4 Pull requests merged by 3 people

• docs: Document poetry-based analysis behaviour in Python analyzer

  #7855 merged Aug 6, 2025

• fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod

  #7848 merged Aug 6, 2025

• build(deps): bump actions/download-artifact from 4 to 5

  #7856 merged Aug 6, 2025

• build(deps): bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0

  #7839 merged Jul 30, 2025

1 Pull request opened by 1 person

• build(deps): bump commons-cli:commons-cli from 1.9.0 to 1.10.0

  #7851 opened Aug 4, 2025

5 Issues closed by 3 people

• UpdateException: Error updating the NVD Data for 10.0.4

  #7847 closed Aug 6, 2025

• unable to scan jars using dependency check version 12.1.0 version

  #7782 closed Jul 31, 2025

• [FP]: quarkus-wiremock-1.5.0.jar

  #7841 closed Jul 30, 2025

• [FP]: False Positive for sqlite4java

  #7842 closed Jul 30, 2025

• [FP]: False positive for org.mortbay.jasper/apache-jsp@10.1.41

  #7804 closed Jul 30, 2025

10 Issues opened by 8 people

• [FP]: Jetty false positive findings

  #7857 opened Aug 6, 2025

• [FP]: False positive for CVE-2024-7254 in protobuf-java-3.25.5

  #7854 opened Aug 4, 2025

• [FP]: False positive for CVE-2025-53689 in jackrabbit-data-2.22.0

  #7853 opened Aug 4, 2025

• Scanning with Gradle Plugin - Android Studio - Right approach to reduce false positives?

  #7852 opened Aug 4, 2025

• Fails with Gradle 9

  #7850 opened Aug 3, 2025

• Dependency Check built in hints kick in and incorrectly flag a module as Spring when using GraalVM / Spring AOT

  #7849 opened Aug 1, 2025

• [FP]: False positive for cve-2017-7658 in apache-jsp

  #7846 opened Jul 31, 2025

• [FP]: False positive for cve-2017-7657 in apache-jsp

  #7845 opened Jul 31, 2025

• [FP]: Multiple false positives against grpc-netty-shaded-1.62.2.jar

  #7844 opened Jul 31, 2025

• java.lang.NoSuchMethodError: 'java.lang.String org.apache.commons.compress.compressors.gzip.GzipUtils'

  #7843 opened Jul 31, 2025

10 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [FP]: JGit version with backported fix is marked vulnerable

  #7774 commented on Jul 30, 2025 • 0 new comments

• [FP]: CVE-2025-41234 falsely attributed to spring-web-5.3.39.jar

  #7744 commented on Jul 30, 2025 • 0 new comments

• java.lang.NullPointerException while processing CVE-2024-32849

  #7840 commented on Jul 31, 2025 • 0 new comments

• CVE-2020-13091 linked to pandas 2.3.1

  #7834 commented on Aug 2, 2025 • 0 new comments

• Multiple false positive for ICU DLL

  #7337 commented on Aug 5, 2025 • 0 new comments

• [FP]: False positive for apache-el-11.0.0.jar against multiple jetty 11 CVE's

  #7835 commented on Aug 5, 2025 • 0 new comments

• Change legacy central url

  #5827 commented on Aug 5, 2025 • 0 new comments

• Poetry and Archive analyzers fail when run together after building project

  #6356 commented on Aug 5, 2025 • 0 new comments

• Do not want to compile on java 11

  #7788 commented on Aug 6, 2025 • 0 new comments

• build(deps): bump org.semver4j:semver4j from 5.8.0 to 6.0.0

  #7776 commented on Jul 30, 2025 • 0 new comments