PkgRadar

Maven · repo1.maven.org

com.vaimee:sepa-client-api

Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.

Why PkgRadar flagged 1.0.23

SeveritySignalEvidence
mediumJava Unsafe DeserializeObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/vaimee/sepa/api/commons/security/Credentials.java

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.23Review202026-06-11
1.0.22Review202026-06-11

Block this in CI

PkgRadar gates com.vaimee:sepa-client-api (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.vaimee:[email protected]
Start free — 25 scans / moView full evidence