commons-compress7 vulnerabilities |
1.14 | 1.28.0 |
External Proc Exec
Apache 2.0 | | org.apache.commons
»
commons-exec |
1.3 | 1.5.0 |
Math Lib
Apache 2.0 | | org.apache.commons
»
commons-math3 |
3.4.1 | 4.0-beta1 |
Apache 2.0 |  | org.apache.curator
»
curator-client |
2.8.0 | 5.9.0 |
Dist Coordination
Apache 2.0 | | org.apache.curator
»
curator-framework |
2.8.0 | 5.9.0 |
Dist Coordination
Apache 2.0 | | org.apache.curator
»
curator-recipes |
2.8.0 | 5.9.0 |
Annotation Lib
Apache 2.0 |  | org.apache.hadoop
»
hadoop-annotations |
2.7.4 | 3.4.2 |
Auth Lib
Apache 2.0 | | org.apache.hadoop
»
hadoop-auth |
2.7.4 | 3.4.2 |
Apache 2.0 | | org.apache.hadoop
»
hadoop-common6 vulnerabilities |
2.7.4 | 3.4.2 |
Dist FS
Apache 2.0 | | org.apache.hadoop
»
hadoop-hdfs |
2.7.4 | 3.4.2 |
Dist Tracing
Apache 2.0 |  | org.apache.htrace
»
htrace-core |
3.2.0-incubating | 4.2.0-incubating |
HTTP Clients
Apache 2.0 |  | org.apache.httpcomponents
»
httpclient1 vulnerability |
4.4.1 | 5.5.1 |
HTTP Clients
Apache 2.0 | | org.apache.httpcomponents
»
httpcore |
4.4.1 | 5.3.6 |
MIME Types Lib
Apache 2.0 | | org.apache.httpcomponents
»
httpmime |
4.4.1 | 5.5.1 |
Apache 2.0 |  | org.apache.james
»
apache-mime4j-core1 vulnerability |
0.7.2 | 0.8.13 |
Apache 2.0 | | org.apache.james
»
apache-mime4j-dom |
0.7.2 | 0.8.13 |
Apache 2.0 |  | org.apache.lucene
»
lucene-analyzers-common |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-analyzers-kuromoji |
6.6.5 | 8.11.4 |
Apache 2.0 | | org.apache.lucene
»
lucene-analyzers-phonetic |
6.6.5 | 8.11.4 |
Apache 2.0 | | org.apache.lucene
»
lucene-backward-codecs |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-classification |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-codecs |
6.6.5 | 10.3.1 |
Full-Text Indexing
Apache 2.0 | | org.apache.lucene
»
lucene-core |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-expressions |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-grouping |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-highlighter |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-join |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-memory |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-misc |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-queries |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-queryparser |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-sandbox |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-spatial-extras |
6.6.5 | 10.3.1 |
Apache 2.0 | | org.apache.lucene
»
lucene-suggest |
6.6.5 | 10.3.1 |
Font Lib
Apache 2.0 |  | org.apache.pdfbox
»
fontbox |
2.0.6 | 3.0.6 |
Apache 2.0 | | org.apache.pdfbox
»
jempbox |
1.8.13 | 1.8.17 |
PDF Lib
Apache 2.0 | | org.apache.pdfbox
»
pdfbox6 vulnerabilities |
2.0.6 | 3.0.6 |
PDF Lib
Apache 2.0 | | org.apache.pdfbox
»
pdfbox-tools |
2.0.6 | 3.0.6 |
Excel Lib
Apache 2.0 |  | org.apache.poi
»
poi2 vulnerabilities |
3.17-beta1 | 5.5.0 |
Apache 2.0 | | org.apache.poi
»
poi-ooxml1 vulnerability |
3.17-beta1 | 5.5.0 |
Apache 2.0 | | org.apache.poi
»
poi-ooxml-schemas |
3.17-beta1 | 4.1.2 |
Apache 2.0 | | org.apache.poi
»
poi-scratchpad1 vulnerability |
3.17-beta1 | 5.5.0 |
Apache 2.0 |  | org.apache.solr
»
solr-core11 vulnerabilities |
6.6.5 | 9.10.0 |
Apache 2.0 | | org.apache.solr
»
solr-dataimporthandler |
6.6.5 | 8.11.4 |
Search Engine
Apache 2.0 | | org.apache.solr
»
solr-solrj2 vulnerabilities |
6.6.5 | 9.10.0 |
Apache 2.0 |  | org.apache.tika
»
tika-core8 vulnerabilities |
1.16 | 3.2.3 |
Apache 2.0 | | org.apache.tika
»
tika-java7 |
1.16 | 3.2.3 |
Apache 2.0 | | org.apache.tika
»
tika-parsers3 vulnerabilities |
1.16 | 3.2.3 |
Apache 2.0 | | org.apache.tika
»
tika-xmp |
1.16 | 3.2.3 |
XML Processing
Apache 2.0 |  | org.apache.xmlbeans
»
xmlbeans1 vulnerability |
2.6.0 | 5.3.0 |
Dist Coordination
Apache 2.0 |  | org.apache.zookeeper
»
zookeeper2 vulnerabilities |
3.4.10 | 3.9.4 |
AOP
EPL 2.0 |  | org.aspectj
»
aspectjrt |
1.8.0 | 1.9.25 |
BouncyCastle |  | org.bouncycastle
»
bcmail-jdk15 |
1.45 | 1.46 |
Encryption Lib
BouncyCastle | | org.bouncycastle
»
bcprov-jdk1514 vulnerabilities |
1.45 | 1.46 |
HTML Parser
Apache 2.0 |  | org.ccil.cowan.tagsoup
»
tagsoup |
1.2.1 |
✔
|
JSON Lib
Apache 2.0 |  | org.codehaus.jackson
»
jackson-core-asl |
1.9.13 | 2.20.1 |
JSON Lib
Apache 2.0 | | org.codehaus.jackson
»
jackson-mapper-asl2 vulnerabilities |
1.9.13 | 2.20.1 |
BSD 3-clause |  | org.codehaus.janino
»
commons-compiler |
2.7.6 | 3.1.12 |
JVM Languages
BSD 3-clause | | org.codehaus.janino
»
janino |
2.7.6 | 3.1.12 |
BSD 2-clause | | org.codehaus.woodstox
»
stax2-api |
3.1.4 | 4.2.2 |
XML Processing
Apache 2.0 | | org.codehaus.woodstox
»
woodstox-core-asl |
4.4.1 | 7.1.1 |
Apache 2.0EPL 1.0 |  | org.eclipse.jetty
»
jetty-continuation |
9.3.14.v20161028 | 9.4.58.v20250814 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-deploy |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-http3 vulnerabilities |
9.3.14.v20161028 | 12.1.4 |
I/O
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-io |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-jmx |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-rewrite |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-security |
9.3.14.v20161028 | 12.1.4 |
Web Server
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-server14 vulnerabilities |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-servlet |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-servlets3 vulnerabilities |
9.3.14.v20161028 | 11.0.26 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-util |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-webapp1 vulnerability |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-xml |
9.3.14.v20161028 | 12.1.4 |
Apache 2.0 |  | org.gagravarr
»
vorbis-java-core |
0.8 |
✔
|
Apache 2.0 | | org.gagravarr
»
vorbis-java-tika |
0.8 |
✔
|
Geospatial
Apache 2.0 |  | org.locationtech.spatial4j
»
spatial4j |
0.6 | 0.8 |
Apache 2.0 |  | org.noggit
»
noggit |
0.6 | 0.8 |
Bytecode
BSD 3-clause |  | org.ow2.asm
»
asm |
5.1 | 9.9 |
Bytecode
BSD 3-clause | | org.ow2.asm
»
asm-commons |
5.1 | 9.9 |
Apache 2.0CDDL 1.0EPL 1.0LGPL 3.0 |  | org.restlet.jee
»
org.restlet |
2.3.0 | 2.4.4 |
Apache 2.0CDDL 1.0EPL 1.0LGPL 3.0 | | org.restlet.jee
»
org.restlet.ext.servlet |
2.3.0 | 2.4.4 |
Logging Bridge
Apache 2.0 |  | org.slf4j
»
jcl-over-slf4j |
1.7.7 | 2.0.17 |
Logging Bridge
MIT | | org.slf4j
»
jul-to-slf4j (optional) |
1.7.7 | 2.0.17 |
Logging
MIT | | org.slf4j
»
slf4j-api |
1.7.7 | 2.0.17 |
Logging Bridge
MIT | | org.slf4j
»
slf4j-log4j12 (optional) |
1.7.7 | 2.0.17 |
BSD | | org.tallison
»
jmatio |
1.2 | 1.5 |
Compression
|  | org.tukaani
»
xz |
1.6 | 1.10 |
XML Processing
Apache 2.0 |  | xerces
»
xercesImpl5 vulnerabilities |
2.9.1 | 2.12.2 |
