| Severity | SourceId | Found In | Vulnerability Detail |
| Low | CVE-2020-8908 | pkg:maven/com.google.guava/guava@28.2-jre|pkg:maven/com.google.guava/guava@17.0|pkg:maven/com.google.guava/guava@16.0.1 | https://app.soos.io/research/vulnerabilities/CVE-2020-8908 |
| Unknown | CVE-2024-28752 | pkg:maven/org.apache.cxf/cxf-core@3.0.3|pkg:maven/org.apache.cxf/cxf-core@3.3.6 | https://app.soos.io/research/vulnerabilities/CVE-2024-28752 |
| Medium | CVE-2023-33202 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2023-33202 |
| High | CVE-2021-39148 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39148 |
| High | CVE-2022-46363 | pkg:maven/org.apache.cxf/cxf-core@3.0.3|pkg:maven/org.apache.cxf/cxf-core@3.3.6 | https://app.soos.io/research/vulnerabilities/CVE-2022-46363 |
| High | CVE-2016-4216 | pkg:maven/com.adobe.xmp/xmpcore@5.1.2 | https://app.soos.io/research/vulnerabilities/CVE-2016-4216 |
| Unknown | CVE-2025-30474 | pkg:maven/org.apache.commons/commons-vfs2@2.2|pkg:maven/org.apache.commons/commons-vfs2@2.0 | https://app.soos.io/research/vulnerabilities/CVE-2025-30474 |
| Medium | CVE-2021-21344 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21344 |
| Medium | CVE-2020-15522 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2020-15522 |
| High | CVE-2022-23302 | pkg:maven/log4j/log4j@1.2.17|pkg:maven/log4j/log4j@1.2.9 | https://app.soos.io/research/vulnerabilities/CVE-2022-23302 |
| Medium | CVE-2022-23437 | pkg:maven/xerces/xercesimpl@2.12.0|pkg:maven/xerces/xercesimpl@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2022-23437 |
| High | CVE-2024-25710 | pkg:maven/org.apache.commons/commons-compress@1.20|pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2024-25710 |
| High | CVE-2022-3509 | pkg:maven/com.google.protobuf/protobuf-java@2.5.0|pkg:maven/com.google.protobuf/protobuf-java@3.11.4 | https://app.soos.io/research/vulnerabilities/CVE-2022-3509 |
| High | CVE-2021-35515 | pkg:maven/org.apache.commons/commons-compress@1.20|pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2021-35515 |
| Medium | CVE-2024-21742 | pkg:maven/org.apache.james/apache-mime4j-core@0.8.3|pkg:maven/org.apache.james/apache-mime4j-core@0.7.2 | https://app.soos.io/research/vulnerabilities/CVE-2024-21742 |
| Medium | CVE-2020-26259 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2020-26259 |
| Critical | CVE-2021-23926 | pkg:maven/org.apache.xmlbeans/xmlbeans@2.6.0 | https://app.soos.io/research/vulnerabilities/CVE-2021-23926 |
| High | CVE-2021-4104 | pkg:maven/log4j/log4j@1.2.17|pkg:maven/log4j/log4j@1.2.9 | https://app.soos.io/research/vulnerabilities/CVE-2021-4104 |
| High | CVE-2020-28052 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65 | https://app.soos.io/research/vulnerabilities/CVE-2020-28052 |
| Medium | CVE-2021-21346 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21346 |
| High | CVE-2024-7254 | pkg:maven/com.google.protobuf/protobuf-java@2.5.0|pkg:maven/com.google.protobuf/protobuf-java@3.11.4 | https://app.soos.io/research/vulnerabilities/CVE-2024-7254 |
| Medium | CVE-2022-24614 | pkg:maven/com.drewnoakes/metadata-extractor@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2022-24614 |
| High | CVE-2019-10088 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2019-10088 |
| Medium | CVE-2018-1339 | pkg:maven/org.apache.tika/tika-parsers@1.13 | https://app.soos.io/research/vulnerabilities/CVE-2018-1339 |
| Unknown | CVE-2024-47554 | pkg:maven/commons-io/commons-io@2.4|pkg:maven/commons-io/commons-io@2.6 | https://app.soos.io/research/vulnerabilities/CVE-2024-47554 |
| Critical | CVE-2016-6809 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2016-6809 |
| Medium | CVE-2021-31812 | pkg:maven/org.apache.pdfbox/pdfbox@2.0.1|pkg:maven/org.apache.pdfbox/pdfbox@2.0.19 | https://app.soos.io/research/vulnerabilities/CVE-2021-31812 |
| Unknown | CVE-2024-29857 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2024-29857 |
| Medium | CVE-2023-33201 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2023-33201 |
| Medium | CVE-2009-2625 | pkg:maven/xerces/xercesimpl@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2009-2625 |
| Medium | CVE-2021-27807 | pkg:maven/org.apache.pdfbox/pdfbox@2.0.1|pkg:maven/org.apache.pdfbox/pdfbox@2.0.19 | https://app.soos.io/research/vulnerabilities/CVE-2021-27807 |
| High | CVE-2017-5656 | pkg:maven/org.apache.cxf/cxf-core@3.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2017-5656 |
| High | CVE-2022-3171 | pkg:maven/com.google.protobuf/protobuf-java@2.5.0|pkg:maven/com.google.protobuf/protobuf-java@3.11.4 | https://app.soos.io/research/vulnerabilities/CVE-2022-3171 |
| Critical | CVE-2017-12620 | pkg:maven/org.apache.opennlp/opennlp-tools@1.6.0 | https://app.soos.io/research/vulnerabilities/CVE-2017-12620 |
| High | CVE-2021-39147 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39147 |
| Unknown | CVE-2024-30171 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2024-30171 |
| Medium | CVE-2020-15250 | pkg:maven/junit/junit@4.10 | https://app.soos.io/research/vulnerabilities/CVE-2020-15250 |
| Medium | CVE-2022-26336 | pkg:maven/org.apache.poi/poi-scratchpad@4.1.2|pkg:maven/org.apache.poi/poi-scratchpad@3.15-beta1 | https://app.soos.io/research/vulnerabilities/CVE-2022-26336 |
| High | CVE-2023-5072 | pkg:maven/org.json/json@20140107 | https://app.soos.io/research/vulnerabilities/CVE-2023-5072 |
| Medium | CVE-2020-14338 | pkg:maven/xerces/xercesimpl@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2020-14338 |
| Medium | CVE-2022-30973 | pkg:maven/org.apache.tika/tika-core@1.24.1 | https://app.soos.io/research/vulnerabilities/CVE-2022-30973 |
| Medium | CVE-2021-21342 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21342 |
| Medium | CVE-2021-21351 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21351 |
| Medium | CVE-2018-11771 | pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2018-11771 |
| High | CVE-2022-4244 | pkg:maven/org.codehaus.plexus/plexus-utils@1.5.6 | https://app.soos.io/research/vulnerabilities/CVE-2022-4244 |
| Medium | CVE-2018-11762 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2018-11762 |
| Medium | CVE-2021-22569 | pkg:maven/com.google.protobuf/protobuf-java@2.5.0|pkg:maven/com.google.protobuf/protobuf-java@3.11.4 | https://app.soos.io/research/vulnerabilities/CVE-2021-22569 |
| High | CVE-2021-39145 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39145 |
| High | CVE-2021-39154 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39154 |
| Critical | CVE-2021-45046 | pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-45046 |
| High | CVE-2021-43859 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-43859 |
| Critical | CVE-2022-23305 | pkg:maven/log4j/log4j@1.2.17|pkg:maven/log4j/log4j@1.2.9 | https://app.soos.io/research/vulnerabilities/CVE-2022-23305 |
| High | CVE-2021-46877 | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.3 | https://app.soos.io/research/vulnerabilities/CVE-2021-46877 |
| Medium | CVE-2017-12624 | pkg:maven/org.apache.cxf/cxf-core@3.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2017-12624 |
| High | CVE-2021-39152 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39152 |
| Medium | CVE-2018-8017 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2018-8017 |
| High | CVE-2021-29505 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-29505 |
| Critical | CVE-2022-46364 | pkg:maven/org.apache.cxf/cxf-core@3.0.3|pkg:maven/org.apache.cxf/cxf-core@3.3.6 | https://app.soos.io/research/vulnerabilities/CVE-2022-46364 |
| Medium | CVE-2020-1945 | pkg:maven/org.apache.ant/ant@1.7.0 | https://app.soos.io/research/vulnerabilities/CVE-2020-1945 |
| Medium | CVE-2021-21347 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21347 |
| Medium | CVE-2021-29425 | pkg:maven/commons-io/commons-io@2.4|pkg:maven/commons-io/commons-io@2.6|pkg:maven/commons-io/commons-io@1.3.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-29425 |
| High | CVE-2022-23307 | pkg:maven/log4j/log4j@1.2.17|pkg:maven/log4j/log4j@1.2.9 | https://app.soos.io/research/vulnerabilities/CVE-2022-23307 |
| Unknown | CVE-2025-31672 | pkg:maven/org.apache.poi/poi-ooxml@3.15-beta1|pkg:maven/org.apache.poi/poi-ooxml@4.1.2 | https://app.soos.io/research/vulnerabilities/CVE-2025-31672 |
| High | CVE-2013-4002 | pkg:maven/xerces/xercesimpl@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2013-4002 |
| High | CVE-2017-12626 | pkg:maven/org.apache.poi/poi@3.15-beta1 | https://app.soos.io/research/vulnerabilities/CVE-2017-12626 |
| Medium | CVE-2018-8036 | pkg:maven/org.apache.pdfbox/pdfbox@2.0.1 | https://app.soos.io/research/vulnerabilities/CVE-2018-8036 |
| High | CVE-2021-39141 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39141 |
| Medium | CVE-2018-1338 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2018-1338 |
| Medium | CVE-2015-5262 | pkg:maven/org.apache.httpcomponents/httpclient@4.2.6 | https://app.soos.io/research/vulnerabilities/CVE-2015-5262 |
| High | CVE-2021-39150 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39150 |
| High | CVE-2022-23596 | pkg:maven/com.github.junrar/junrar@0.7|pkg:maven/com.github.junrar/junrar@4.0.0 | https://app.soos.io/research/vulnerabilities/CVE-2022-23596 |
| Medium | CVE-2021-21348 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21348 |
| Medium | CVE-2018-10237 | pkg:maven/com.google.guava/guava@17.0|pkg:maven/com.google.guava/guava@16.0.1 | https://app.soos.io/research/vulnerabilities/CVE-2018-10237 |
| High | CVE-2021-21341 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21341 |
| Medium | CVE-2021-27906 | pkg:maven/org.apache.pdfbox/pdfbox@2.0.1|pkg:maven/org.apache.pdfbox/pdfbox@2.0.19 | https://app.soos.io/research/vulnerabilities/CVE-2021-27906 |
| Critical | CVE-2022-42889 | pkg:maven/org.apache.commons/commons-text@1.8 | https://app.soos.io/research/vulnerabilities/CVE-2022-42889 |
| Medium | CVE-2021-21350 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21350 |
| Medium | CVE-2022-24613 | pkg:maven/com.drewnoakes/metadata-extractor@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2022-24613 |
| Critical | CVE-2021-44228 | pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-44228 |
| High | CVE-2021-36090 | pkg:maven/org.apache.commons/commons-compress@1.20|pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2021-36090 |
| Medium | CVE-2022-40151 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2022-40151 |
| Medium | CVE-2020-26939 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2020-26939 |
| Medium | CVE-2020-13956 | pkg:maven/org.apache.httpcomponents/httpclient@4.5.12|pkg:maven/org.apache.httpcomponents/httpclient@4.2.6 | https://app.soos.io/research/vulnerabilities/CVE-2020-13956 |
| Medium | CVE-2016-6812 | pkg:maven/org.apache.cxf/cxf-core@3.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2016-6812 |
| Medium | CVE-2021-21343 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21343 |
| High | CVE-2022-41966 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2022-41966 |
| Medium | CVE-2021-44832 | pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-44832 |
| High | CVE-2020-11988 | pkg:maven/org.apache.xmlgraphics/xmlgraphics-commons@2.3 | https://app.soos.io/research/vulnerabilities/CVE-2020-11988 |
| High | CVE-2018-11761 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2018-11761 |
| High | CVE-2012-0881 | pkg:maven/xerces/xercesimpl@2.8.1 | https://app.soos.io/research/vulnerabilities/CVE-2012-0881 |
| High | CVE-2019-10094 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2019-10094 |
| Medium | CVE-2020-17521 | pkg:maven/org.codehaus.groovy/groovy@3.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2020-17521 |
| Critical | CVE-2019-13990 | pkg:maven/org.quartz-scheduler/quartz@2.2.0 | https://app.soos.io/research/vulnerabilities/CVE-2019-13990 |
| Medium | CVE-2023-2976 | pkg:maven/com.google.guava/guava@28.2-jre|pkg:maven/com.google.guava/guava@17.0|pkg:maven/com.google.guava/guava@16.0.1 | https://app.soos.io/research/vulnerabilities/CVE-2023-2976 |
| Unknown | CVE-2024-30172 | pkg:maven/org.bouncycastle/bcprov-jdk15on@1.65|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.54|pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60 | https://app.soos.io/research/vulnerabilities/CVE-2024-30172 |
| High | CVE-2016-4434 | pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2016-4434 |
| High | CVE-2018-11796 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2018-11796 |
| Low | CVE-2020-9488 | pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1 | https://app.soos.io/research/vulnerabilities/CVE-2020-9488 |
| Medium | CVE-2014-3577 | pkg:maven/org.apache.httpcomponents/httpclient@4.2.6 | https://app.soos.io/research/vulnerabilities/CVE-2014-3577 |
| High | CVE-2022-34169 | pkg:maven/xalan/xalan@2.7.2 | https://app.soos.io/research/vulnerabilities/CVE-2022-34169 |
| High | CVE-2021-35516 | pkg:maven/org.apache.commons/commons-compress@1.20|pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2021-35516 |
| High | CVE-2022-3510 | pkg:maven/com.google.protobuf/protobuf-java@2.5.0|pkg:maven/com.google.protobuf/protobuf-java@3.11.4 | https://app.soos.io/research/vulnerabilities/CVE-2022-3510 |
| Medium | CVE-2021-39140 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39140 |
| High | CVE-2021-39153 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39153 |
| Medium | CVE-2019-12415 | pkg:maven/org.apache.poi/poi@3.15-beta1 | https://app.soos.io/research/vulnerabilities/CVE-2019-12415 |
| Medium | CVE-2017-5653 | pkg:maven/org.apache.cxf/cxf-core@3.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2017-5653 |
| Medium | CVE-2018-12418 | pkg:maven/com.github.junrar/junrar@0.7 | https://app.soos.io/research/vulnerabilities/CVE-2018-12418 |
| Medium | CVE-2018-17197 | pkg:maven/org.apache.tika/tika-parsers@1.13 | https://app.soos.io/research/vulnerabilities/CVE-2018-17197 |
| High | CVE-2021-37714 | pkg:maven/org.jsoup/jsoup@1.13.1|pkg:maven/org.jsoup/jsoup@1.7.2 | https://app.soos.io/research/vulnerabilities/CVE-2021-37714 |
| High | CVE-2020-25649 | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.3 | https://app.soos.io/research/vulnerabilities/CVE-2020-25649 |
| High | CVE-2022-42004 | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.3 | https://app.soos.io/research/vulnerabilities/CVE-2022-42004 |
| Medium | CVE-2021-31811 | pkg:maven/org.apache.pdfbox/pdfbox@2.0.1|pkg:maven/org.apache.pdfbox/pdfbox@2.0.19 | https://app.soos.io/research/vulnerabilities/CVE-2021-31811 |
| Medium | CVE-2020-26258 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2020-26258 |
| High | CVE-2022-45688 | pkg:maven/org.json/json@20140107 | https://app.soos.io/research/vulnerabilities/CVE-2022-45688 |
| High | CVE-2021-39149 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39149 |
| Medium | CVE-2021-45105 | pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-45105 |
| High | CVE-2024-47072 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2024-47072 |
| High | CVE-2025-27553 | pkg:maven/org.apache.commons/commons-vfs2@2.2|pkg:maven/org.apache.commons/commons-vfs2@2.0 | https://app.soos.io/research/vulnerabilities/CVE-2025-27553 |
| High | CVE-2021-39151 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39151 |
| Medium | CVE-2022-40152 | pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2022-40152 |
| Critical | CVE-2017-1000487 | pkg:maven/org.codehaus.plexus/plexus-utils@1.5.6 | https://app.soos.io/research/vulnerabilities/CVE-2017-1000487 |
| Medium | CVE-2018-1324 | pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2018-1324 |
| Medium | CVE-2021-21345 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21345 |
| High | CVE-2022-25647 | pkg:maven/com.google.code.gson/gson@2.2.4|pkg:maven/com.google.code.gson/gson@2.8.6|pkg:maven/com.google.code.gson/gson@2.6.1|pkg:maven/com.google.code.gson/gson@2.6.2 | https://app.soos.io/research/vulnerabilities/CVE-2022-25647 |
| Medium | CVE-2015-6748 | pkg:maven/org.jsoup/jsoup@1.7.2 | https://app.soos.io/research/vulnerabilities/CVE-2015-6748 |
| Medium | CVE-2021-21349 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-21349 |
| High | CVE-2020-36518 | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.3 | https://app.soos.io/research/vulnerabilities/CVE-2020-36518 |
| High | CVE-2020-26217 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2020-26217 |
| Medium | CVE-2022-36033 | pkg:maven/org.jsoup/jsoup@1.13.1|pkg:maven/org.jsoup/jsoup@1.7.2 | https://app.soos.io/research/vulnerabilities/CVE-2022-36033 |
| Medium | CVE-2018-11797 | pkg:maven/org.apache.pdfbox/pdfbox@2.0.1 | https://app.soos.io/research/vulnerabilities/CVE-2018-11797 |
| Medium | CVE-2021-22570 | pkg:maven/com.google.protobuf/protobuf-java@2.5.0|pkg:maven/com.google.protobuf/protobuf-java@3.11.4 | https://app.soos.io/research/vulnerabilities/CVE-2021-22570 |
| High | CVE-2016-8739 | pkg:maven/org.apache.cxf/cxf-core@3.0.3 | https://app.soos.io/research/vulnerabilities/CVE-2016-8739 |
| High | CVE-2021-39146 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39146 |
| Medium | CVE-2025-23184 | pkg:maven/org.apache.cxf/cxf-core@3.0.3|pkg:maven/org.apache.cxf/cxf-core@3.3.6 | https://app.soos.io/research/vulnerabilities/CVE-2025-23184 |
| High | CVE-2018-1335 | pkg:maven/org.apache.tika/tika-core@1.13|pkg:maven/org.apache.tika/tika-core@1.12 | https://app.soos.io/research/vulnerabilities/CVE-2018-1335 |
| Critical | CVE-2019-17571 | pkg:maven/log4j/log4j@1.2.17|pkg:maven/log4j/log4j@1.2.9 | https://app.soos.io/research/vulnerabilities/CVE-2019-17571 |
| Medium | CVE-2022-4245 | pkg:maven/org.codehaus.plexus/plexus-utils@1.5.6 | https://app.soos.io/research/vulnerabilities/CVE-2022-4245 |
| Medium | CVE-2021-36373 | pkg:maven/org.apache.ant/ant@1.7.0 | https://app.soos.io/research/vulnerabilities/CVE-2021-36373 |
| High | CVE-2021-35517 | pkg:maven/org.apache.commons/commons-compress@1.20|pkg:maven/org.apache.commons/commons-compress@1.11 | https://app.soos.io/research/vulnerabilities/CVE-2021-35517 |
| High | CVE-2022-42003 | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.3 | https://app.soos.io/research/vulnerabilities/CVE-2022-42003 |
| High | CVE-2021-39139 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39139 |
| High | CVE-2021-39144 | pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 | https://app.soos.io/research/vulnerabilities/CVE-2021-39144 |
The following open source software and/or 3rd-party software vulnerabilities may be introduced in, or distributed with, ACME Medical - Bedside Monitor - SBOM Scan. This document was generated on 2025-06-06T20:18:44Z by SOOS for GEHC. This data was collected from a SBOM scan which occurred on 2025-06-05T19:01:59Z. Information presented in this document relevant to open source software and/or 3rd-party software vulnerabilities or their vendors was collected using common and reasonable means.