^.*$
CVE-2018-1000840
^.*$
CVE-2015-2808
^.*$
CVE-2013-2566
^.*$
CVE-2015-9097
^javax\.servlet\.jsp:javax\.servlet\.jsp-api:.*$
CVE-2011-5035
^javax\.validation:validation-api:.*$
CVE-2013-4499
^mysql:mysql-connector-java:.*$
.*
Jetty is currently only used for developer experimentations
^org\.eclipse\.jetty:.*$
cpe:/a:org.eclipse.jetty:
^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$
CVE-2017-14867
^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$
CVE-2015-7545
^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$
CVE-2015-7082
^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$
CVE-2010-2542
^org\.mariadb\.jdbc:mariadb-java-client:.*$
cpe:/a:mariadb:mariadb
^org\.springframework\.ldap:spring-ldap-core:.*$
CVE-2014-6232
^org\.apache\.tomcat:tomcat-annotations-api:.*$
CVE-2017-6056
^org\.apache\.tomcat:tomcat-annotations-api:.*$
CVE-2016-6325
^org\.apache\.tomcat:tomcat-annotations-api:.*$
CVE-2016-5425
^org\.eclipse\.jetty\..*$
cpe:/a:mortbay_jetty:jetty
^org\.postgresql:postgresql:.*$
CVE-2017-8806
^org\.postgresql:postgresql:.*$
CVE-2017-14798
Does not affect the postgres client
^org\.postgresql:postgresql:.*$
CVE-2018-1115
Does not affect the postgres client
^org\.postgresql:postgresql:.*$
CVE-2016-7048
This is for nodejs
^org\.mariadb\.jdbc:mariadb-java-client:.*$
CVE-2017-16046
^stax.*$
CVE-2017-16224
^javax\.xml\.stream:stax.*$
CVE-2017-16224
.*slf4j.*
CVE-2018-8088
.*spring.*
CVE-2018-1258
This is for an unrelated C library
^com\.sun\.xml\.bind\.external:relaxng-datatype:.*
CVE-2018-18749
False positive for jflac-codec
.*jflac-codec.*
CVE-2018-14948
We do not enable default typing for jackson
.*jackson-databind.*
CVE-2019-12814
We do not use the liquibase sdk
.*liquibase/sdk/.*
9.0
False positive for tomcat vuln in eclipse jetty/jasper compat lib
^org\.mortbay\.jasper:apache-jsp:.*$
CVE-2016-5425
False positive for tomcat vuln in eclipse jetty/jasper compat lib
^org\.mortbay\.jasper:apache-jsp:.*$
CVE-2017-6056
False positive for tomcat vuln in eclipse jetty/jasper compat lib
^org\.mortbay\.jasper:apache-jsp:.*$
CVE-2019-10072
This cve is for apache standard taglibs before 1.2.3. However jstl:1.2 is a separate PROVIDED lib
^javax\.servlet:jstl:.*$
CVE-2015-0254
We do not enable default typing for jackson
.*jackson-databind.*
CVE-2019-14379