GCVE - cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*

part: a version: * update: *

Vendor	Owasp (`b778b703-6f88-5eeb-b966-330b456a6d00`)
Product	Dependency Check (`f64e42cd-18e0-5afa-a673-cbcdcbf8ca9d`)
Edition	*
Language	*
Software edition	*
Target software	maven
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/owasp/dependency-check`	purl2cpe	2026-06-01 10:12:07.093599
`pkg:github/jeremylong/dependencycheck`	purl2cpe	2026-06-01 10:12:07.093601
`pkg:maven/org.owasp/dependency-check-parent`	purl2cpe	2026-06-01 10:12:07.093603

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-23686`	vulnerable	2026-06-03 14:55:04.375719	DependencyCheck Debug Mode Logging of NVD API Key DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. Published: 2024-01-19T21:12:13.288Z Updated: 2025-11-29T01:29:30.178Z Open on db.gcve.eu Reference links https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.