Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Porta SFTP Server

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
AbsoluteLayout-RELEASE290.jarpkg:maven/org.netbeans.external/AbsoluteLayout@RELEASE290 025
bcpkix-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/[email protected] 0Highest56
bcprov-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/[email protected] 0Highest60
bcutil-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/[email protected] 0Highest56
flatlaf-3.7.jar 016
flatlaf-3.7.jar: flatlaf-windows-arm64.dll 04
flatlaf-3.7.jar: flatlaf-windows-x86.dll 04
flatlaf-3.7.jar: flatlaf-windows-x86_64.dll 02
json-20251224.jarpkg:maven/org.json/json@20251224 031
logback-core-1.5.32.jarcpe:2.3:a:qos:logback:1.5.32:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/[email protected] 0Highest38
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/[email protected] 028
sqlite-jdbc-3.51.2.0.jarcpe:2.3:a:sqlite:sqlite:3.51.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sqlite_jdbc_project:sqlite_jdbc:3.51.2.0:*:*:*:*:*:*:*
pkg:maven/io.github.willena/[email protected] 0Highest35
sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll 02
sshd-core-2.17.1.jarcpe:2.3:a:apache:sshd:2.17.1:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/[email protected] 0Highest27

Dependencies (vulnerable)

AbsoluteLayout-RELEASE290.jar

Description:

POM and identification for artifact that was not possible to uniquely identify as a maven dependency.

File Path: /lib/AbsoluteLayout-RELEASE290.jar
MD5: 6c04b49b0b68eb310b29c60bcbd39db5
SHA1: 409c90d09b61262b7c1e4759fd5e921e66b914cc
SHA256:cbe5600e86eb64761e11e4cb046804a070bc214e00b9fa61413b59017089dfd1

Identifiers

  • pkg:maven/org.netbeans.external/AbsoluteLayout@RELEASE290  (Confidence:High)

bcpkix-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /lib/bcpkix-jdk15on-1.70.jar
MD5: 2c383f50d41937eae4fd32c35d8668cd
SHA1: f81e5af49571a9d5a109a88f239a73ce87055417
SHA256:e5b9cb821df57f70b0593358e89c0e8d7266515da9d088af6c646f63d433c07c

Identifiers

bcprov-jdk15on-1.70.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /lib/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256:8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4

Identifiers

  • pkg:maven/org.bouncycastle/[email protected]  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Highest)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

bcutil-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /lib/bcutil-jdk15on-1.70.jar
MD5: 805173dfb0891331dbe69d0e53371af4
SHA1: 54280e7195a7430d7911ded93fc01e07300b9526
SHA256:52dc5551b0257666526c5095424567fed7dc7b00d2b1ba7bd52298411112b1d0

Identifiers

flatlaf-3.7.jar

File Path: /lib/flatlaf-3.7.jar
MD5: ea286e4c313b3ca4265d71c4f56e752a
SHA1: 2075e33a20115d89ef20d1cb21179991c4f122d6
SHA256:1dc4f08cc0e01122f5bc6cebe1dcf253872c1fe8126208f43dab314d7deb0da2

Identifiers

  • None

flatlaf-3.7.jar: flatlaf-windows-arm64.dll

File Path: /lib/flatlaf-3.7.jar\com\formdev\flatlaf\natives\flatlaf-windows-arm64.dll
MD5: 539977161f734b0e32d9bbcbb1be1907
SHA1: 682023c13747eb307a6e29925516b58a033c9fa4
SHA256:32883ece91a12387628bb89531eca58edbdd50a639d2d4958b1d4c2b1f110145

Identifiers

  • None

flatlaf-3.7.jar: flatlaf-windows-x86.dll

File Path: /lib/flatlaf-3.7.jar\com\formdev\flatlaf\natives\flatlaf-windows-x86.dll
MD5: 5f4db62faca59800d2345c851fb90e00
SHA1: 3f1c08d282170d89aa575555c66353508267192b
SHA256:6c45d8f52e62e4859b31a3e5dbe3afa70e0471146d6f130f5b4b78a6262f162e

Identifiers

  • None

flatlaf-3.7.jar: flatlaf-windows-x86_64.dll

File Path: /lib/flatlaf-3.7.jar\com\formdev\flatlaf\natives\flatlaf-windows-x86_64.dll
MD5: e200ab2783cc152b78cbdb9346eddb08
SHA1: 7b612077e66087b91c7dadf47daa702d968f6b02
SHA256:390ed515d10c94bb91e30012d4ef5545f9ebf5fc20c5c5c9c28b8ea16bf4af60

Identifiers

  • None

json-20251224.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There are a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.
    

License:

Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /lib/json-20251224.jar
MD5: fec4b08b6ae3b07aa34ff719ee7a5cc3
SHA1: 758adfe5ff5c3cc286d62c9d097cbca84f870536
SHA256:2a3438fbf9293174ea82bdfa35e83d8b965cfe6bddc034a1ac5d60107174c209

Identifiers

  • pkg:maven/org.json/json@20251224  (Confidence:High)

logback-core-1.5.32.jar

Description:

logback-core module

License:

https://www.eclipse.org/legal/epl-v20.html, https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /lib/logback-core-1.5.32.jar
MD5: 053d4a28d6ba4c9b6247c6fd859ca64f
SHA1: fdfb3ff9a842303d4a95207294a6c6bc64e2605d
SHA256:6a904d5778d0e361a9692f9cbe68b1b0620ae0f3eda2ec2ed09102755bf036c4

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /lib/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832

Identifiers

sqlite-jdbc-3.51.2.0.jar

Description:

SQLite JDBC library with encryption and authentication support

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /lib/sqlite-jdbc-3.51.2.0.jar
MD5: 699db0483b78020e8cfb2a852bcda04c
SHA1: 2e92638ee101ba443135088b41f67efb5dc02952
SHA256:6a0c7746a191e375693c6cbbbd3f368c71e50faa087585bfe06db80e1bc7ad16

Identifiers

sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll

File Path: /lib/sqlite-jdbc-3.51.2.0.jar\org\sqlite\native\Windows\aarch64\sqlitejdbc.dll
MD5: 851535821336e8858553b984b793297c
SHA1: ad4dba5d676c0a0e6c3e4acd2bfc241e5a083833
SHA256:f973dc1ade4540dfac185cb44db5dd7ea7e512b66c93c9c810dd6ea010d22112

Identifiers

  • None

sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll

File Path: /lib/sqlite-jdbc-3.51.2.0.jar\org\sqlite\native\Windows\armv7\sqlitejdbc.dll
MD5: f28651ad5592eb206d1982cf1d0e008f
SHA1: ed21517fc7ca2a858f3646d7992d6211be308079
SHA256:eb773346a2c2b2f868fbba10af1bd410cc4e8c84cb4fc03b2598f3805fd5bc2b

Identifiers

  • None

sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll

File Path: /lib/sqlite-jdbc-3.51.2.0.jar\org\sqlite\native\Windows\x86\sqlitejdbc.dll
MD5: 4b55aaa94544b44c2e17c4df5c24b10e
SHA1: 856c4b9f7d8581a0aa5fd6a6d216c7e9d63a8e3a
SHA256:f37a164db40653f628ee18b583dc1906f59f3557b90a8fccac5ea9dc5f953f13

Identifiers

  • None

sqlite-jdbc-3.51.2.0.jar: sqlitejdbc.dll

File Path: /lib/sqlite-jdbc-3.51.2.0.jar\org\sqlite\native\Windows\x86_64\sqlitejdbc.dll
MD5: 5dacb237a7fe3659200f7b4ae1c35b37
SHA1: 387bd97099893ab6695c7fa7111d167eab291971
SHA256:3776f07b9585ad9905328eca945b18a6d70f26b04d6fd88c42e4a35b29f4e018

Identifiers

  • None

sshd-core-2.17.1.jar

File Path: /lib/sshd-core-2.17.1.jar
MD5: c059821a65212df7ffad96bbfca4f3c2
SHA1: 02582f7b736365e3cbe70bcf90f12ac99d7d7a29
SHA256:b30769bbc053da28949ed1404abed546598ccf3de9100945b627f5b3a0fe003c

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.