Maven · repo1.maven.org

com.github.kwart.jsign:jsignpdf

Shell Credential File Read

Why PkgRadar flagged 3.1.0-RC-1

Severity	Signal	Evidence
high	Shell Credential File Read	net/sf/jsignpdf/SignPdfForm.java

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.1.0-RC-1`	High risk	45	2026-06-23
`3.1.0-BETA-6`	Low risk	0	2026-06-22
`3.1.0-BETA-5`	Low risk	0	2026-06-16
`3.1.0-BETA-4`	Low risk	0	2026-06-15

Block this in CI

PkgRadar gates com.github.kwart.jsign:jsignpdf (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.github.kwart.jsign:[email protected]