PkgRadar

Maven · repo1.maven.org

org.teavm:teavm-c-incremental

Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.

Why PkgRadar flagged 0.15.0

SeveritySignalEvidence
mediumJava Dynamic ClassloadURLClassLoader / defineClass — runs attacker-provided bytecode. · org/teavm/tooling/c/incremental/IncrementalCBuilder.java
mediumJava Process SpawnRuntime.exec / ProcessBuilder — process spawning. · org/teavm/tooling/c/incremental/IncrementalCBuilder.java

Scanned versions

VersionVerdictScoreScanned (UTC)
0.15.0Review242026-06-14

Block this in CI

PkgRadar gates org.teavm:teavm-c-incremental (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven org.teavm:[email protected]
Start free — 25 scans / moView full evidence