Gradle

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

100% Freshness

697 Dependencies

0 Outdated

0 Stale

— Avg Behind

Dependency List

Latest release v9.5.0

All 696 Outdated 0 Has CVE 10 GPL 8

Dependency	Type	Current	Latest	Behind	CVE	License
org.bouncycastle:bcpg-jdk18on maven	Direct	1.80	—	—	1 high	Apache-2.0
org.bouncycastle:bcprov-jdk18on maven	Transitive	1.80	—	—	2 high	MIT
org.codehaus.plexus:plexus-utils maven	Transitive	4.0.2	—	—	1 high	Unknown
org.eclipse.jetty:jetty-http maven	Direct	9.4.58.v20250814	—	—	2 high	Apache-2.0
com.fasterxml.jackson.core:jackson-core maven	Transitive	2.20.2	—	—	1 medium	Unknown
commons-lang:commons-lang maven	Direct	2.6	—	—	1 medium	Apache-2.0
io.undertow:undertow-core maven	Transitive	2.3.24.Final	—	—	1 medium	Unknown
org.apache.logging.log4j:log4j-core maven	Direct	2.25.3	—	—	3 medium	Unknown
org.bouncycastle:bcpkix-jdk18on maven	Direct	1.80	—	—	1 medium	MIT
org.jruby:jruby maven	Transitive	9.4.7.0	—	—	1 medium	Unknown

License Breakdown

Unknown 435

Apache-2.0 190

MIT 17

BSD-3-Clause 15

LicenseRef-scancode-unknown-license-reference AND EPL-2.0 6

Apache-2.0 AND MIT 5

Apache-2.0 AND BSD-3-Clause AND MIT 4

BSD-2-Clause AND BSD-3-Clause 3

EPL-1.0 3

Apache-2.0 AND BSD-3-Clause 2

Apache-2.0 AND SAX-PD AND W3C 2

Apache-2.0 OR (Apache-2.0 AND LGPL-2.1 AND LGPL-2.1-or-later) OR (Apache-2.0 AND LGPL-2.1) OR (Apache-2.0 AND LGPL-2.1-or-later) OR (LGPL-2.1 AND LGPL-2.1-or-later) 2

CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0 2

LicenseRef-scancode-public-domain 2

Apache-2.0 AND BSD-2-Clause AND MIT 1

Apache-2.0 AND EPL-1.0 AND EPL-2.0 1

BSD-3-Clause AND LicenseRef-scancode-freemarker AND ISC AND LGPL-2.0-or-later 1

CPL-1.0 1

GPL-2.0 OR LGPL-2.1 OR EPL-2.0 1

GPL-2.0-only WITH Classpath-exception-2.0 1

LGPL-2.1-or-later 1

MIT AND LicenseRef-scancode-unknown-license-reference AND EPL-2.0 1

CVE Severity

critical 0

high 4

medium 6

low 0

unknown 0