Logging
EPL 1.0LGPL 2.1 |  | ch.qos.logback
»
logback-core3 vulnerabilities |
1.5.3 | 1.5.21 |
Logging
EPL 1.0LGPL 2.1 | | ch.qos.logback
»
logback-classic |
1.5.3 | 1.5.21 |
EPL 1.0LGPL 2.1 | | ch.qos.logback
»
logback-access |
1.3.14 | 2.0.7 |
JWT Lib
MIT |  | com.auth0
»
java-jwt |
4.4.0 | 4.5.0 |
Apache 2.0 |  | com.datadoghq
»
dd-java-agent |
1.30.1 | 1.55.0 |
JSON Lib
MIT |  | com.eclipsesource.minimal-json
»
minimal-json |
0.9.5 |
✔
|
XML Processing
BSD |  | com.fasterxml.staxmate
»
staxmate |
2.4.1 |
✔
|
MIT |  | com.github.erosb
»
json-sKema |
0.15.0 | 0.28.0 |
OAuth Lib
MIT | | com.github.scribejava
»
scribejava-apis |
8.3.3 |
✔
|
MIT | | com.github.scribejava
»
scribejava-core |
8.3.3 |
✔
|
Defect Detection
LGPL 2.1 |  | com.google.code.findbugs
»
jsr305 |
3.0.2 | 4.9.8 |
JSON Lib
Apache 2.0 |  | com.google.code.gson
»
gson |
2.10.1 | 2.13.2 |
Core Utils
Apache 2.0 | | com.google.guava
»
guava |
33.1.0-jre | 33.5.0-jre |
Serializer
BSD 3-clause | | com.google.protobuf
»
protobuf-java1 vulnerability |
3.24.2 | 4.33.1 |
Diff/Patch
Apache 2.0 |  | com.googlecode.java-diff-utils
»
diffutils |
1.3.0 | 4.16 |
JSON Lib
Apache 2.0 | | com.googlecode.json-simple
»
json-simple |
1.1.1 |
✔
|
Embedded SQL DB
EPL 1.0MPL 2.0 |  | com.h2database
»
h2 |
2.2.224 | 2.4.240 |
Apache 2.0 |  | com.hazelcast
»
hazelcast |
5.4.0 | 5.6.0 |
JDBC Driver
MIT |  | com.microsoft.sqlserver
»
mssql-jdbc1 vulnerability |
12.6.1.jre11 | 13.2.1.jre11 |
MIT |  | com.onelogin
»
java-saml |
2.9.0 |
✔
|
JDBC Driver
|  | com.oracle.database.jdbc
»
ojdbc11 |
23.3.0.23.09 | 23.26.0.0.0 |
|  |
com.sonarsource.abap
» sonar-abap-plugin
| 3.14.0.5470 | |
| |
com.sonarsource.cobol
» sonar-cobol-plugin
| 5.7.0.8061 | |
| |
com.sonarsource.cpp
» sonar-cfamily-dependencies-plugin
| 6.56.0.72172 | |
| |
com.sonarsource.cpp
» sonar-cfamily-plugin
| 6.56.0.72172 | |
| |
com.sonarsource.dbd
» sonar-dbd-java-frontend-plugin
| 1.28.0.9315 | |
| |
com.sonarsource.dbd
» sonar-dbd-plugin
| 1.28.0.9315 | |
| |
com.sonarsource.dbd
» sonar-dbd-python-frontend-plugin
| 1.28.0.9315 | |
| |
com.sonarsource.jcl
» sonar-jcl-plugin
| 1.2.0.1148 | |
| |
com.sonarsource.pdfreport
» security-report-pdf-generation
| 1.0.0.98 | |
| |
com.sonarsource.pli
» sonar-pli-plugin
| 1.15.0.4810 | |
| |
com.sonarsource.plsql
» sonar-plsql-plugin
| 3.13.0.6725 | |
| |
com.sonarsource.plugins.vb
» sonar-vb-plugin
| 2.13.0.5130 | |
| |
com.sonarsource.rpg
» sonar-rpg-plugin
| 3.9.0.5001 | |
| |
com.sonarsource.security
» sonar-security-python-frontend-plugin
| 10.6.0.31509 | |
| |
com.sonarsource.security
» sonar-security-js-frontend-plugin
| 10.6.0.31509 | |
| |
com.sonarsource.security
» sonar-security-plugin
| 10.6.0.31509 | |
| |
com.sonarsource.security
» sonar-security-csharp-frontend-plugin
| 10.6.0.31509 | |
| |
com.sonarsource.security
» sonar-security-php-frontend-plugin
| 10.6.0.31509 | |
| |
com.sonarsource.security
» sonar-security-java-frontend-plugin
| 10.6.0.31509 | |
| |
com.sonarsource.slang
» sonar-apex-plugin
| 1.15.0.4655 | |
| |
com.sonarsource.swift
» sonar-swift-plugin
| 4.12.0.7262 | |
| |
com.sonarsource.text
» sonar-text-enterprise-plugin
| 2.12.1.2905 | |
| |
com.sonarsource.tsql
» sonar-tsql-plugin
| 1.13.0.7207 | |
HTTP Clients
Apache 2.0 |  | com.squareup.okhttp3
»
okhttp |
4.12.0 | 5.3.1 |
Mocking
Apache 2.0 | | com.squareup.okhttp3
»
mockwebserver |
4.12.0 | 5.3.1 |
Apache 2.0 | | com.squareup.okhttp3
»
logging-interceptor |
4.12.0 | 5.3.1 |
Apache 2.0 | | com.squareup.okhttp3
»
okhttp-tls |
4.12.0 | 5.3.1 |
I/O
Apache 2.0 | | com.squareup.okio
»
okio |
3.9.0 | 3.16.3 |
Mail Client
EDL 1.0EPL 2.0GPL |  | com.sun.mail
»
javax.mail |
1.6.2 | 2.0.2 |
Apache 2.0 |  | com.tngtech.java
»
junit-dataprovider |
1.13.1 | 2.10 |
Apache 2.0 | | com.tngtech.junit.dataprovider
»
junit-jupiter-params-dataprovider |
2.10 |
✔
|
JDBC Pool
Apache 2.0 |  | com.zaxxer
»
HikariCP |
5.1.0 | 7.0.2 |
Reflection
Apache 2.0 |  | commons-beanutils
»
commons-beanutils1 vulnerability |
1.9.4 | 1.11.0 |
Base64
Apache 2.0 |  | commons-codec
»
commons-codec |
1.16.1 | 1.20.0 |
Apache 2.0 |  | commons-dbutils
»
commons-dbutils |
1.8.1 |
✔
|
I/O
Apache 2.0 |  | commons-io
»
commons-io |
2.16.1 | 2.21.0 |
Apache 2.0 |  | io.github.hakky54
»
sslcontext-kickstart |
8.3.5 | 10.0.1 |
JWT Lib
Apache 2.0 |  | io.jsonwebtoken
»
jjwt-api |
0.12.5 | 0.13.0 |
JWT Lib
Apache 2.0 | | io.jsonwebtoken
»
jjwt-impl |
0.12.5 | 0.13.0 |
Apache 2.0 | | io.jsonwebtoken
»
jjwt-jackson |
0.12.5 | 0.13.0 |
Network Framework
Apache 2.0 |  | io.netty
»
netty-all |
4.1.109.Final | 4.2.7.Final |
Apache 2.0 |  | io.prometheus
»
simpleclient_common |
0.16.0 |
✔
|
Apache 2.0 | | io.prometheus
»
simpleclient_servlet |
0.16.0 |
✔
|
Application Metrics
Apache 2.0 | | io.prometheus
»
simpleclient |
0.16.0 |
✔
|
Annotation Lib
EPL 2.0GPL |  | javax.annotation
»
javax.annotation-api |
1.3.2 | 3.0.0 |
Expression Lang
| | javax.el
»
javax.el-api |
3.0.0 | 6.0.1 |
Dep Injection
Apache 2.0 | | javax.inject
»
javax.inject |
1 | 2.0.1 |
Java Spec
EPL 2.0GPL | | javax.servlet
»
javax.servlet-api |
4.0.1 | 6.1.0 |
XML Processing
EDL 1.0 | | javax.xml.bind
»
jaxb-api |
2.3.1 | 4.0.4 |
Testing
EPL 2.0 |  | junit
»
junit |
4.13.2 | 6.0.1 |
HTTP Proxy
Apache 2.0 |  | net.lightbody.bmp
»
littleproxy |
1.1.0-beta-bmp-17 | 1.1.2 |
Collections
Apache 2.0 |  | org.apache.commons
»
commons-collections4 |
4.4 | 4.5.0 |
Core Utils
Apache 2.0 | | org.apache.commons
»
commons-lang31 vulnerability |
3.14.0 | 3.20.0 |
Mail Client
Apache 2.0 | | org.apache.commons
»
commons-email |
1.6.0 |
✔
|
CSV
Apache 2.0 | | org.apache.commons
»
commons-csv |
1.10.0 | 1.14.1 |
String Utils
Apache 2.0 | | org.apache.commons
»
commons-text |
1.12.0 | 1.14.0 |
HTTP Clients
Apache 2.0 |  | org.apache.httpcomponents
»
httpclient |
4.5.14 | 5.5.1 |
Logging
Apache 2.0 |  | org.apache.logging.log4j
»
log4j-api |
2.23.1 | 2.25.2 |
Logging
Apache 2.0 | | org.apache.logging.log4j
»
log4j-core |
2.23.1 | 2.25.2 |
Logging Bridge
Apache 2.0 | | org.apache.logging.log4j
»
log4j-to-slf4j |
2.23.1 | 2.25.2 |
SSH Lib
Apache 2.0 | | org.apache.sshd
»
sshd-core |
2.12.1 | 2.16.0 |
Apache 2.0 |  | org.apache.tomcat.embed
»
tomcat-embed-jasper |
9.0.87 | 11.0.14 |
Web Server
Apache 2.0 | | org.apache.tomcat.embed
»
tomcat-embed-core14 vulnerabilities |
9.0.87 | 11.0.14 |
AOP
EPL 2.0 |  | org.aspectj
»
aspectjtools |
1.9.22 | 1.9.25 |
Assertion
Apache 2.0 |  | org.assertj
»
assertj-core |
3.25.3 | 3.27.6 |
Assertion
Apache 2.0 | | org.assertj
»
assertj-guava |
3.25.3 | 3.27.6 |
Concurrency
Apache 2.0 |  | org.awaitility
»
awaitility |
4.2.1 | 4.3.0 |
Encryption Lib
BouncyCastle |  | org.bouncycastle
»
bcprov-jdk18on |
1.78.1 | 1.82 |
Encryption Lib
BouncyCastle | | org.bouncycastle
»
bcpkix-jdk18on1 vulnerability |
1.78.1 | 1.82 |
LGPL 3.0 |  | org.codehaus.sonar
»
sonar-channel |
4.2 |
✔
|
Apache 2.0 |  | org.codelibs.elasticsearch.module
»
reindex | 7.17.18 | 7.10.2 |
Apache 2.0 | | org.codelibs.elasticsearch.module
»
analysis-common | 7.17.18 | 7.10.2 |
Apache 2.0EPL 2.0 |  | org.eclipse.jetty
»
jetty-proxy |
9.4.6.v20170531 | 12.1.4 |
Web Server
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-server15 vulnerabilities |
9.4.6.v20170531 | 12.1.4 |
Apache 2.0EPL 2.0 | | org.eclipse.jetty
»
jetty-servlet |
9.4.6.v20170531 | 12.1.4 |
Git Tool
BSD 3-clauseEDL 1.0 |  | org.eclipse.jgit
»
org.eclipse.jgit1 vulnerability |
6.10.0.202406032230-r | 7.4.0.202509020913-r |
Apache 2.0 |  | org.elasticsearch
»
mocksocket |
1.2 |
✔
|
ElasticSearch Client
| | org.elasticsearch.client
»
elasticsearch-rest-high-level-client |
7.17.20 | 7.17.29 |
SSPL 1 | | org.elasticsearch.plugin
»
transport-netty4-client |
7.17.20 | 7.17.29 |
Expression Lang
|  | org.glassfish
»
jakarta.el |
3.0.4 | 6.0.1 |
Testing
BSD 3-clause |  | org.hamcrest
»
hamcrest-all |
1.3 | 3.0 |
Validation
Apache 2.0 |  | org.hibernate
»
hibernate-validator |
6.2.5.Final | 9.1.0.Final |
JSON Lib
Public |  | org.json
»
json |
20240303 | 20250517 |
HTML Parser
MIT |  | org.jsoup
»
jsoup |
1.17.2 | 1.21.2 |
Testing
EPL 2.0 |  | org.junit-pioneer
»
junit-pioneer |
2.2.0 | 2.3.0 |
Testing
EPL 2.0 |  | org.junit.jupiter
»
junit-jupiter-engine |
5.10.2 | 6.0.1 |
| | org.junit.jupiter
» junit-vintage-engine
| 5.10.2 | |
Testing
EPL 2.0 | | org.junit.jupiter
»
junit-jupiter-params |
5.10.2 | 6.0.1 |
Testing
EPL 2.0 | | org.junit.jupiter
»
junit-jupiter-api |
5.10.2 | 6.0.1 |
EPL 2.0 | | org.junit.platform
»
junit-platform-suite-api |
1.10.2 | 6.0.1 |
EPL 2.0 | | org.junit.platform
»
junit-platform-suite-engine |
1.10.2 | 6.0.1 |
GitHub API
MIT |  | org.kohsuke
»
github-api |
1.321 | 1.330 |
Compression
Apache 2.0 |  | org.lz4
»
lz4-java |
1.8.0 |
✔
|
Hashing
ISC |  | org.mindrot
»
jbcrypt |
0.4 |
✔
|
Mocking
MIT |  | org.mockito
»
mockito-junit-jupiter |
5.11.0 | 5.20.0 |
Mocking
MIT | | org.mockito
»
mockito-core |
5.11.0 | 5.20.0 |
O/R Mapping
Apache 2.0 |  | org.mybatis
»
mybatis |
3.5.16 | 3.5.19 |
JDBC Driver
BSD 2-clause |  | org.postgresql
»
postgresql |
42.7.3 | 42.7.8 |
Reflection
Apache 2.0 |  | org.reflections
»
reflections |
0.10.2 |
✔
|
Apache 2.0 |  | org.simpleframework
»
simple |
5.1.6 |
✔
|
Logging Bridge
MIT |  | org.slf4j
»
jul-to-slf4j |
2.0.13 | 2.0.17 |
Logging Bridge
Apache 2.0 | | org.slf4j
»
log4j-over-slf4j |
2.0.13 | 2.0.17 |
Logging
MIT | | org.slf4j
»
slf4j-api |
2.0.13 | 2.0.17 |
Logging Bridge
Apache 2.0 | | org.slf4j
»
jcl-over-slf4j |
2.0.13 | 2.0.17 |
LGPL 3.0 |  | org.sonarsource.api.plugin
»
sonar-plugin-api-test-fixtures |
10.7.0.2191 | 13.4.0.3221 |
LGPL 3.0 | | org.sonarsource.api.plugin
»
sonar-plugin-api |
10.7.0.2191 | 13.4.0.3221 |
Sonar Plugin
| | org.sonarsource.dotnet
»
sonar-csharp-plugin |
9.27.0.93347 | 10.15.0.120848 |
Sonar Plugin
| | org.sonarsource.dotnet
»
sonar-vbnet-plugin |
9.27.0.93347 | 10.15.0.120848 |
Sonar Plugin
| | org.sonarsource.flex
»
sonar-flex-plugin |
2.12.0.4568 | 2.14.0.5032 |
LGPL 3.0 | | org.sonarsource.git.blame
»
git-files-blame |
1.0.2.275 | 2.0.0.2053 |
Sonar Plugin
| | org.sonarsource.html
»
sonar-html-plugin |
3.16.0.5274 | 3.20.0.6289 |
| | org.sonarsource.iac
»
sonar-iac-plugin |
1.31.0.10579 | 2.1.0.17131 |
LGPL 3.0 | | org.sonarsource.jacoco
»
sonar-jacoco-plugin |
1.3.0.1538 |
✔
|
Sonar Plugin
| | org.sonarsource.java
»
sonar-java-plugin |
8.0.1.36337 | 8.20.0.40630 |
Sonar Plugin
| | org.sonarsource.java
»
sonar-java-symbolic-execution-plugin |
8.0.1.36337 | 8.18.1.347 |
Sonar Plugin
| | org.sonarsource.javascript
»
sonar-javascript-plugin |
10.14.0.26080 | 11.6.0.36606 |
| | org.sonarsource.kotlin
»
sonar-kotlin-plugin |
2.20.0.4382 | 3.3.0.7402 |
LGPL 3.0 | | org.sonarsource.orchestrator
»
sonar-orchestrator-junit5 |
4.9.0.1920 | 6.0.0.3852 |
LGPL 3.0 | | org.sonarsource.orchestrator
»
sonar-orchestrator-junit4 |
4.9.0.1920 | 6.0.0.3852 |
| | org.sonarsource.php
»
sonar-php-plugin |
3.36.0.11813 | 3.51.0.15001 |
Sonar Plugin
LGPL 3.0 | | org.sonarsource.plugins.cayc
»
sonar-cayc-plugin |
2.3.0.1782 | 2.5.0.2588 |
Sonar Plugin
| | org.sonarsource.python
»
sonar-python-plugin |
4.19.0.15616 | 5.13.0.28429 |
| | org.sonarsource.slang
»
sonar-go-plugin |
1.15.0.4655 | 1.18.1.827 |
| | org.sonarsource.slang
»
sonar-ruby-plugin |
1.15.0.4655 | 1.19.0.471 |
| | org.sonarsource.slang
»
sonar-scala-plugin |
1.15.0.4655 | 1.19.0.484 |
| | org.sonarsource.text
»
sonar-text-plugin |
2.12.1.2905 | 2.32.0.9670 |
LGPL 3.0 | | org.sonarsource.update-center
»
sonar-update-center-common |
1.32.0.2441 | 1.35.0.2835 |
Sonar Plugin
| | org.sonarsource.xml
»
sonar-xml-plugin |
2.10.0.4108 | 2.13.0.5938 |
Apache 2.0 |  | org.springdoc
»
springdoc-openapi-webmvc-core |
1.8.0 |
✔
|
Testing
Apache 2.0 |  | org.springframework
»
spring-test |
5.3.31 | 7.0.0 |
Web Framework
Apache 2.0 | | org.springframework
»
spring-webmvc4 vulnerabilities |
5.3.31 | 7.0.0 |
Dep Injection
Apache 2.0 | | org.springframework
»
spring-context2 vulnerabilities |
5.3.31 | 7.0.0 |
SMTP
Apache 2.0 |  | org.subethamail
»
subethasmtp |
3.1.7 |
✔
|
Subversion Tool
|  | org.tmatesoft.svnkit
»
svnkit |
1.10.11 |
✔
|
Apache 2.0 |  | org.wiremock
»
wiremock-standalone |
3.5.4 | 3.13.2 |
Testing
Apache 2.0 |  | org.xmlunit
»
xmlunit-matchers |
2.9.1 | 2.11.0 |
Testing
Apache 2.0 | | org.xmlunit
»
xmlunit-core1 vulnerability |
2.9.1 | 2.11.0 |
YAML
Apache 2.0 |  | org.yaml
»
snakeyaml |
2.2 | 2.5 |
