Master #6

An automation triggered a pipeline failure

Found 154 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.

Output from Automations

9 rules were checked:

If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email

✔️ The rule did not trigger. Manage rule

If a newly added dependency contains a vulnerability which has not been marked as unaffected
where CVSS is at least high (7.0-8.9)
then fail pipeline

✔️ The rule did not trigger. Manage rule

If there is a dependency where the license risk is at least high
then send a pipeline warning

⚠️ The rule triggered for the following dependencies, causing a pipeline warning. Manage rule

Dependency	Dependency Licenses
jakarta.annotation:jakarta.annotation-api (Maven)	EPL-2.0, GPL-2.0-only
javax.mail:mailapi (Maven)	CDDL-1.0, Debricked Unknown License, GPL-2.0-only
org.kitchen-eel:json-schema-validator (Maven)	LGPL-3.0-only

If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning

⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule

Vulnerability	CVSS2	CVSS3	Dependency	Dependency Licenses
CVE-2021-23369	7.5	9.8	handlebars (npm)	MIT
CVE-2019-16335	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-17571	7.5	9.8	log4j:log4j (Maven)	Apache-2.0
CVE-2022-23305	6.8	9.8	log4j:log4j (Maven)	Apache-2.0
CVE-2020-9548	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-9547	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-11307	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-14379	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-14540	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-14719	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-16942	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-24616	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-16943	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-17267	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-20330	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-17531	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-8840	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-14892	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-17485	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-7525	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-15095	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-14718	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2016-1000027	7.5	9.8	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2018-7489	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-16487	7.5	9.8	lodash (npm)	MIT
CVE-2019-19919	7.5	9.8	handlebars (npm)	MIT
CVE-2022-1471	N/A	9.8	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2023-26136	N/A	9.8	tough-cookie (npm)	BSD-3-Clause
CVE-2021-23383	7.5	9.8	handlebars (npm)	MIT
CVE-2018-19362	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2023-44981	N/A	9.1	org.apache.zookeeper:zookeeper (Maven)	Apache-2.0
CVE-2019-20444	6.4	9.1	io.netty:netty (Maven)	Apache-2.0
CVE-2019-10744	6.4	9.1	lodash (npm)	MIT
CVE-2019-20445	6.4	9.1	io.netty:netty (Maven)	Apache-2.0
CVE-2022-23302	6	8.8	log4j:log4j (Maven)	Apache-2.0
CVE-2020-10673	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2024-22243	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2024-22259	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2024-22262	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2020-10650	N/A	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36182	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36179	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36181	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-35490	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2021-20190	8.3	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-24750	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36188	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-35728	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36186	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-35491	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36187	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36185	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36183	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36184	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36180	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36189	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-5968	5.1	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2022-23539	N/A	8.1	jsonwebtoken (npm)	MIT
CVE-2019-20920	6.8	8.1	handlebars (npm)	MIT
CVE-2021-43138	6.8	7.8	async (npm)	MIT
CVE-2022-23540	N/A	7.6	jsonwebtoken (npm)	MIT
CVE-2024-34750	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2022-21681	5	7.5	marked (npm)	MIT
CVE-2019-12086	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-12022	5.1	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2022-42004	N/A	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2022-24999	N/A	7.5	qs (npm)	BSD-3-Clause
CVE-2022-25883	N/A	7.5	semver (npm)	ISC
CVE-2023-1370	N/A	7.5	net.minidev:json-smart (Maven)	Apache-2.0
CVE-2023-20883	N/A	7.5	org.springframework.boot:spring-boot-autoconfigure (Maven)	Apache-2.0, Debricked Unknown License
CVE-2023-34092	N/A	7.5	vite (npm)	MIT
CVE-2024-23331	N/A	7.5	vite (npm)	MIT
CVE-2023-46589	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2022-21680	5	7.5	marked (npm)	MIT
CVE-2023-6378	N/A	7.5	ch.qos.logback:logback-core (Maven)	Debricked Unknown License, EPL-1.0, LGPL-2.0-or-later
CVE-2023-6378	N/A	7.5	ch.qos.logback:logback-classic (Maven)	Debricked Unknown License, EPL-1.0, LGPL-2.0-or-later
CVE-2019-14439	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-20922	7.8	7.5	handlebars (npm)	MIT
CVE-2023-24998	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-24549	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-45296	N/A	7.5	path-to-regexp (npm)	MIT
CVE-2024-45590	N/A	7.5	body-parser (npm)	MIT
CVE-2023-20860	N/A	7.5	org.springframework:spring-webmvc (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2024-38816	N/A	7.5	org.springframework:spring-webmvc (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2023-26464	N/A	7.5	log4j:log4j (Maven)	Apache-2.0
CVE-2020-36518	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2022-3517	N/A	7.5	minimatch (npm)	ISC
CVE-2022-25857	N/A	7.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2021-37137	5	7.5	io.netty:netty (Maven)	Apache-2.0
CVE-2021-4104	6	7.5	log4j:log4j (Maven)	Apache-2.0
CVE-2022-24999	N/A	7.5	express (npm)	MIT
CVE-2020-8203	5.8	7.4	lodash (npm)	MIT
CVE-2021-23337	6.5	7.2	lodash (npm)	MIT
CVE-2023-2976	N/A	7.1	com.google.guava:guava (Maven)	Apache-2.0, Debricked Unknown License
CVE-2023-20863	N/A	6.5	org.springframework:spring-expression (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2023-34055	N/A	6.5	org.springframework.boot:spring-boot (Maven)	Apache-2.0, Debricked Unknown License
CVE-2023-20861	N/A	6.5	org.springframework:spring-expression (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2023-20863	N/A	6.5	org.springframework:spring-core (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2023-20861	N/A	6.5	org.springframework:spring-core (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2019-1010266	4	6.5	lodash (npm)	MIT
CVE-2022-41854	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-38749	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-38751	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-38752	N/A	6.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2021-43797	4.3	6.5	io.netty:netty (Maven)	Apache-2.0
CVE-2024-45812	N/A	6.4	vite (npm)	MIT
CVE-2024-23672	N/A	6.3	org.apache.tomcat.embed:tomcat-embed-websocket (Maven)	Apache-2.0
CVE-2022-23541	N/A	6.3	jsonwebtoken (npm)	MIT
CVE-2024-29041	N/A	6.1	express (npm)	MIT
CVE-2019-14772	4.3	6.1	verdaccio (npm)	MIT
CVE-2023-41080	N/A	6.1	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-47068	N/A	6.1	rollup (npm)	MIT
CVE-2023-28155	N/A	6.1	request (npm)	Apache-2.0
CVE-2021-21409	4.3	5.9	io.netty:netty (Maven)	Apache-2.0
CVE-2021-21295	2.6	5.9	io.netty:netty (Maven)	Apache-2.0
CVE-2019-12384	4.3	5.9	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-10237	4.3	5.9	com.google.guava:guava (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-12814	4.3	5.9	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-0201	4.3	5.9	org.apache.zookeeper:zookeeper (Maven)	Apache-2.0
CVE-2020-15366	6.8	5.6	ajv (npm)	MIT
CVE-2022-38750	N/A	5.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2023-44270	N/A	5.3	postcss (npm)	MIT
CVE-2024-38809	N/A	5.3	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2024-38820	N/A	5.3	org.springframework:spring-context (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2023-42795	N/A	5.3	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2023-51074	N/A	5.3	com.jayway.jsonpath:json-path (Maven)	Apache-2.0
CVE-2023-45648	N/A	5.3	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2020-28500	5	5.3	lodash (npm)	MIT
CVE-2024-45811	N/A	4.8	vite (npm)	MIT
CVE-2024-43800	N/A	4.7	serve-static (npm)	MIT
CVE-2024-43796	N/A	4.7	express (npm)	MIT
CVE-2024-43799	N/A	4.7	send (npm)	MIT
CVE-2023-28708	N/A	4.3	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-38808	N/A	4.3	org.springframework:spring-expression (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2019-14722	4	4.3	verdaccio (npm)	MIT
CVE-2020-9488	4.3	3.7	log4j:log4j (Maven)	Apache-2.0
CVE-2020-8908	2.1	3.3	com.google.guava:guava (Maven)	Apache-2.0, Debricked Unknown License
debricked-234684	N/A	N/A	marked (npm)	MIT
debricked-233244	N/A	N/A	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
debricked-149699	N/A	N/A	js-yaml (npm)	MIT
debricked-149694	N/A	N/A	js-yaml (npm)	MIT
debricked-149824	N/A	N/A	handlebars (npm)	MIT
debricked-149816	N/A	N/A	handlebars (npm)	MIT
debricked-149815	N/A	N/A	handlebars (npm)	MIT
debricked-149573	N/A	N/A	marked (npm)	MIT
debricked-149695	N/A	N/A	marked (npm)	MIT
debricked-97165	N/A	N/A	lodash (npm)	MIT
debricked-149661	N/A	N/A	handlebars (npm)	MIT
CVE-2024-47764	N/A	N/A	cookie (npm)	MIT
debricked-638	N/A	N/A	verdaccio (npm)	MIT
debricked-230251	N/A	N/A	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
debricked-233850	N/A	N/A	js-yaml (npm)	MIT
debricked-233849	N/A	N/A	js-yaml (npm)	MIT
debricked-149414	N/A	N/A	handlebars (npm)	MIT
CVE-2024-31573	N/A	N/A	org.xmlunit:xmlunit-core (Maven)	Apache-2.0
debricked-234682	N/A	N/A	marked (npm)	MIT
debricked-234255	N/A	N/A	handlebars (npm)	MIT
debricked-249227	N/A	N/A	vite (npm)	MIT

If a dependency contains a vulnerability which has not been marked as unaffected
where CVSS is at least high (7.0-8.9)
then send a pipeline warning

⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule

Vulnerability	CVSS2	CVSS3	Dependency	Dependency Licenses
CVE-2020-9548	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-16335	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-7525	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-7489	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-14719	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-19362	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-11307	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-14379	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-14540	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-16942	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-17485	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-16943	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-17267	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-17531	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-20330	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-8840	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-14892	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-9547	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-24616	6.8	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-15095	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-14718	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2021-23383	7.5	9.8	handlebars (npm)	MIT
CVE-2022-23305	6.8	9.8	log4j:log4j (Maven)	Apache-2.0
CVE-2019-17571	7.5	9.8	log4j:log4j (Maven)	Apache-2.0
CVE-2018-16487	7.5	9.8	lodash (npm)	MIT
CVE-2016-1000027	7.5	9.8	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2022-1471	N/A	9.8	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2019-19919	7.5	9.8	handlebars (npm)	MIT
CVE-2023-26136	N/A	9.8	tough-cookie (npm)	BSD-3-Clause
CVE-2021-23369	7.5	9.8	handlebars (npm)	MIT
CVE-2019-10744	6.4	9.1	lodash (npm)	MIT
CVE-2023-44981	N/A	9.1	org.apache.zookeeper:zookeeper (Maven)	Apache-2.0
CVE-2019-20444	6.4	9.1	io.netty:netty (Maven)	Apache-2.0
CVE-2019-20445	6.4	9.1	io.netty:netty (Maven)	Apache-2.0
CVE-2022-23302	6	8.8	log4j:log4j (Maven)	Apache-2.0
CVE-2020-10673	6.8	8.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36185	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-10650	N/A	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-24750	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-35490	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-35728	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36179	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36180	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36181	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36182	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-35491	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-20920	6.8	8.1	handlebars (npm)	MIT
CVE-2021-20190	8.3	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2024-22262	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2020-36186	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2022-23539	N/A	8.1	jsonwebtoken (npm)	MIT
CVE-2024-22259	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2020-36187	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36188	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2024-22243	N/A	8.1	org.springframework:spring-web (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2020-36184	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-5968	5.1	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36189	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36183	6.8	8.1	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2021-43138	6.8	7.8	async (npm)	MIT
CVE-2022-23540	N/A	7.6	jsonwebtoken (npm)	MIT
CVE-2022-21681	5	7.5	marked (npm)	MIT
CVE-2024-38816	N/A	7.5	org.springframework:spring-webmvc (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2022-25857	N/A	7.5	org.yaml:snakeyaml (Maven)	Apache-2.0
CVE-2022-25883	N/A	7.5	semver (npm)	ISC
CVE-2022-24999	N/A	7.5	qs (npm)	BSD-3-Clause
CVE-2021-4104	6	7.5	log4j:log4j (Maven)	Apache-2.0
CVE-2022-21680	5	7.5	marked (npm)	MIT
CVE-2022-3517	N/A	7.5	minimatch (npm)	ISC
CVE-2023-20860	N/A	7.5	org.springframework:spring-webmvc (Maven)	Apache-2.0, BSD-3-Clause, Debricked Unknown License
CVE-2023-24998	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2023-46589	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-24549	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-34750	N/A	7.5	org.apache.tomcat.embed:tomcat-embed-core (Maven)	Apache-2.0
CVE-2024-23331	N/A	7.5	vite (npm)	MIT
CVE-2023-34092	N/A	7.5	vite (npm)	MIT
CVE-2023-26464	N/A	7.5	log4j:log4j (Maven)	Apache-2.0
CVE-2019-20922	7.8	7.5	handlebars (npm)	MIT
CVE-2019-14439	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2024-45296	N/A	7.5	path-to-regexp (npm)	MIT
CVE-2024-45590	N/A	7.5	body-parser (npm)	MIT
CVE-2023-6378	N/A	7.5	ch.qos.logback:logback-classic (Maven)	Debricked Unknown License, EPL-1.0, LGPL-2.0-or-later
CVE-2023-6378	N/A	7.5	ch.qos.logback:logback-core (Maven)	Debricked Unknown License, EPL-1.0, LGPL-2.0-or-later
CVE-2023-1370	N/A	7.5	net.minidev:json-smart (Maven)	Apache-2.0
CVE-2022-24999	N/A	7.5	express (npm)	MIT
CVE-2022-42004	N/A	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2020-36518	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2023-20883	N/A	7.5	org.springframework.boot:spring-boot-autoconfigure (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-12022	5.1	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2019-12086	5	7.5	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2021-37137	5	7.5	io.netty:netty (Maven)	Apache-2.0
CVE-2020-8203	5.8	7.4	lodash (npm)	MIT
CVE-2021-23337	6.5	7.2	lodash (npm)	MIT
CVE-2023-2976	N/A	7.1	com.google.guava:guava (Maven)	Apache-2.0, Debricked Unknown License

If there is a dependency where the license risk is high
then fail pipeline

❌ The rule triggered for the following dependencies, causing a pipeline failure. Manage rule

Dependency	Dependency Licenses
jakarta.annotation:jakarta.annotation-api (Maven)	EPL-2.0, GPL-2.0-only
javax.mail:mailapi (Maven)	CDDL-1.0, Debricked Unknown License, GPL-2.0-only
org.kitchen-eel:json-schema-validator (Maven)	LGPL-3.0-only

If a dependency contains a vulnerability which has not been marked as unaffected
where CVSS is at least high (7.0-8.9)
then fail pipeline

❌ The rule triggered for the following vulnerabilities, causing a pipeline failure. Manage rule

Vulnerability	CVSS2	CVSS3	Dependency	Dependency Licenses
CVE-2019-19919	7.5	9.8	handlebars (npm)	MIT
CVE-2019-17267	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2017-15095	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
CVE-2018-7489	7.5	9.8	com.fasterxml.jackson.core:jackson-databind (Maven)	Apache-2.0, Debricked Unknown License
[CVE-2018-14718](https://debricked.com/app/en/vulnerability/117078?repositoryId=44584&commitId=3...

[Output was too long for GitHub]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Master #6

Master #6

An automation triggered a pipeline failure

Output from Automations

9 rules were checked:

Re-running checks...

Master #6

Are you sure you want to change the base?

Update fortify.yml

Master #6

An automation triggered a pipeline failure

Output from Automations

9 rules were checked:

Re-running checks...