Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiverCVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatisCVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext classCVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classesCVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classesCVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws classCVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms classCVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa classCVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core classCVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 librariesCVE-2019-14379 jackson-databind: default typing mishandling leading to remote code executionCVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfigCVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSourceCVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSourceCVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache packageCVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blockingCVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blockingCVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmapCVE-2020-9548 jackson-databind: Serialization gadgets in anteros-coreCVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all originsCVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion VulnerabilityYour dependencies cross-checked against the OSV vulnerability database.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.