Replace dependency org.hibernate:hibernate-core with org.hibernate.orm:hibernate-core (main) #240
Mend for GitHub.com / WhiteSource Security Check
succeeded
May 27, 2026 in 1m 50s
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,sbt,php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
gradle
/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | failed running mend init script (mendDeps): NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED FAILURE: Build failed with an exception. * Where: Build file '/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle' line: 2 * What went wrong: Plugin [id: 'play'] was not found in any o... |
maven
/tmp/ws-scm/comms-router/pom.xml
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | [ERROR] [ERROR] Some problems were encountered while processing the POMs: [ERROR] 'dependencies.dependency.version' for org.hibernate:hibernate-core:jar is missing. @ line 53, column 17 |
| Resolving the project | ⚠Warn | Some problems occurred while performing the resolution operation |
|
https://vonagecc.jfrog.io/artifactory
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized | {"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]} |
https://vonagecc.jfrog.io/artifactory/maven
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized | {"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]} |
✔️ 👍 You have successfully remediated 156 vulnerabilities in this branch:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2022-40664 | shiro-core-1.4.0.jar |
| CVE-2020-24750 | jackson-databind-2.8.4.jar |
| CVE-2019-12086 | jackson-databind-2.8.4.jar |
| CVE-2020-10650 | jackson-databind-2.8.4.jar |
| CVE-2024-38828 | spring-core-4.3.7.RELEASE.jar |
| CVE-2019-10086 | commons-beanutils-1.9.3.jar |
| CVE-2025-53864 | nimbus-jose-jwt-4.41.2.jar |
| CVE-2023-1932 | hibernate-validator-5.4.1.Final.jar |
| CVE-2020-14062 | jackson-databind-2.8.4.jar |
| CVE-2022-1471 | snakeyaml-1.17.jar |
| CVE-2020-25638 | hibernate-core-5.2.11.Final.jar |
| CVE-2020-36518 | jackson-databind-2.8.4.jar |
| CVE-2020-36187 | jackson-databind-2.8.4.jar |
| CVE-2024-30171 | bcprov-jdk15on-1.56.jar |
| CVE-2025-35036 | hibernate-validator-5.4.1.Final.jar |
| WS-2017-3734 | httpclient-4.5.jar |
| CVE-2020-14195 | jackson-databind-2.8.4.jar |
| CVE-2020-9548 | jackson-databind-2.8.4.jar |
| CVE-2020-36179 | jackson-databind-2.8.4.jar |
| CVE-2025-48924 | commons-lang-2.4.jar |
| CVE-2018-1272 | spring-core-4.3.7.RELEASE.jar |
| CVE-2021-44832 | log4j-core-2.8.2.jar |
| CVE-2023-25581 | pac4j-core-2.2.1.jar |
| CVE-2020-36180 | jackson-databind-2.8.4.jar |
| CVE-2019-12422 | shiro-crypto-cipher-1.4.0.jar |
| CVE-2020-1957 | shiro-core-1.4.0.jar |
| CVE-2021-29425 | commons-io-2.5.jar |
| CVE-2023-1370 | json-smart-2.3.jar |
| CVE-2022-25857 | snakeyaml-1.17.jar |
| CVE-2022-38751 | snakeyaml-1.17.jar |
| CVE-2019-12400 | xmlsec-2.0.5.jar |
| CVE-2023-34478 | shiro-core-1.4.0.jar |
| CVE-2026-23903 | shiro-web-1.4.0.jar |
| CVE-2020-35728 | jackson-databind-2.8.4.jar |
| CVE-2025-48924 | commons-lang3-3.5.jar |
| CVE-2022-41854 | snakeyaml-1.17.jar |
| CVE-2021-27568 | json-smart-2.3.jar |
| CVE-2020-10968 | jackson-databind-2.8.4.jar |
| CVE-2023-52428 | nimbus-jose-jwt-4.41.2.jar |
| CVE-2024-47554 | commons-io-2.5.jar |
| CVE-2020-10673 | jackson-databind-2.8.4.jar |
| CVE-2020-36186 | jackson-databind-2.8.4.jar |
| CVE-2020-9488 | log4j-core-2.8.2.jar |
| CVE-2020-9547 | jackson-databind-2.8.4.jar |
| CVE-2019-20330 | jackson-databind-2.8.4.jar |
| CVE-2020-10672 | jackson-databind-2.8.4.jar |
| CVE-2025-52999 | jackson-core-2.8.4.jar |
| CVE-2018-15756 | spring-core-4.3.7.RELEASE.jar |
| CVE-2020-11619 | jackson-databind-2.8.4.jar |
| CVE-2020-13956 | httpclient-4.5.jar |
| CVE-2022-34169 | xalan-2.7.2.jar |
| CVE-2020-36184 | jackson-databind-2.8.4.jar |
| CVE-2019-17359 | bcprov-jdk15on-1.56.jar |
| CVE-2018-1199 | spring-core-4.3.7.RELEASE.jar |
| CVE-2020-36182 | jackson-databind-2.8.4.jar |
| CVE-2020-8908 | guava-25.0-jre.jar |
| CVE-2020-13956 | httpclient-4.5.3.jar |
| CVE-2019-12422 | shiro-core-1.4.0.jar |
| CVE-2020-11620 | jackson-databind-2.8.4.jar |
| CVE-2021-45105 | log4j-core-2.8.2.jar |
| CVE-2020-26939 | bcprov-jdk15on-1.56.jar |
| CVE-2019-14892 | jackson-databind-2.8.4.jar |
| CVE-2023-46749 | shiro-core-1.4.0.jar |
| CVE-2020-25649 | jackson-databind-2.8.4.jar |
| CVE-2021-44228 | log4j-core-2.8.2.jar |
| CVE-2020-13956 | httpclient-4.3.6.jar |
| WS-2017-3805 | json-20080701.jar |
| CVE-2018-1000180 | bcprov-jdk15on-1.56.jar |
| CVE-2025-48924 | commons-lang3-3.2.1.jar |
| CVE-2020-36183 | jackson-databind-2.8.4.jar |
| CVE-2019-10755 | pac4j-saml-2.3.1.jar |
| CVE-2026-23901 | shiro-core-1.4.0.jar |
| CVE-2020-11989 | shiro-web-1.4.0.jar |
| CVE-2026-43828 | shiro-core-1.4.0.jar |
| WS-2019-0379 | commons-codec-1.9.jar |
| CVE-2026-34479 | log4j-core-2.8.2.jar |
| CVE-2021-45046 | log4j-core-2.8.2.jar |
| CVE-2014-0114 | commons-beanutils-1.9.3.jar |
| CVE-2019-14900 | hibernate-core-5.2.11.Final.jar |
| CVE-2020-17523 | shiro-web-1.4.0.jar |
| CVE-2020-10969 | jackson-databind-2.8.4.jar |
| WS-2026-0003 | jackson-core-2.8.9.jar |
| CVE-2020-36185 | jackson-databind-2.8.4.jar |
| CVE-2026-34480 | log4j-core-2.8.2.jar |
| CVE-2020-11112 | jackson-databind-2.8.4.jar |
| CVE-2020-35490 | jackson-databind-2.8.4.jar |
| WS-2018-0124 | jackson-core-2.8.4.jar |
| CVE-2026-43828 | shiro-web-1.4.0.jar |
| CVE-2022-38750 | snakeyaml-1.17.jar |
| CVE-2024-30172 | bcprov-jdk15on-1.56.jar |
| CVE-2025-48924 | commons-lang3-3.4.jar |
| CVE-2023-33201 | bcprov-jdk15on-1.56.jar |
| CVE-2019-16942 | jackson-databind-2.8.4.jar |
| WS-2019-0379 | commons-codec-1.10.jar |
| CVE-2025-68161 | log4j-core-2.8.2.jar |
| CVE-2026-0603 | hibernate-core-5.2.11.Final.jar |
| CVE-2020-10693 | hibernate-validator-5.4.1.Final.jar |
| CVE-2022-22970 | spring-core-4.3.7.RELEASE.jar |
| CVE-2020-11989 | shiro-core-1.4.0.jar |
| CVE-2023-34478 | shiro-web-1.4.0.jar |
| CVE-2023-46749 | shiro-web-1.4.0.jar |
| CVE-2022-40664 | shiro-web-1.4.0.jar |
| CVE-2020-17510 | shiro-web-1.4.0.jar |
| CVE-2022-38749 | snakeyaml-1.17.jar |
| CVE-2020-36181 | jackson-databind-2.8.4.jar |
| CVE-2021-20190 | jackson-databind-2.8.4.jar |
| CVE-2021-41303 | shiro-core-1.4.0.jar |
| CVE-2023-44483 | xmlsec-2.0.5.jar |
| CVE-2025-52999 | jackson-core-2.8.9.jar |
| CVE-2020-8840 | jackson-databind-2.8.4.jar |
| CVE-2020-13933 | shiro-core-1.4.0.jar |
| WS-2017-3734 | httpclient-4.3.6.jar |
| CVE-2019-16943 | jackson-databind-2.8.4.jar |
| CVE-2020-15522 | bcprov-jdk15on-1.56.jar |
| CVE-2019-14540 | jackson-databind-2.8.4.jar |
| CVE-2024-38820 | spring-core-4.3.7.RELEASE.jar |
| CVE-2020-35491 | jackson-databind-2.8.4.jar |
| WS-2022-0468 | jackson-core-2.8.9.jar |
| CVE-2018-19360 | jackson-databind-2.8.4.jar |
| CVE-2023-2976 | guava-25.0-jre.jar |
| CVE-2020-17521 | groovy-2.4.12.jar |
| CVE-2020-7226 | cryptacular-1.1.0.jar |
| CVE-2020-11113 | jackson-databind-2.8.4.jar |
| CVE-2017-7525 | jackson-databind-2.8.4.jar |
| CVE-2025-41249 | spring-core-4.3.7.RELEASE.jar |
| CVE-2025-49128 | jackson-core-2.8.9.jar |
| CVE-2020-1957 | shiro-web-1.4.0.jar |
| CVE-2022-38752 | snakeyaml-1.17.jar |
| CVE-2026-40458 | pac4j-core-2.2.1.jar |
| CVE-2020-24616 | jackson-databind-2.8.4.jar |
| CVE-2018-11040 | spring-core-4.3.7.RELEASE.jar |
| CVE-2021-40690 | xmlsec-2.0.5.jar |
| CVE-2022-45688 | json-20080701.jar |
| CVE-2020-14061 | jackson-databind-2.8.4.jar |
| CVE-2024-29857 | bcprov-jdk15on-1.56.jar |
| CVE-2022-42004 | jackson-databind-2.8.4.jar |
| CVE-2018-1000632 | dom4j-1.6.1.jar |
| WS-2026-0003 | jackson-core-2.8.4.jar |
| CVE-2019-17195 | nimbus-jose-jwt-4.41.2.jar |
| WS-2022-0468 | jackson-core-2.8.4.jar |
| CVE-2020-36189 | jackson-databind-2.8.4.jar |
| CVE-2019-17267 | jackson-databind-2.8.4.jar |
| CVE-2022-42003 | jackson-databind-2.8.4.jar |
| CVE-2023-33202 | bcprov-jdk15on-1.56.jar |
| CVE-2023-46750 | shiro-web-1.4.0.jar |
| CVE-2020-36188 | jackson-databind-2.8.4.jar |
| CVE-2025-49128 | jackson-core-2.8.4.jar |
| CVE-2020-13936 | velocity-1.7.jar |
| CVE-2026-29000 | pac4j-jwt-2.3.1.jar |
| CVE-2025-48734 | commons-beanutils-1.9.3.jar |
| CVE-2020-10683 | dom4j-1.6.1.jar |
| CVE-2020-11111 | jackson-databind-2.8.4.jar |
| CVE-2020-14060 | jackson-databind-2.8.4.jar |
| CVE-2022-32532 | shiro-core-1.4.0.jar |
| CVE-2019-10202 | jackson-databind-2.8.4.jar |
| CVE-2023-5072 | json-20080701.jar |
Base branch total remaining vulnerabilities: 199
Base branch commit: 4e5656db54be4b22481fe3774c2caeba51bac190
Total libraries scanned: 76
Scan token: ae5e64c36a3b4227a67a6816169c5ceb
Loading