Skip to content

Update dependency lodash to v4.17.23 (main) #238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency lodash to v4.17.23

baae656
Select commit
Loading
Failed to load commit list.
Open

Update dependency lodash to v4.17.23 (main) #238

Update dependency lodash to v4.17.23
baae656
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed May 23, 2026 in 12m 54s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,sbt,php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

gradle

/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed failed running mend init script (mendDeps):
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED

FAILURE: Build failed with an exception.

* Where:
Build file '/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle' line: 2

* What went wrong:
Plugin [id: 'play'] was not found in any o...

https://vonagecc.jfrog.io/artifactory
Step Level Description Details
Checking registry connectivity ⚠Warn Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized {"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]}

https://vonagecc.jfrog.io/artifactory/maven
Step Level Description Details
Checking registry connectivity ⚠Warn Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized {"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]}

maven

/tmp/ws-scm/comms-router/pom.xml
Step Level Description Details
Preparing the project for scan ⚠Warn One or more of the installations failed [ERROR] Plugin org.apache.maven.plugins:maven-dependency-plugin:3.6.0 or one of its dependencies could not be resolved
Resolving the project ⚠Warn Some problems occurred while performing the resolution operation
  • Failed to execute command: mvn org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree -DoutputFile=whitesource_mvn_dependency_tree.txt -Dverbose -DoutputType=text -T1 -B
    Error lines:
    [NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED]
    Output lines:
    [[INFO] Scanning for project...
  • Fallback is used, returns direct dependencies only

You have successfully remediated 161 vulnerabilities, but introduced 56 new vulnerabilities in this branch.

❌ New vulnerabilities: > Partial results (26 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
MSC-2023-16600

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ fsevents-1.2.4.tgz (Vulnerable Library)

Critical 9.8 High Transitive fsevents-1.2.4.tgz vue-lory-0.0.4.tgz #⁠110

Reachable
CVE-2023-45311

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ fsevents-1.2.4.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.881% Transitive fsevents-1.2.4.tgz vue-lory-0.0.4.tgz Transitive 1.2.11 #⁠110

Reachable
CVE-2024-4068

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.225% Transitive braces-2.3.2.tgz vue-lory-0.0.4.tgz Transitive braces - 3.0.3 #⁠110

Reachable
CVE-2024-4067

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> anymatch-2.0.0.tgz

               -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.126% Transitive micromatch-3.1.10.tgz vue-lory-0.0.4.tgz Transitive 4.0.8 #⁠110

Reachable
CVE-2022-25883

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> yargs-6.6.0.tgz

           -> read-pkg-up-1.0.1.tgz

             -> read-pkg-1.1.0.tgz

               -> normalize-package-data-2.4.0.tgz

                 -> ❌ semver-5.5.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.581% Transitive semver-5.5.0.tgz vue-lory-0.0.4.tgz Transitive 5.7.2 #⁠110

Reachable
CVE-2025-69873

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> ❌ ajv-4.11.8.tgz (Vulnerable Library)

Low 2.9 Not Defined 0.015% Transitive ajv-4.11.8.tgz vue-lory-0.0.4.tgz Transitive https://github.com/ajv-validator/ajv.git - v8.18.0,https://github.com/ajv-validator/ajv.git - v6.14.0 #⁠110

Reachable
CVE-2025-6545

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> ❌ pbkdf2-3.0.16.tgz (Vulnerable Library)

Critical 10.0 Not Defined 0.416% Transitive pbkdf2-3.0.16.tgz vue-lory-0.0.4.tgz Transitive 3.1.3 #⁠110

Unreachable
CVE-2021-44906

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> rc-1.2.7.tgz

                   -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.882% Transitive minimist-1.2.0.tgz vue-lory-0.0.4.tgz Transitive 0.2.4 #⁠110

Unreachable
CVE-2021-44906

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> mkdirp-0.5.1.tgz

           -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.882% Transitive minimist-0.0.8.tgz vue-lory-0.0.4.tgz Transitive 0.2.4 #⁠110

Unreachable
CVE-2024-48949

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> browserify-sign-4.0.4.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

Critical 9.1 Not Defined 0.292% Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.6 #⁠110

Unreachable
CVE-2026-23950

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.8 Not Defined 0.008% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 7.5.4 #⁠110

Unreachable
CVE-2025-9288

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-hash-1.2.0.tgz

               -> ❌ sha.js-2.4.11.tgz (Vulnerable Library)

High 8.7 Not Defined 0.064% Transitive sha.js-2.4.11.tgz vue-lory-0.0.4.tgz Transitive 2.4.12 #⁠110

Unreachable
CVE-2025-9287

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> create-hash-1.2.0.tgz

               -> ❌ cipher-base-1.0.4.tgz (Vulnerable Library)

High 8.7 Not Defined 0.152% Transitive cipher-base-1.0.4.tgz vue-lory-0.0.4.tgz Transitive cipher-base - 1.0.4 #⁠110

Unreachable
WS-2025-0006

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> browserify-sign-4.0.4.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

High 8.6 Not Defined Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.6.1 #⁠110

Unreachable
CVE-2026-24842

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.022% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 7.5.7 #⁠110

Unreachable
CVE-2021-37713

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.316% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.18 #⁠110

Unreachable
CVE-2021-37712

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.085% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive tar - 5.0.10,tar - 4.4.18,tar - 6.1.9 #⁠110

Unreachable
CVE-2021-37701

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.098% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.16 #⁠110

Unreachable
CVE-2021-32804

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 84.982% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.14 #⁠110

Unreachable
CVE-2021-32803

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> ❌ tar-4.4.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.122% Transitive tar-4.4.1.tgz vue-lory-0.0.4.tgz Transitive 4.4.15 #⁠110

Unreachable
CVE-2026-4800

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.23.tgz (Vulnerable Library)

High 8.1 Not Defined 0.044% Direct lodash-4.17.23.tgz lodash-4.17.23.tgz lodash-amd - 4.18.0,lodash - 4.18.0,lodash.template - 4.18.0,lodash-es - 4.18.0 None

Unreachable
CVE-2021-43138

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> ❌ async-2.6.1.tgz (Vulnerable Library)

High 7.8 Not Defined 0.657% Transitive async-2.6.1.tgz vue-lory-0.0.4.tgz Transitive 2.6.4 #⁠110

Unreachable
CVE-2020-13822

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> node-libs-browser-2.1.0.tgz

           -> crypto-browserify-3.12.0.tgz

             -> browserify-sign-4.0.4.tgz

               -> ❌ elliptic-6.4.0.tgz (Vulnerable Library)

High 7.7 Not Defined 0.187% Transitive elliptic-6.4.0.tgz vue-lory-0.0.4.tgz Transitive 6.5.3 #⁠110

Unreachable
CVE-2026-27904

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> npm-packlist-1.1.10.tgz

                   -> ignore-walk-3.0.1.tgz

                     -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.026% Transitive minimatch-3.0.4.tgz vue-lory-0.0.4.tgz Transitive 3.1.4 #⁠110

Unreachable
CVE-2026-27903

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> npm-packlist-1.1.10.tgz

                   -> ignore-walk-3.0.1.tgz

                     -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.036% Transitive minimatch-3.0.4.tgz vue-lory-0.0.4.tgz Transitive https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6 #⁠110

Unreachable
CVE-2026-26996

Path to dependency file: /applications/gui/package.json

Path to vulnerable library: /applications/gui/package.json

Dependency Hierarchy:

-> vue-lory-0.0.4.tgz (Root Library)

   -> lory.js-2.5.1.tgz

     -> karma-webpack-2.0.6.tgz

       -> webpack-2.7.0.tgz

         -> watchpack-1.6.0.tgz

           -> chokidar-2.0.4.tgz

             -> fsevents-1.2.4.tgz

               -> node-pre-gyp-0.10.0.tgz

                 -> npm-packlist-1.1.10.tgz

                   -> ignore-walk-3.0.1.tgz

                     -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.026% Transitive minimatch-3.0.4.tgz vue-lory-0.0.4.tgz Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v5.1.7,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v7.4.7 #⁠110

Unreachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2022-40664 shiro-core-1.4.0.jar
CVE-2020-24750 jackson-databind-2.8.4.jar
CVE-2019-12086 jackson-databind-2.8.4.jar
CVE-2020-10650 jackson-databind-2.8.4.jar
CVE-2024-38828 spring-core-4.3.7.RELEASE.jar
CVE-2019-10086 commons-beanutils-1.9.3.jar
CVE-2025-53864 nimbus-jose-jwt-4.41.2.jar
CVE-2023-1932 hibernate-validator-5.4.1.Final.jar
CVE-2020-14062 jackson-databind-2.8.4.jar
CVE-2022-1471 snakeyaml-1.17.jar
CVE-2020-25638 hibernate-core-5.2.11.Final.jar
CVE-2020-36518 jackson-databind-2.8.4.jar
CVE-2020-36187 jackson-databind-2.8.4.jar
CVE-2024-30171 bcprov-jdk15on-1.56.jar
CVE-2025-35036 hibernate-validator-5.4.1.Final.jar
WS-2017-3734 httpclient-4.5.jar
CVE-2020-14195 jackson-databind-2.8.4.jar
CVE-2020-9548 jackson-databind-2.8.4.jar
CVE-2020-36179 jackson-databind-2.8.4.jar
CVE-2025-48924 commons-lang-2.4.jar
CVE-2018-1272 spring-core-4.3.7.RELEASE.jar
CVE-2021-44832 log4j-core-2.8.2.jar
CVE-2023-25581 pac4j-core-2.2.1.jar
CVE-2020-36180 jackson-databind-2.8.4.jar
CVE-2019-12422 shiro-crypto-cipher-1.4.0.jar
CVE-2020-1957 shiro-core-1.4.0.jar
CVE-2021-29425 commons-io-2.5.jar
CVE-2023-1370 json-smart-2.3.jar
CVE-2022-25857 snakeyaml-1.17.jar
CVE-2022-38751 snakeyaml-1.17.jar
CVE-2019-12400 xmlsec-2.0.5.jar
CVE-2023-34478 shiro-core-1.4.0.jar
CVE-2026-23903 shiro-web-1.4.0.jar
CVE-2020-35728 jackson-databind-2.8.4.jar
CVE-2025-48924 commons-lang3-3.5.jar
CVE-2022-41854 snakeyaml-1.17.jar
CVE-2021-27568 json-smart-2.3.jar
CVE-2020-10968 jackson-databind-2.8.4.jar
CVE-2023-52428 nimbus-jose-jwt-4.41.2.jar
CVE-2024-47554 commons-io-2.5.jar
CVE-2020-10673 jackson-databind-2.8.4.jar
CVE-2020-36186 jackson-databind-2.8.4.jar
CVE-2020-9488 log4j-core-2.8.2.jar
CVE-2020-9547 jackson-databind-2.8.4.jar
CVE-2019-20330 jackson-databind-2.8.4.jar
CVE-2020-10672 jackson-databind-2.8.4.jar
CVE-2025-52999 jackson-core-2.8.4.jar
CVE-2018-15756 spring-core-4.3.7.RELEASE.jar
CVE-2020-11619 jackson-databind-2.8.4.jar
CVE-2020-13956 httpclient-4.5.jar
CVE-2022-34169 xalan-2.7.2.jar
CVE-2020-36184 jackson-databind-2.8.4.jar
CVE-2019-17359 bcprov-jdk15on-1.56.jar
CVE-2018-1199 spring-core-4.3.7.RELEASE.jar
CVE-2020-36182 jackson-databind-2.8.4.jar
CVE-2020-8908 guava-25.0-jre.jar
CVE-2020-13956 httpclient-4.5.3.jar
CVE-2019-12422 shiro-core-1.4.0.jar
CVE-2025-13465 lodash-4.17.10.tgz
CVE-2020-11620 jackson-databind-2.8.4.jar
CVE-2021-45105 log4j-core-2.8.2.jar
CVE-2021-23337 lodash-4.17.10.tgz
CVE-2020-26939 bcprov-jdk15on-1.56.jar
CVE-2019-14892 jackson-databind-2.8.4.jar
CVE-2023-46749 shiro-core-1.4.0.jar
CVE-2020-25649 jackson-databind-2.8.4.jar
CVE-2026-2950 lodash-4.17.10.tgz
CVE-2021-44228 log4j-core-2.8.2.jar
CVE-2020-13956 httpclient-4.3.6.jar
WS-2017-3805 json-20080701.jar
CVE-2018-1000180 bcprov-jdk15on-1.56.jar
CVE-2025-48924 commons-lang3-3.2.1.jar
CVE-2020-36183 jackson-databind-2.8.4.jar
CVE-2020-28500 lodash-4.17.10.tgz
CVE-2019-10755 pac4j-saml-2.3.1.jar
CVE-2026-23901 shiro-core-1.4.0.jar
CVE-2020-11989 shiro-web-1.4.0.jar
WS-2019-0379 commons-codec-1.9.jar
CVE-2026-34479 log4j-core-2.8.2.jar
CVE-2021-45046 log4j-core-2.8.2.jar
CVE-2014-0114 commons-beanutils-1.9.3.jar
CVE-2019-14900 hibernate-core-5.2.11.Final.jar
CVE-2020-17523 shiro-web-1.4.0.jar
CVE-2020-10969 jackson-databind-2.8.4.jar
WS-2026-0003 jackson-core-2.8.9.jar
CVE-2020-36185 jackson-databind-2.8.4.jar
CVE-2026-34480 log4j-core-2.8.2.jar
CVE-2020-11112 jackson-databind-2.8.4.jar
CVE-2020-35490 jackson-databind-2.8.4.jar
WS-2018-0124 jackson-core-2.8.4.jar
CVE-2022-38750 snakeyaml-1.17.jar
CVE-2024-30172 bcprov-jdk15on-1.56.jar
CVE-2025-48924 commons-lang3-3.4.jar
CVE-2023-33201 bcprov-jdk15on-1.56.jar
CVE-2019-16942 jackson-databind-2.8.4.jar
WS-2019-0379 commons-codec-1.10.jar
CVE-2025-68161 log4j-core-2.8.2.jar
CVE-2026-0603 hibernate-core-5.2.11.Final.jar
CVE-2020-10693 hibernate-validator-5.4.1.Final.jar
CVE-2022-22970 spring-core-4.3.7.RELEASE.jar
CVE-2019-1010266 lodash-4.17.10.tgz
CVE-2020-11989 shiro-core-1.4.0.jar
CVE-2023-34478 shiro-web-1.4.0.jar
CVE-2023-46749 shiro-web-1.4.0.jar
CVE-2022-40664 shiro-web-1.4.0.jar
CVE-2020-17510 shiro-web-1.4.0.jar
CVE-2022-38749 snakeyaml-1.17.jar
CVE-2020-36181 jackson-databind-2.8.4.jar
CVE-2021-20190 jackson-databind-2.8.4.jar
CVE-2021-41303 shiro-core-1.4.0.jar
CVE-2023-44483 xmlsec-2.0.5.jar
CVE-2025-52999 jackson-core-2.8.9.jar
CVE-2020-8840 jackson-databind-2.8.4.jar
CVE-2020-13933 shiro-core-1.4.0.jar
WS-2017-3734 httpclient-4.3.6.jar
CVE-2019-16943 jackson-databind-2.8.4.jar
CVE-2020-15522 bcprov-jdk15on-1.56.jar
CVE-2019-14540 jackson-databind-2.8.4.jar
CVE-2024-38820 spring-core-4.3.7.RELEASE.jar
CVE-2020-35491 jackson-databind-2.8.4.jar
WS-2022-0468 jackson-core-2.8.9.jar
CVE-2018-19360 jackson-databind-2.8.4.jar
CVE-2023-2976 guava-25.0-jre.jar
CVE-2020-17521 groovy-2.4.12.jar
CVE-2020-7226 cryptacular-1.1.0.jar
CVE-2020-11113 jackson-databind-2.8.4.jar
CVE-2017-7525 jackson-databind-2.8.4.jar
CVE-2025-41249 spring-core-4.3.7.RELEASE.jar
CVE-2025-49128 jackson-core-2.8.9.jar
CVE-2020-1957 shiro-web-1.4.0.jar
CVE-2022-38752 snakeyaml-1.17.jar
CVE-2026-40458 pac4j-core-2.2.1.jar
CVE-2020-24616 jackson-databind-2.8.4.jar
CVE-2018-11040 spring-core-4.3.7.RELEASE.jar
CVE-2021-40690 xmlsec-2.0.5.jar
CVE-2022-45688 json-20080701.jar
CVE-2020-14061 jackson-databind-2.8.4.jar
CVE-2024-29857 bcprov-jdk15on-1.56.jar
CVE-2022-42004 jackson-databind-2.8.4.jar
CVE-2018-1000632 dom4j-1.6.1.jar
WS-2026-0003 jackson-core-2.8.4.jar
CVE-2019-17195 nimbus-jose-jwt-4.41.2.jar
WS-2022-0468 jackson-core-2.8.4.jar
CVE-2020-36189 jackson-databind-2.8.4.jar
CVE-2019-17267 jackson-databind-2.8.4.jar
CVE-2022-42003 jackson-databind-2.8.4.jar
CVE-2020-8203 lodash-4.17.10.tgz
CVE-2023-33202 bcprov-jdk15on-1.56.jar
CVE-2023-46750 shiro-web-1.4.0.jar
CVE-2026-4800 lodash-4.17.10.tgz
CVE-2020-36188 jackson-databind-2.8.4.jar
CVE-2025-49128 jackson-core-2.8.4.jar
CVE-2020-13936 velocity-1.7.jar
CVE-2026-29000 pac4j-jwt-2.3.1.jar
CVE-2025-48734 commons-beanutils-1.9.3.jar
CVE-2020-10683 dom4j-1.6.1.jar
CVE-2020-11111 jackson-databind-2.8.4.jar
CVE-2020-14060 jackson-databind-2.8.4.jar
CVE-2022-32532 shiro-core-1.4.0.jar
CVE-2019-10202 jackson-databind-2.8.4.jar
CVE-2023-5072 json-20080701.jar

Base branch total remaining vulnerabilities: 197
Base branch commit: 4e5656db54be4b22481fe3774c2caeba51bac190


Total libraries scanned: 366

Scan token: 862fb381b0354ac3808ff859d51b5859

View more details on Mend for GitHub.com