PkgRadar

Maven · repo1.maven.org

com.vaadin:vaadin-cdi

Java Jndi Lookup: JNDI / Naming.lookup — remote class-loading primitive (Log4Shell family).

Why PkgRadar flagged 16.1.0-beta1

SeveritySignalEvidence
mediumJava Jndi LookupJNDI / Naming.lookup — remote class-loading primitive (Log4Shell family). · com/vaadin/cdi/util/BeanManagerProvider.java

Scanned versions

VersionVerdictScoreScanned (UTC)
16.1.0-beta1Review252026-06-12

Block this in CI

PkgRadar gates com.vaadin:vaadin-cdi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.vaadin:[email protected]
Start free — 25 scans / moView full evidence
com.vaadin:vaadin-cdi — Maven security scan | PkgRadar