Dependency Analysis
doris
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
81%
Freshness
1412
Dependencies
181
Outdated
0
Stale
4.5
Avg Behind
Dependency List
Latest release 4.1.0
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
golang.org/x/crypto
golang
|
Direct | 0.0.0-20210616213533-5ff15b29337e | — | — | 9 critical | Unknown |
|
google.golang.org/grpc
golang
|
Direct | 1.41.0 | — | — | 3 critical | Apache-2.0 |
|
org.apache.hadoop:hadoop-common
maven
|
Direct | 2.8.0 | — | — | 5 critical | Apache-2.0 |
|
org.apache.spark:spark-core_2.11
maven
|
Direct | 2.3.4 | — | — | 3 critical | Apache-2.0 |
|
urllib3
pypi
|
Direct | 1.26.1 | 2.7.0 | 44 behind | 9 high | MIT |
|
rustls-webpki
cargo
|
Direct | 0.103.10 | 0.103.13 | 6 behind | 6 high | ISC |
|
ch.qos.logback:logback-classic
maven
|
Direct | 1.2.10 | — | — | 1 high | LGPL-2.1 |
|
com.google.protobuf:protobuf-java
maven
|
Direct | 2.5.0 | — | — | 3 high | BSD-3-Clause |
|
commons-io:commons-io
maven
|
Direct | 2.4 | — | — | 2 high | Apache-2.0 |
|
github.com/containerd/containerd
golang
|
Direct | 1.5.7 | — | — | 15 high | Apache-2.0 |
|
github.com/docker/distribution
golang
|
Direct | 2.8.0+incompatible | — | — | 1 high | Apache-2.0 |
|
github.com/docker/docker
golang
|
Direct | 1.4.2-0.20190924003213-a8608b5b67c7 | — | — | 20 high | Apache-2.0 |
|
github.com/sirupsen/logrus
golang
|
Direct | 1.8.1 | — | — | 1 high | MIT |
|
golang.org/x/net
golang
|
Direct | 0.0.0-20211020060615-d418f374d309 | — | — | 14 high | Unknown |
|
golang.org/x/oauth2
golang
|
Direct | 0.0.0-20211005180243-6b3c2da341f1 | — | — | 1 high | BSD-3-Clause |
|
golang.org/x/text
golang
|
Direct | 0.3.7 | — | — | 1 high | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
gopkg.in/yaml.v3
golang
|
Direct | 3.0.0 | — | — | 1 high | Apache-2.0 AND MIT |
|
mysql:mysql-connector-java
maven
|
Direct | 8.0.33 | — | — | 1 high | Unknown |
|
mysql:mysql-connector-java
maven
|
Direct | 5.1.26 | — | — | 7 high | GPL-2.0 |
|
org.apache.thrift:libthrift
maven
|
Direct | 0.16.0 | — | — | 1 high | Apache-2.0 |
|
org.ini4j:ini4j
maven
|
Direct | 0.5.4 | — | — | 1 high | Apache-2.0 |
|
org.postgresql:postgresql
maven
|
Direct | 42.7.3 | — | — | 1 high | BSD-2-Clause |
|
org.springframework.boot:spring-boot-starter-actuator
maven
|
Direct | 3.5.7 | — | — | 2 high | Apache-2.0 |
|
requests
pypi
|
Direct | 2.28.2 | 2.34.2 | 15 behind | 1 medium | Apache-2.0 |
|
com.google.guava:guava
maven
|
Direct | 15.0 | — | — | 3 medium | Apache-2.0 |
|
com.nimbusds:nimbus-jose-jwt
maven
|
Direct | 10.0.1 | — | — | 1 medium | Apache-2.0 |
|
com.puppycrawl.tools:checkstyle
maven
|
Direct | 8.14 | — | — | 2 medium | LGPL-2.1+ |
|
github.com/eclipse/paho.mqtt.golang
golang
|
Direct | 1.2.1-0.20200121105743-0d940dd29fd2 | — | — | 1 medium | Unknown |
|
github.com/elastic/beats/v7
golang
|
Direct | 7.17.5 | — | — | 2 medium | Unknown |
|
golang.org/x/sys
golang
|
Direct | 0.0.0-20211102192858-4dd72447c267 | — | — | 1 medium | Unknown |
|
google.golang.org/protobuf
golang
|
Direct | 1.27.1 | — | — | 1 medium | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
idna
pypi
|
Direct | 3.4 | 3.18.0 | — | 1 medium | BSD-2-Clause AND BSD-3-Clause |
|
io.netty:netty-common
maven
|
Direct | 4.1.77 | — | — | 2 medium | Unknown |
|
junit:junit
maven
|
Direct | 4.12 | — | — | 1 medium | EPL-1.0 |
|
mysql:mysql-connector-java
maven
|
Direct | 8.0.12 | — | — | 1 medium | Unknown |
|
org.bouncycastle:bcprov-jdk15on
maven
|
Direct | 1.70 | — | — | 5 medium | MIT |
|
certifi
pypi
|
Direct | 2023.7.22 | 2026.5.20 | 18 behind | 1 low | MPL-2.0 |
|
lru
cargo
|
Direct | 0.12.5 | 0.18.0 | 10 behind | 2 low | MIT |
|
rand
cargo
|
Direct | 0.9.2 | 0.10.1 | 10 behind | 2 low | MIT OR Apache-2.0 |
|
commons-configuration:commons-configuration
maven
|
Direct | 1.6 | — | — | 1 low | Apache-2.0 |
|
github.com/opencontainers/image-spec
golang
|
Direct | 1.0.2-0.20190823105129-775207bd45b6 | — | — | 1 low | Apache-2.0 |
|
org.apache.hadoop:hadoop-common
maven
|
Direct | 3.3.6 | — | — | 1 low | Apache-2.0 |
|
instant
cargo
|
Direct | 0.1.13 | 0.1.13 | Current | 1 unknown | BSD-3-Clause |
|
paste
cargo
|
Direct | 1.0.15 | 1.0.15 | Current | 1 unknown | MIT OR Apache-2.0 |
|
rustls-pemfile
cargo
|
Direct | 2.2.0 | 2.2.0 | Current | 1 unknown | Apache-2.0 OR ISC OR MIT |
License Breakdown
Unknown
424
Apache-2.0
363
MIT OR Apache-2.0
230
MIT
159
BSD-3-Clause
40
Apache-2.0 OR MIT
26
Unicode-3.0
18
Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
16
BSD-2-Clause
12
Unlicense OR MIT
10
MPL-2.0
9
Apache-2.0 AND MIT
8
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
8
ISC
8
EPL-2.0
6
Apache-2.0 OR ISC OR MIT
4
Apache-2.0 AND BSD-3-Clause AND MIT
3
LicenseRef-scancode-unknown-license-reference
3
Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0 AND LicenseRef-scancode-generic-export-compliance AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-unknown-license-reference
2
Apache-2.0 OR LGPL-2.1-or-later
2
BSD-2-Clause AND BSD-3-Clause
2
BSD-2-Clause OR Apache-2.0 OR MIT
2
BSD-2-Clause-Views
2
BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-or-later) AND GPL-1.0-or-later AND GPL-2.0-only
2
BSD-3-Clause AND MIT
2
CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0
2
CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0
2
EPL-1.0
2
GPL-2.0
2
LGPL-2.1
2
LGPL-2.1+
2
MIT OR Apache-2.0 OR LGPL-2.1-or-later
2
MIT OR Apache-2.0 OR Zlib
2
Zlib OR Apache-2.0 OR MIT
2
(MIT OR Apache-2.0) AND Apache-2.0
1
(MIT OR Apache-2.0) AND Unicode-3.0
1
0BSD
1
0BSD AND Apache-2.0 AND BSD-2-Clause AND MIT
1
Apache-2.0 AND BSD-3-Clause
1
Apache-2.0 AND BSD-3-Clause AND CDDL-1.0
1
Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0
1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-protobuf AND LicenseRef-scancode-unknown-license-reference AND MIT
1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND UPL-1.0
1
Apache-2.0 AND CC-BY-SA-4.0
1
Apache-2.0 AND CC-PDDC
1
Apache-2.0 AND EPL-1.0 AND EPL-2.0
1
Apache-2.0 AND GPL-3.0-only
1
Apache-2.0 AND ISC
1
Apache-2.0 AND LGPL-2.1 AND LGPL-2.1-only AND MPL-1.1
1
Apache-2.0 OR BSL-1.0
1
Apache-2.0 OR MIT OR MPL-2.0
1
CC0-1.0
1
CC0-1.0 OR MIT-0 OR Apache-2.0
1
CPL-1.0
1
EPL-2.0 OR BSD-3-Clause
1
EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
1
GPL-2.0 AND GPL-2.0-only
1
GPL-3.0-or-later AND LGPL-2.1-only AND curl
1
ISC AND (Apache-2.0 OR ISC)
1
ISC AND (Apache-2.0 OR ISC) AND Apache-2.0 AND MIT AND BSD-3-Clause AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR ISC OR MIT-0)
1
LGPL-3.0
1
LicenseRef-scancode-elastic-license-2018
1
LicenseRef-scancode-unicode AND LicenseRef-scancode-unknown-license-reference AND Unicode-3.0
1
MIT OR BSD-3-Clause
1
Zlib
1
zlib-acknowledgement OR MIT
1
CVE Severity
critical
4
high
19
medium
13
low
6
unknown
3