OWASP Dependency Check
By the Year
In 2024 there have been 1 vulnerability in OWASP Dependency Check with an average score of 5.3 out of ten. Dependency Check did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.30 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Dependency Check vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OWASP Dependency Check Security Vulnerabilities
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode
CVE-2024-23686
5.3 - Medium
- January 19, 2024
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
Insertion of Sensitive Information into Log File
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive
CVE-2018-12036
7.8 - High
- June 07, 2018
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
Write-what-where Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OWASP Dependency Check or by OWASP? Click the Watch button to subscribe.
