dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.
| License | Apache 2.0 |
|---|---|
| Tags | owaspdependencies |
| Date | Jun 07, 2025 |
| Files | pom (30 KB) jar (1.0 MB) View All |
| Repositories | Central |
| Ranking | #18069 in MvnRepository (See Top Artifacts) |
| Used By | 26 artifacts |
| Vulnerabilities | Vulnerabilities from dependencies: CVE-2025-48924 CVE-2025-11226 CVE-2024-12801 View 1 more ... |
Compile Dependencies (42)
Runtime Dependencies (1)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
Apache 2.0 |  | io.github.jeremylong » jcs3-slf4j | 1.0.5 | ✔ |
Test Dependencies (5)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Logging EPL 1.0LGPL 2.1 |  | ch.qos.logback » logback-classic | 1.2.13 | 1.5.21 |
| Logging EPL 1.0LGPL 2.1 | | ch.qos.logback » logback-core3 vulnerabilities | 1.2.13 | 1.5.21 |
Apache 2.0 |  | org.apache.lucene » lucene-test-framework | 9.12.0 | 10.3.1 |
| Mocking MIT |  | org.mockito » mockito-junit-jupiter | 5.18.0 | 5.20.0 |
| XML Processing ApacheW3C |  | xml-apis » xml-apis | 1.4.01 | 2.0.2 |
Licenses
| License | URL |
|---|---|
| The Apache Software License, Version 2.0 | http://www.apache.org/licenses/LICENSE-2.0.txt |
Developers
| Name | Dev Id | Roles | Organization | |
|---|---|---|---|---|
| Jeremy Long | jeremy.long<at>owasp.org | architect, developer | OWASP | |
| Steve Springett | Steve.Springett<at>owasp.org | developer | OWASP | |
| Will Stranathan | Will.Stranathan<at>owasp.org | developer | OWASP | |
| Dale Visser | dvisser<at>ida.org | developer | Institute for Defense Analyses |