Identify vulnerable libraries in Maven dependencies
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
demos
src
.gitignore
.travis.yml
README.md
pom.xml

README.md

Maven Security Versions Build Status Maven Central

Identify vulnerable libraries in Maven dependencies.

The plugin is based on versions-maven-plugin. It use the victims database has source for CVEs and Maven artifact mapping.

Usage

> mvn com.redhat.victims.maven:security-versions:check
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Demo Insecure Project 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- security-versions:1.0.2:check (default-cli) @ demo-insecure-project ---
[INFO] Analyzing the dependencies for com.h3xstream.test:demo-insecure-project
[INFO] Syncing with the victims repository (based on the atom feed)
[INFO] Downloading: https://github.com/victims/victims-cve-db/commits.atom
[INFO] Already to the latest version.
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0094
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0112
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0113
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0116
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-7809
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2013-2186
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2014-0050
[ERROR] com.thoughtworks.xstream:xstream is vulnerable to CVE-2013-7285
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.200 s
[INFO] Finished at: 2015-11-03T22:30:48-05:00
[INFO] Final Memory: 13M/194M
[INFO] ------------------------------------------------------------------------

Licenses