{"id":363070,"url":"https://github.com/x-stream/xstream","last_synced_at":"2026-06-20T11:30:22.682Z","repository":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2026-06-01T22:06:05.000Z","size":21659,"stargazers_count":757,"open_issues_count":43,"forks_count":242,"subscribers_count":48,"default_branch":"master","last_synced_at":"2026-06-08T00:07:04.840Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2026-06-07T02:29:30.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"d2af3864-daa8-46a7-a7a1-5432fc334cb2","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34176007,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"packages":[{"id":4779621,"name":"com.thoughtworks.xstream:xstream-hibernate","ecosystem":"maven","description":"XStream extension for Hibernate 3/4 to untie Java objects from Hibernate.","homepage":"http://x-stream.github.io","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/x-stream/xstream","keywords_array":[],"namespace":"com.thoughtworks.xstream","versions_count":23,"first_release_published_at":"2011-08-06T00:33:39.000Z","latest_release_published_at":"2024-11-07T19:15:26.000Z","latest_release_number":"1.4.21","last_synced_at":"2026-06-17T13:47:52.650Z","created_at":"2022-07-26T11:12:22.971Z","updated_at":"2026-06-17T13:47:52.650Z","registry_url":"https://central.sonatype.com/artifact/com.thoughtworks.xstream/xstream-hibernate/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.thoughtworks.xstream/xstream-hibernate/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2026-02-01T23:30:35.000Z","size":21767,"stargazers_count":756,"open_issues_count":29,"forks_count":237,"subscribers_count":48,"default_branch":"master","last_synced_at":"2026-02-03T03:08:30.843Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2026-02-01T23:30:38.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"d2af3864-daa8-46a7-a7a1-5432fc334cb2","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29062493,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T23:14:54.203Z","status":"ssl_error","status_checked_at":"2026-02-03T23:14:50.873Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"tags":[{"name":"XSTREAM_1_4_21","sha":"e62d2eeea1a627e85caef287e76a9c09078c1798","kind":"tag","published_at":"2024-11-07T18:55:52.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_21","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21/manifests"},{"name":"XSTREAM_1_4_20","sha":"f124f777fb8831430f930816a9e18813788c69cb","kind":"tag","published_at":"2022-12-23T23:13:31.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_20","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20/manifests"},{"name":"XSTREAM_1_4_19","sha":"61a00fa225dc99488013869b57b772af8e2fea03","kind":"tag","published_at":"2022-01-29T16:46:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_19","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19/manifests"},{"name":"XSTREAM_1_4_18","sha":"b9ad1c02724c2b1636a8794c8e1bcd630f46c0b3","kind":"tag","published_at":"2021-08-22T11:57:46.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_18","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18/manifests"},{"name":"XSTREAM_1_4_17","sha":"25eaa5034fca7a492605936ea880132c98bec237","kind":"tag","published_at":"2021-05-14T08:20:10.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_17","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17/manifests"},{"name":"XSTREAM_1_4_16","sha":"3dd9cc610199802e4f13bd49b02a9f99adaba145","kind":"tag","published_at":"2021-03-12T23:22:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_16","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16/manifests"},{"name":"XSTREAM_1_4_15","sha":"f04bbec461f2c2a6f1e2cf41770f42c64aae24a4","kind":"tag","published_at":"2020-12-12T23:21:56.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_15","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15/manifests"},{"name":"XSTREAM_1_4_14","sha":"b9f6f5924681f1d37484df4197712bb768f7ec44","kind":"tag","published_at":"2020-11-15T23:01:08.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_14","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14/manifests"},{"name":"XSTREAM_1_4_13","sha":"cba30d7f75cb0f7e2fd66c03989e51f7c8521232","kind":"tag","published_at":"2020-09-06T21:41:27.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_13","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13/manifests"},{"name":"XSTREAM_1_4_12","sha":"6ec37c8d0129ce73d3264958d1deb38eeb08eea5","kind":"tag","published_at":"2020-04-12T17:16:29.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_12","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12/manifests"},{"name":"XSTREAM_1_4_11_1","sha":"54529d8561c7fc959c8c394c0526bf45cc0c1528","kind":"tag","published_at":"2018-10-26T19:03:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1/manifests"},{"name":"XSTREAM_1_4_11","sha":"807e21fb3ec55061b3becb835df10b0d20279f11","kind":"tag","published_at":"2018-10-22T20:05:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11/manifests"},{"name":"XSTREAM_1_4_10","sha":"4d9499729007ef6090a9989db60099c72f8eb983","kind":"tag","published_at":"2017-05-23T14:27:07.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_10","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10/manifests"},{"name":"XSTREAM_1_4_9","sha":"f66bbea1b383e705988abf8d06ea9782a73f24d4","kind":"tag","published_at":"2016-03-15T23:09:45.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_9","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9/manifests"},{"name":"XSTREAM_1_4_7","sha":"6acae3f1c9a6ab94e78d0bb0e39429c120fcd718","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_7","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7/manifests"},{"name":"XSTREAM_1_4_6","sha":"768c6e417a75e7732fc591bee844e5e81af56a7d","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6/manifests"},{"name":"XSTREAM_1_4_5","sha":"6263a53e8b8c4d1b092a32fa1abcadb6acfce45b","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5/manifests"},{"name":"XSTREAM_1_4_4","sha":"c4c71226515fa42809a48d9ae702756e2831f379","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4/manifests"},{"name":"XSTREAM_1_4_3","sha":"1b7a2f6cac924bed53b876a2d10aff69aff46b51","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3/manifests"},{"name":"XSTREAM_1_4_2","sha":"852891a5ebe48b0302ccff8b25d02df4cb7fd056","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2/manifests"},{"name":"XSTREAM_1_4_1","sha":"5b97cd3e49b65df1de6b601f9b3a8373ef523428","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1/manifests"},{"name":"XSTREAM_1_4","sha":"4b5fb281ce97d021e23c302099f571042e00e9f3","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4/manifests"},{"name":"XSTREAM_1_3_1","sha":"ff23674bfa2d25b56c826e488df9e41a3fa99cec","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1/manifests"},{"name":"XSTREAM_1_3","sha":"94fcafc045f3b7b9a969c7d5cc6ad5eaa43fcb1a","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3/manifests"},{"name":"XSTREAM_1_2_2","sha":"2c2109f23be2c7094cb20da06d1cf8ae767ca1b3","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2/manifests"},{"name":"XSTREAM_1_2_1","sha":"de03e6dced96663a579575dcbb71b3ca9576e173","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1/manifests"},{"name":"XSTREAM_1_2","sha":"cf2ecd483d39f0eca8f98ec4f2bccb273d5c3538","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2/manifests"},{"name":"XSTREAM_1_1_3","sha":"92acd5f00520a1885e5b6f627102ab0a455daa1f","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3/manifests"},{"name":"XSTREAM_1_1_2","sha":"7ed86c98735a02d25caf8bb7a6532fcb3390e92e","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2/manifests"},{"name":"XSTREAM_1_1_1","sha":"afda6dede96f611ac6485ed53280bfee292f5692","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1/manifests"},{"name":"XSTREAM_1_1","sha":"be610b807efda705f45d12a5d6090bf844fcdfff","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1/manifests"},{"name":"XSTREAM_1_0_2","sha":"8e0dbbdbc462da0bd459e28381ac76bf7c6bc8ee","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2/manifests"},{"name":"XSTREAM_1_0_1","sha":"c1bb7484d85ca2290cf16097e394434391307673","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1/manifests"},{"name":"XSTREAM_1_0_RC1","sha":"161829e174498b6003cf8221da5d470afca05649","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1/manifests"},{"name":"XSTREAM_0_6","sha":"6ce6678e233dbb02d46bc87ee4ea15876c1b8365","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6/manifests"},{"name":"XSTREAM_0_6_RC1","sha":"62c22adf2104bfe531b80b46b468d29b46aabfbb","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1/manifests"},{"name":"XSTREAM_0_5","sha":"b116b47b2a9b7f9b68fedf8c40daf98b077660b4","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5/manifests"},{"name":"XSTREAM_0_4","sha":"65f1fb83154b67ae417637d0b674e278c7e5f8fe","kind":"tag","published_at":"2015-03-14T23:20:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4/manifests"},{"name":"XSTREAM_0_3","sha":"8f16b1e3bcd8a9611aa3ad39804aba1ff6736362","kind":"tag","published_at":"2015-03-14T23:12:16.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3/manifests"},{"name":"XSTREAM_0_2","sha":"0522415786058bd64f4d05c31b31b8fae83bc31c","kind":"tag","published_at":"2015-03-14T23:10:48.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2/manifests"},{"name":"XSTREAM_1_4_8","sha":"da0f1b833c27ffe37257d39400029b50757d4ff0","kind":"tag","published_at":"2015-03-14T23:02:50.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_8","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8/manifests"}]},"repo_metadata_updated_at":"2026-05-25T16:24:57.532Z","dependent_packages_count":9,"downloads":null,"downloads_period":null,"dependent_repos_count":92,"rankings":{"downloads":null,"dependent_repos_count":2.0588853627526555,"dependent_packages_count":6.7064441530098415,"stargazers_count":13.52060787474096,"forks_count":13.157404719238356,"docker_downloads_count":1.1240476929391625,"average":7.313477960536195},"purl":"pkg:maven/com.thoughtworks.xstream/xstream-hibernate","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-hibernate","docker_dependents_count":29,"docker_downloads_count":7282445,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-hibernate","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.thoughtworks.xstream:xstream-hibernate/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-02-03T00:09:43.740Z","issues_count":101,"pull_requests_count":73,"avg_time_to_close_issue":4904713.214285715,"avg_time_to_close_pull_request":18438624.69354839,"issues_closed_count":84,"pull_requests_closed_count":62,"pull_request_authors_count":30,"issue_authors_count":91,"avg_comments_per_issue":4.316831683168317,"avg_comments_per_pull_request":1.7808219178082192,"merged_pull_requests_count":28,"bot_issues_count":0,"bot_pull_requests_count":29,"past_year_issues_count":4,"past_year_pull_requests_count":35,"past_year_avg_time_to_close_issue":4767002.0,"past_year_avg_time_to_close_pull_request":1629255.03125,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":32,"past_year_pull_request_authors_count":5,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":4.75,"past_year_avg_comments_per_pull_request":0.5142857142857142,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":29,"past_year_merged_pull_requests_count":25,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-hibernate/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-hibernate/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-hibernate/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-hibernate/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-hibernate/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-hibernate/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},{"id":4779663,"name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","description":"XStream is a serialization library from Java objects to XML and back.","homepage":"http://x-stream.github.io","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/x-stream/xstream","keywords_array":[],"namespace":"com.thoughtworks.xstream","versions_count":41,"first_release_published_at":"2006-08-18T09:59:54.000Z","latest_release_published_at":"2024-11-07T19:15:09.000Z","latest_release_number":"1.4.21","last_synced_at":"2026-06-18T21:13:50.436Z","created_at":"2022-07-26T11:12:35.938Z","updated_at":"2026-06-19T08:13:12.799Z","registry_url":"https://central.sonatype.com/artifact/com.thoughtworks.xstream/xstream/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.thoughtworks.xstream/xstream/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2025-11-13T23:12:43.000Z","size":21758,"stargazers_count":754,"open_issues_count":36,"forks_count":238,"subscribers_count":48,"default_branch":"master","last_synced_at":"2025-11-18T03:02:35.778Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2025-11-17T05:49:08.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"8e2ca63a-0042-44c9-b521-077bcf5f1ba4","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284993972,"owners_count":27096840,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-18T02:00:05.759Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-04-27T22:13:54.549Z","dependent_packages_count":1882,"downloads":null,"downloads_period":null,"dependent_repos_count":25482,"rankings":{"downloads":null,"dependent_repos_count":0.03664067114497092,"dependent_packages_count":0.03844267136521539,"stargazers_count":13.52060787474096,"forks_count":13.157404719238356,"docker_downloads_count":0.044649561012724125,"average":5.359549099500446},"purl":"pkg:maven/com.thoughtworks.xstream/xstream","advisories":[{"uuid":"GSA_kwCzR0hTQS1oZnE5LWhnZ20tYzU2cc4ABBEZ","url":"https://github.com/advisories/GHSA-hfq9-hggm-c56q","title":"XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream","description":"### Impact\nThe vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver.\n\n### Patches\nXStream 1.4.21 detects the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead.\n\n### Workarounds\nThe only solution is to catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2024-47072](https://x-stream.github.io/CVE-2024-47072.html).\n\n### Credits\nAlexis Challande of Trail Of Bits found and reported the issue to XStream and provided the required information to reproduce it.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-11-07T21:51:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q","https://github.com/x-stream/xstream/commit/bb838ce2269cac47433e31c77b2b236466e9f266","https://github.com/x-stream/xstream/commit/fdd9f7d3de0d7ccf2f9979bcd09fbf3e6a0c881a","https://x-stream.github.io/CVE-2024-47072.html","https://nvd.nist.gov/vuln/detail/CVE-2024-47072","https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html","https://github.com/advisories/GHSA-hfq9-hggm-c56q"],"source_kind":"github","identifiers":["GHSA-hfq9-hggm-c56q","CVE-2024-47072"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":33.927998037582284,"created_at":"2024-11-07T22:06:53.914Z","updated_at":"2026-06-01T17:04:49.840Z","epss_percentage":0.00261,"epss_percentile":0.49576,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZnE5LWhnZ20tYzU2cc4ABBEZ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oZnE5LWhnZ20tYzU2cc4ABBEZ","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.21","vulnerable_version_range":"\u003c 1.4.21"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZnE5LWhnZ20tYzU2cc4ABBEZ/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj","url":"https://github.com/advisories/GHSA-f8cc-g7j8-xxpm","title":"XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow","description":"### Impact\nThe vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.\n\n### Patches\nXStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.\n\n### Workarounds\nThe only solution is to catch the StackOverflowError in the client code calling XStream.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2022-40151](https://x-stream.github.io/CVE-2022-40151.html).\n\n### Credits\nThe vulnerability was discovered and reported by Henry Lin of the Google OSS-Fuzz team.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-12-30T16:58:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm","https://nvd.nist.gov/vuln/detail/CVE-2022-40151","https://github.com/x-stream/xstream/issues/304","https://github.com/x-stream/xstream/issues/314","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367","https://x-stream.github.io/CVE-2022-40151.html","https://github.com/advisories/GHSA-f8cc-g7j8-xxpm"],"source_kind":"github","identifiers":["GHSA-f8cc-g7j8-xxpm","CVE-2022-40151"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-30T17:09:53.270Z","updated_at":"2026-06-18T16:10:33.517Z","epss_percentage":0.00258,"epss_percentile":0.49508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.20","vulnerable_version_range":"\u003c 1.4.20"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qNTYzLWdyeDQtcGpwds4AAwpk","url":"https://github.com/advisories/GHSA-j563-grx4-pjpv","title":"XStream can cause Denial of Service via stack overflow","description":"### Impact\nThe vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.\n\n### Patches\nXStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.\n\n### Workarounds\nThe attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. Following types of the Java runtime are affected:\n\n- java.util.HashMap\n- java.util.HashSet\n- java.util.Hashtable\n- java.util.LinkedHashMap\n- java.util.LinkedHashSet\n- Other third party collection implementations that use their element's hash code may also be affected\n\nA simple solution is to catch the StackOverflowError in the client code calling XStream.\n\nIf your object graph does not use referenced elements at all, you may simply set the NO_REFERENCE mode:\n```Java\nXStream xstream = new XStream();\nxstream.setMode(XStream.NO_REFERENCES);\n```\n\nIf your object graph contains neither a Hashtable, HashMap nor a HashSet (or one of the linked variants of it) then you can use the security framework to deny the usage of these types:\n```Java\nXStream xstream = new XStream();\nxstream.denyTypes(new Class[]{\n java.util.HashMap.class, java.util.HashSet.class, java.util.Hashtable.class, java.util.LinkedHashMap.class, java.util.LinkedHashSet.class\n});\n```\n\nUnfortunately these types are very common. If you only use HashMap or HashSet and your XML refers these only as default map or set, you may additionally change the default implementation of java.util.Map and java.util.Set at unmarshalling time::\n```Java\nxstream.addDefaultImplementation(java.util.TreeMap.class, java.util.Map.class);\nxstream.addDefaultImplementation(java.util.TreeSet.class, java.util.Set.class);\n```\nHowever, this implies that your application does not care about the implementation of the map and all elements are comparable.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2022-41966](https://x-stream.github.io/CVE-2022-41966.html).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-12-29T01:48:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv","https://nvd.nist.gov/vuln/detail/CVE-2022-41966","https://x-stream.github.io/CVE-2022-41966.html","https://github.com/advisories/GHSA-j563-grx4-pjpv"],"source_kind":"github","identifiers":["GHSA-j563-grx4-pjpv","CVE-2022-41966"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-29T02:03:03.231Z","updated_at":"2026-06-09T13:09:56.565Z","epss_percentage":0.02686,"epss_percentile":0.86152,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNTYzLWdyeDQtcGpwds4AAwpk","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qNTYzLWdyeDQtcGpwds4AAwpk","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.20","vulnerable_version_range":"\u003c 1.4.20"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNTYzLWdyeDQtcGpwds4AAwpk/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zbXE1LWZxOWgtZ2o3as4AAu55","url":"https://github.com/advisories/GHSA-3mq5-fq9h-gj7j","title":"Duplicate Advisory: Denial of Service due to parser crash","description":"## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of [GHSA-f8cc-g7j8-xxpm](https://github.com/advisories/GHSA-f8cc-g7j8-xxpm). This link is maintained to preserve external references.\n\n## Original Description\nThose using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-09-17T00:00:41.000Z","withdrawn_at":"2023-03-03T23:04:23.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2022-40151","https://github.com/x-stream/xstream/issues/304","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367","https://github.com/x-stream/xstream/issues/314","https://github.com/advisories/GHSA-3mq5-fq9h-gj7j"],"source_kind":"github","identifiers":["GHSA-3mq5-fq9h-gj7j"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:11:50.276Z","updated_at":"2026-04-05T20:09:39.212Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zbXE1LWZxOWgtZ2o3as4AAu55","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zbXE1LWZxOWgtZ2o3as4AAu55","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 1.4.19"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zbXE1LWZxOWgtZ2o3as4AAu55/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ybXI1LWNwdjItdmdqZs0n7Q","url":"https://github.com/advisories/GHSA-rmr5-cpv2-vgjf","title":"Denial of Service by injecting highly recursive collections or maps in XStream","description":"### Impact\nThe vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream.\n\n### Patches\nXStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded.\n\n### Workarounds\nThe attack uses the hash code implementation for collections and maps to force an exponential calculation time due to highly recursive structures with in the collection or map. Following types of the Java runtime are affected in Java versions available in December 2021:\n\n- java.util.HashMap\n- java.util.HashSet\n- java.util.Hashtable\n- java.util.LinkedHashMap\n- java.util.LinkedHashSet\n- java.util.Stack (older Java revisions only)\n- java.util.Vector (older Java revisions only)\n- Other third party collection implementations that use their element's hash code may also be affected\n\nIf your object graph does not use referenced elements at all, you may simply set the NO_REFERENCE mode:\n```Java\nXStream xstream = new XStream();\nxstream.setMode(XStream.NO_REFERENCES);\n```\n\nIf your object graph contains neither a Hashtable, HashMap nor a HashSet (or one of the linked variants of it) then you can use the security framework to deny the usage of these types:\n```Java\nXStream xstream = new XStream();\nxstream.denyTypes(new Class[]{\n java.util.HashMap.class, java.util.HashSet.class, java.util.Hashtable.class, java.util.LinkedHashMap.class, java.util.LinkedHashSet.class\n});\n```\n\nUnfortunately these types are very common. If you only use HashMap or HashSet and your XML refers these only as default map or set, you may additionally change the default implementation of java.util.Map and java.util.Set at unmarshalling time::\n```Java\nxstream.addDefaultImplementation(java.util.TreeMap.class, java.util.Map.class);\nxstream.addDefaultImplementation(java.util.TreeSet.class, java.util.Set.class);\n```\nHowever, this implies that your application does not care about the implementation of the map and all elements are comparable.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-43859](https://x-stream.github.io/CVE-2021-43859.html).\n\n### Credits\nThe vulnerability was discovered and reported by r00t4dm at Cloud-Penetrating Arrow Lab.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-02-01T00:48:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf","https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846","https://x-stream.github.io/CVE-2021-43859.html","https://nvd.nist.gov/vuln/detail/CVE-2021-43859","http://www.openwall.com/lists/oss-security/2022/02/09/1","https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X","https://github.com/advisories/GHSA-rmr5-cpv2-vgjf"],"source_kind":"github","identifiers":["GHSA-rmr5-cpv2-vgjf","CVE-2021-43859"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:37.386Z","updated_at":"2026-06-19T08:11:02.499Z","epss_percentage":0.01863,"epss_percentile":0.83538,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybXI1LWNwdjItdmdqZs0n7Q","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ybXI1LWNwdjItdmdqZs0n7Q","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.19","vulnerable_version_range":"\u003c 1.4.19"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybXI1LWNwdjItdmdqZs0n7Q/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0eHgtY3E0cS1tZjQ0","url":"https://github.com/advisories/GHSA-64xx-cq4q-mf44","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below.  However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39139](https://x-stream.github.io/CVE-2021-39139.html).\n\n### Credits\nLai Han of nsfocus security team found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:48:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44","https://nvd.nist.gov/vuln/detail/CVE-2021-39139","https://x-stream.github.io/CVE-2021-39139.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-64xx-cq4q-mf44"],"source_kind":"github","identifiers":["GHSA-64xx-cq4q-mf44","CVE-2021-39139"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.603Z","updated_at":"2026-06-04T03:10:28.512Z","epss_percentage":0.00739,"epss_percentile":0.73033,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0eHgtY3E0cS1tZjQ0","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0eHgtY3E0cS1tZjQ0","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0eHgtY3E0cS1tZjQ0/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3Zjktam1nOS12eGNj","url":"https://github.com/advisories/GHSA-6wf9-jmg9-vxcc","title":"XStream can cause a Denial of Service","description":"### Impact\nThe vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39140](https://x-stream.github.io/CVE-2021-39140.html).\n\n### Credits\nThe vulnerability was discovered and reported by Lai Han of nsfocus security team.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-08-25T14:48:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc","https://nvd.nist.gov/vuln/detail/CVE-2021-39140","https://x-stream.github.io/CVE-2021-39140.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-6wf9-jmg9-vxcc"],"source_kind":"github","identifiers":["GHSA-6wf9-jmg9-vxcc","CVE-2021-39140"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.524Z","updated_at":"2026-06-04T03:10:28.511Z","epss_percentage":0.00138,"epss_percentile":0.33565,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3Zjktam1nOS12eGNj","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3Zjktam1nOS12eGNj","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3Zjktam1nOS12eGNj/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dzYtbXJqNy03NWgy","url":"https://github.com/advisories/GHSA-g5w6-mrj7-75h2","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39141](https://x-stream.github.io/CVE-2021-39141.html).\n\n### Credits\nCeclin and YXXX from the Tencent Security Response Center found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:48:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2","https://nvd.nist.gov/vuln/detail/CVE-2021-39141","https://x-stream.github.io/CVE-2021-39141.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-g5w6-mrj7-75h2"],"source_kind":"github","identifiers":["GHSA-g5w6-mrj7-75h2","CVE-2021-39141"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.475Z","updated_at":"2026-06-04T03:10:28.511Z","epss_percentage":0.83089,"epss_percentile":0.99272,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dzYtbXJqNy03NWgy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dzYtbXJqNy03NWgy","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dzYtbXJqNy03NWgy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5aDgtcGhydy1oNGZo","url":"https://github.com/advisories/GHSA-j9h8-phrw-h4fh","title":"XStream is vulnerable to a Remote Command Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39144](https://x-stream.github.io/CVE-2021-39144.html).\n\n### Credits\n\nCeclin and YXXX from the Tencent Security Response Center found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Email us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:48:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh","https://nvd.nist.gov/vuln/detail/CVE-2021-39144","https://x-stream.github.io/CVE-2021-39144.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","https://security.netapp.com/advisory/ntap-20210923-0003","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-39144","https://github.com/advisories/GHSA-j9h8-phrw-h4fh"],"source_kind":"github","identifiers":["GHSA-j9h8-phrw-h4fh","CVE-2021-39144"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.378Z","updated_at":"2026-05-04T17:10:37.774Z","epss_percentage":0.94255,"epss_percentile":0.99928,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5aDgtcGhydy1oNGZo","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5aDgtcGhydy1oNGZo","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5aDgtcGhydy1oNGZo/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcmotNTI1cC04MjZ2","url":"https://github.com/advisories/GHSA-8jrj-525p-826v","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39145](https://x-stream.github.io/CVE-2021-39145.html).\n\n### Credits\n李安诺 (Li4n0) from Alibaba Cloud Security Team and Smi1e of DBAPPSecurity WEBIN Lab found and reported the issue independently to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:48:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v","https://nvd.nist.gov/vuln/detail/CVE-2021-39145","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://security.netapp.com/advisory/ntap-20210923-0003/","https://x-stream.github.io/CVE-2021-39145.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-8jrj-525p-826v"],"source_kind":"github","identifiers":["GHSA-8jrj-525p-826v","CVE-2021-39145"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.294Z","updated_at":"2026-06-04T03:10:28.510Z","epss_percentage":0.00545,"epss_percentile":0.67903,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcmotNTI1cC04MjZ2","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcmotNTI1cC04MjZ2","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcmotNTI1cC04MjZ2/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cHEtcjg5NC1mbThm","url":"https://github.com/advisories/GHSA-p8pq-r894-fm8f","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39146](https://x-stream.github.io/CVE-2021-39146.html).\n\n### Credits\nCeclin and YXXX from the Tencent Security Response Center found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:47:57.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f","https://nvd.nist.gov/vuln/detail/CVE-2021-39146","https://x-stream.github.io/CVE-2021-39146.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-p8pq-r894-fm8f"],"source_kind":"github","identifiers":["GHSA-p8pq-r894-fm8f","CVE-2021-39146"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.188Z","updated_at":"2026-06-04T03:10:28.510Z","epss_percentage":0.50437,"epss_percentile":0.9786,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cHEtcjg5NC1mbThm","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cHEtcjg5NC1mbThm","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cHEtcjg5NC1mbThm/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3djQtN3hnMy1oeGNj","url":"https://github.com/advisories/GHSA-h7v4-7xg3-hxcc","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39147](https://x-stream.github.io/CVE-2021-39147.html).\n\n### Credits\nwh1t3p1g from TSRC (Tencent Security Response Center) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:47:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc","https://nvd.nist.gov/vuln/detail/CVE-2021-39147","https://x-stream.github.io/CVE-2021-39147.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-h7v4-7xg3-hxcc"],"source_kind":"github","identifiers":["GHSA-h7v4-7xg3-hxcc","CVE-2021-39147"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.126Z","updated_at":"2026-06-04T03:10:28.510Z","epss_percentage":0.00708,"epss_percentile":0.7252,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3djQtN3hnMy1oeGNj","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3djQtN3hnMy1oeGNj","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3djQtN3hnMy1oeGNj/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyeDgtODU0NS00d2cy","url":"https://github.com/advisories/GHSA-qrx8-8545-4wg2","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39148](https://x-stream.github.io/CVE-2021-39148.html).\n\n### Credits\nwh1t3p1g from TSRC (Tencent Security Response Center) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:47:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2","https://nvd.nist.gov/vuln/detail/CVE-2021-39148","https://x-stream.github.io/CVE-2021-39148.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-qrx8-8545-4wg2"],"source_kind":"github","identifiers":["GHSA-qrx8-8545-4wg2","CVE-2021-39148"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:51.027Z","updated_at":"2026-06-04T03:10:28.509Z","epss_percentage":0.00708,"epss_percentile":0.7252,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyeDgtODU0NS00d2cy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyeDgtODU0NS00d2cy","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyeDgtODU0NS00d2cy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjY3EtNXZ3My0ycDZ4","url":"https://github.com/advisories/GHSA-3ccq-5vw3-2p6x","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39149](https://x-stream.github.io/CVE-2021-39149.html).\n\n### Credits\nLai Han of NSFOCUS security team found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:47:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x","https://nvd.nist.gov/vuln/detail/CVE-2021-39149","https://x-stream.github.io/CVE-2021-39149.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-3ccq-5vw3-2p6x"],"source_kind":"github","identifiers":["GHSA-3ccq-5vw3-2p6x","CVE-2021-39149"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:50.929Z","updated_at":"2026-06-04T03:10:28.509Z","epss_percentage":0.00625,"epss_percentile":0.70517,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjY3EtNXZ3My0ycDZ4","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjY3EtNXZ3My0ycDZ4","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjY3EtNXZ3My0ycDZ4/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4Zm0tNW00Zy14N3hw","url":"https://github.com/advisories/GHSA-cxfm-5m4g-x7xp","title":"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","description":"### Impact\nThe vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39150](https://x-stream.github.io/CVE-2021-39150.html).\n\n### Credits\nLai Han of NSFOCUS security team found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:47:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp","https://nvd.nist.gov/vuln/detail/CVE-2021-39150","https://x-stream.github.io/CVE-2021-39150.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-cxfm-5m4g-x7xp"],"source_kind":"github","identifiers":["GHSA-cxfm-5m4g-x7xp","CVE-2021-39150"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:50.800Z","updated_at":"2026-06-04T03:10:28.508Z","epss_percentage":0.02139,"epss_percentile":0.84508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4Zm0tNW00Zy14N3hw","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4Zm0tNW00Zy14N3hw","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4Zm0tNW00Zy14N3hw/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwaDItbTNnNS14eHY0","url":"https://github.com/advisories/GHSA-hph2-m3g5-xxv4","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39151](https://x-stream.github.io/CVE-2021-39151.html).\n\n### Credits\nSmi1e of DBAPPSecurity WEBIN Lab found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:47:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4","https://nvd.nist.gov/vuln/detail/CVE-2021-39151","https://x-stream.github.io/CVE-2021-39151.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-hph2-m3g5-xxv4"],"source_kind":"github","identifiers":["GHSA-hph2-m3g5-xxv4","CVE-2021-39151"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:50.745Z","updated_at":"2026-06-04T03:10:28.508Z","epss_percentage":0.00625,"epss_percentile":0.70517,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwaDItbTNnNS14eHY0","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwaDItbTNnNS14eHY0","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwaDItbTNnNS14eHY0/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NHAtY3Jwai12angy","url":"https://github.com/advisories/GHSA-xw4p-crpj-vjx2","title":"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","description":"### Impact\nThe vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39152](https://x-stream.github.io/CVE-2021-39152.html).\n\n### Credits\nm0d9 of the Security Team of Alibaba Cloud found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:46:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2","https://nvd.nist.gov/vuln/detail/CVE-2021-39152","https://x-stream.github.io/CVE-2021-39152.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-xw4p-crpj-vjx2"],"source_kind":"github","identifiers":["GHSA-xw4p-crpj-vjx2","CVE-2021-39152"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:50.690Z","updated_at":"2026-05-04T17:10:37.769Z","epss_percentage":0.61765,"epss_percentile":0.98304,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NHAtY3Jwai12angy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NHAtY3Jwai12angy","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NHAtY3Jwai12angy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxOHgtMnA3Zi01NzR2","url":"https://github.com/advisories/GHSA-2q8x-2p7f-574v","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39153](https://x-stream.github.io/CVE-2021-39153.html).\n\n### Credits\nCeclin and YXXX from the Tencent Security Response Center found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:46:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v","https://nvd.nist.gov/vuln/detail/CVE-2021-39153","https://x-stream.github.io/CVE-2021-39153.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-2q8x-2p7f-574v"],"source_kind":"github","identifiers":["GHSA-2q8x-2p7f-574v","CVE-2021-39153"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:50.635Z","updated_at":"2026-06-04T03:10:28.507Z","epss_percentage":0.00625,"epss_percentile":0.70517,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxOHgtMnA3Zi01NzR2","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxOHgtMnA3Zi01NzR2","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxOHgtMnA3Zi01NzR2/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3NjItaHg3ci1tdzY4","url":"https://github.com/advisories/GHSA-6w62-hx7r-mw68","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nXStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-39154](https://x-stream.github.io/CVE-2021-39154.html).\n\n### Credits\nka1n4t found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T14:46:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68","https://nvd.nist.gov/vuln/detail/CVE-2021-39154","https://x-stream.github.io/CVE-2021-39154.html","https://security.netapp.com/advisory/ntap-20210923-0003/","https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/advisories/GHSA-6w62-hx7r-mw68"],"source_kind":"github","identifiers":["GHSA-6w62-hx7r-mw68","CVE-2021-39154"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:12:50.586Z","updated_at":"2026-06-04T03:10:28.507Z","epss_percentage":0.00708,"epss_percentile":0.7252,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3NjItaHg3ci1tdzY4","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3NjItaHg3ci1tdzY4","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.18","vulnerable_version_range":"\u003c 1.4.18"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3NjItaHg3ci1tdzY4/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjaHYtcnJ3Ni13NmZj","url":"https://github.com/advisories/GHSA-7chv-rrw6-w6fc","title":"XStream is vulnerable to a Remote Command Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.17.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-29505](https://x-stream.github.io/CVE-2021-29505.html).\n\n### Credits\n\nV3geB1rd, white hat hacker from Tencent Security Response Center found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Email us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-05-18T18:36:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc","https://x-stream.github.io/CVE-2021-29505.html","https://nvd.nist.gov/vuln/detail/CVE-2021-29505","https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f","https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","https://security.netapp.com/advisory/ntap-20210708-0007","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E","https://github.com/advisories/GHSA-7chv-rrw6-w6fc"],"source_kind":"github","identifiers":["GHSA-7chv-rrw6-w6fc","CVE-2021-29505"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:03.302Z","updated_at":"2026-06-04T03:10:49.402Z","epss_percentage":0.90349,"epss_percentile":0.9961,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjaHYtcnJ3Ni13NmZj","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjaHYtcnJ3Ni13NmZj","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.17","vulnerable_version_range":"\u003c 1.4.17"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjaHYtcnJ3Ni13NmZj/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj","url":"https://github.com/advisories/GHSA-hrcp-8f3q-4w2c","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21351](https://x-stream.github.io/CVE-2021-21351.html).\n\n### Credits\nwh1t3p1g G5-RD6@IIE found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:29:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21351","https://x-stream.github.io/CVE-2021-21351.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-hrcp-8f3q-4w2c"],"source_kind":"github","identifiers":["GHSA-hrcp-8f3q-4w2c","CVE-2021-21351"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.880Z","updated_at":"2026-06-04T03:11:00.786Z","epss_percentage":0.92,"epss_percentile":0.99693,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx","url":"https://github.com/advisories/GHSA-43gc-mjxg-gvrq","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21350](https://x-stream.github.io/CVE-2021-21350.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:29:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21350","https://x-stream.github.io/CVE-2021-21350.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-43gc-mjxg-gvrq"],"source_kind":"github","identifiers":["GHSA-43gc-mjxg-gvrq","CVE-2021-21350"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.889Z","updated_at":"2026-06-04T03:11:00.786Z","epss_percentage":0.08761,"epss_percentile":0.925,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2","url":"https://github.com/advisories/GHSA-f6hm-88x3-mfjv","title":"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","description":"### Impact\nThe vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21349](https://x-stream.github.io/CVE-2021-21349.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:29:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21349","https://x-stream.github.io/CVE-2021-21349.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-f6hm-88x3-mfjv"],"source_kind":"github","identifiers":["GHSA-f6hm-88x3-mfjv","CVE-2021-21349"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.898Z","updated_at":"2026-06-19T08:11:55.858Z","epss_percentage":0.06747,"epss_percentile":0.91524,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cDgtM2ZoOS00Y3Zx","url":"https://github.com/advisories/GHSA-56p8-3fh9-4cvq","title":"XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)","description":"### Impact\nThe vulnerability may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21348](https://x-stream.github.io/CVE-2021-21348.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:29:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21348","https://x-stream.github.io/CVE-2021-21348.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-56p8-3fh9-4cvq"],"source_kind":"github","identifiers":["GHSA-56p8-3fh9-4cvq","CVE-2021-21348"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.907Z","updated_at":"2026-06-04T03:11:00.787Z","epss_percentage":0.00256,"epss_percentile":0.48595,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cDgtM2ZoOS00Y3Zx","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cDgtM2ZoOS00Y3Zx","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cDgtM2ZoOS00Y3Zx/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm","url":"https://github.com/advisories/GHSA-qpfq-ph7r-qv6f","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21347](https://x-stream.github.io/CVE-2021-21347.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:29:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21347","https://x-stream.github.io/CVE-2021-21347.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-qpfq-ph7r-qv6f"],"source_kind":"github","identifiers":["GHSA-qpfq-ph7r-qv6f","CVE-2021-21347"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.917Z","updated_at":"2026-06-19T08:11:55.858Z","epss_percentage":0.03287,"epss_percentile":0.87525,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy","url":"https://github.com/advisories/GHSA-4hrm-m67v-5cxr","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21346](https://x-stream.github.io/CVE-2021-21346.html).\n\n### Credits\nwh1t3p1g G5-RD6@IIE found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:28:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21346","https://x-stream.github.io/CVE-2021-21346.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-4hrm-m67v-5cxr"],"source_kind":"github","identifiers":["GHSA-4hrm-m67v-5cxr","CVE-2021-21346"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.925Z","updated_at":"2026-06-04T03:11:00.788Z","epss_percentage":0.03665,"epss_percentile":0.87788,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cGMtOHhxdi1qdmo0","url":"https://github.com/advisories/GHSA-hwpc-8xqv-jvj4","title":"XStream is vulnerable to a Remote Command Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21345](https://x-stream.github.io/CVE-2021-21345.html).\n\n### Credits\n钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:28:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21345","https://x-stream.github.io/CVE-2021-21345.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-hwpc-8xqv-jvj4"],"source_kind":"github","identifiers":["GHSA-hwpc-8xqv-jvj4","CVE-2021-21345"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.934Z","updated_at":"2026-06-19T08:11:55.859Z","epss_percentage":0.86558,"epss_percentile":0.99436,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cGMtOHhxdi1qdmo0","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cGMtOHhxdi1qdmo0","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cGMtOHhxdi1qdmo0/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5anctanFmNC0zd3Ez","url":"https://github.com/advisories/GHSA-59jw-jqf4-3wq3","title":"XStream is vulnerable to an Arbitrary Code Execution attack","description":"### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21344](https://x-stream.github.io/CVE-2021-21344.html).\n\n### Credits\n钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:28:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21344","https://x-stream.github.io/CVE-2021-21344.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-59jw-jqf4-3wq3"],"source_kind":"github","identifiers":["GHSA-59jw-jqf4-3wq3","CVE-2021-21344"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.944Z","updated_at":"2026-06-04T03:11:00.789Z","epss_percentage":0.30602,"epss_percentile":0.96667,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5anctanFmNC0zd3Ez","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5anctanFmNC0zd3Ez","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5anctanFmNC0zd3Ez/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm","url":"https://github.com/advisories/GHSA-74cv-f58x-f9wf","title":"XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights","description":"### Impact\nThe processed stream at unmarshalling time contains type information to recreate the formerly written objects.  XStream creates therefore new instances based on these type information.  An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21343](https://x-stream.github.io/CVE-2021-21343.html).\n\n### Credits\n钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:28:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21343","https://x-stream.github.io/CVE-2021-21343.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-74cv-f58x-f9wf"],"source_kind":"github","identifiers":["GHSA-74cv-f58x-f9wf","CVE-2021-21343"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.952Z","updated_at":"2026-06-04T03:11:00.789Z","epss_percentage":0.00623,"epss_percentile":0.7051,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2djgtMzM2Zy1yeDNt","url":"https://github.com/advisories/GHSA-hvv8-336g-rx3m","title":"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","description":"### Impact\nThe processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information.  An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21342](https://x-stream.github.io/CVE-2021-21342.html).\n\n### Credits\n钟潦贵 (Liaogui Zhong) found and reported the issue to XStream and provided the required information to reproduce it.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T23:28:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m","https://x-stream.github.io/CVE-2021-21342.html","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21342","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-hvv8-336g-rx3m"],"source_kind":"github","identifiers":["GHSA-hvv8-336g-rx3m","CVE-2021-21342"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.971Z","updated_at":"2026-06-04T03:11:00.790Z","epss_percentage":0.00869,"epss_percentile":0.75506,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2djgtMzM2Zy1yeDNt","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2djgtMzM2Zy1yeDNt","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2djgtMzM2Zy1yeDNt/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho","url":"https://github.com/advisories/GHSA-2p3x-qw9c-25hh","title":"XStream can cause a Denial of Service.","description":"### Impact\nThe vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2021-21341](https://x-stream.github.io/CVE-2021-21341.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-03-22T23:27:51.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh","https://x-stream.github.io/security.html#workaround","http://x-stream.github.io/changes.html#1.4.16","https://nvd.nist.gov/vuln/detail/CVE-2021-21341","https://x-stream.github.io/CVE-2021-21341.html","https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html","https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E","https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E","https://security.netapp.com/advisory/ntap-20210430-0002/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://www.debian.org/security/2021/dsa-5004","https://www.oracle.com/security-alerts/cpujan2022.html","https://github.com/advisories/GHSA-2p3x-qw9c-25hh"],"source_kind":"github","identifiers":["GHSA-2p3x-qw9c-25hh","CVE-2021-21341"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:09.962Z","updated_at":"2026-06-19T08:11:55.860Z","epss_percentage":0.302,"epss_percentile":0.96788,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.16","vulnerable_version_range":"\u003c 1.4.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2gtd3hwdy04cDI4","url":"https://github.com/advisories/GHSA-4cch-wxpw-8p28","title":"Server-Side Forgery Request can be activated unmarshalling with XStream","description":"### Impact\nThe vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.15.\n\n### Workarounds\nThe reported vulnerability does not exist running Java 15 or higher.\n\nNo user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability.\n\nUsers of XStream 1.4.14 or below who still insist to use XStream default blacklist - despite that clear recommendation - can use a workaround depending on their version in use.\n\nUsers of XStream 1.4.14 can simply add two lines to XStream's setup code:\n```Java\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n```\n\nUsers of XStream 1.4.14 to 1.4.13 can simply add three lines to XStream's setup code:\n```Java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n```\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a black list will have to setup such a list from scratch and deny at least the following types: _javax.imageio.ImageIO$ContainsFilter_, _java.beans.EventHandler_, _java.lang.ProcessBuilder_, _jdk.nashorn.internal.objects.NativeString.class_, _java.lang.Void_ and _void_ and deny several types by name pattern.\n```Java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, \"jdk.nashorn.internal.objects.NativeString\", java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n```\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n```Java\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n        || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n        || type == java.lang.Void.class || void.class || Proxy.isProxy(type))\n        || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);\n```\n \n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2020-12-21T16:28:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28","https://nvd.nist.gov/vuln/detail/CVE-2020-26258","https://x-stream.github.io/CVE-2020-26258.html","https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34@%3Ccommits.struts.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00042.html","https://www.debian.org/security/2021/dsa-4828","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","https://security.netapp.com/advisory/ntap-20210409-0005","https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34%40%3Ccommits.struts.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","https://github.com/advisories/GHSA-4cch-wxpw-8p28"],"source_kind":"github","identifiers":["GHSA-4cch-wxpw-8p28","CVE-2020-26258"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:12.403Z","updated_at":"2026-06-04T03:11:03.665Z","epss_percentage":0.9368,"epss_percentile":0.99834,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2gtd3hwdy04cDI4","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2gtd3hwdy04cDI4","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.15","vulnerable_version_range":"\u003c 1.4.15"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2gtd3hwdy04cDI4/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdngtN3dyeC00M2Zo","url":"https://github.com/advisories/GHSA-jfvx-7wrx-43fh","title":"XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling","description":"### Impact\nThe vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.15.\n\n### Workarounds\nThe reported vulnerability does only exist with a JAX-WS runtime on the classpath.\n\nNo user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability.\n\nUsers of XStream 1.4.14 or below who still insist to use XStream default blacklist - despite that clear recommendation - can use a workaround depending on their version in use.\n\nUsers of XStream 1.4.14 can simply add two lines to XStream's setup code:\n```Java\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n```\n\nUsers of XStream 1.4.14 to 1.4.13 can simply add three lines to XStream's setup code:\n```Java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n```\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a black list will have to setup such a list from scratch and deny at least the following types: _javax.imageio.ImageIO$ContainsFilter_, _java.beans.EventHandler_, _java.lang.ProcessBuilder_, _jdk.nashorn.internal.objects.NativeString.class_, _java.lang.Void_ and _void_ and deny several types by name pattern.\n```Java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, \"jdk.nashorn.internal.objects.NativeString\", java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n```\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n```Java\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n        || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n        || type == java.lang.Void.class || void.class || Proxy.isProxy(type))\n        || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);\n```\n  \n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2020-12-21T16:28:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh","https://nvd.nist.gov/vuln/detail/CVE-2020-26259","https://x-stream.github.io/CVE-2020-26259.html","https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34@%3Ccommits.struts.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00042.html","https://www.debian.org/security/2021/dsa-4828","https://security.netapp.com/advisory/ntap-20210409-0005/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","https://github.com/advisories/GHSA-jfvx-7wrx-43fh"],"source_kind":"github","identifiers":["GHSA-jfvx-7wrx-43fh","CVE-2020-26259"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:12.419Z","updated_at":"2026-06-04T03:11:03.665Z","epss_percentage":0.8887,"epss_percentile":0.995,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdngtN3dyeC00M2Zo","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdngtN3dyeC00M2Zo","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.15","vulnerable_version_range":"\u003c 1.4.15"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdngtN3dyeC00M2Zo/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13MzYtN2M2Yy1xNHEy","url":"https://github.com/advisories/GHSA-mw36-7c6c-q4q2","title":"XStream can be used for Remote Code Execution","description":"### Impact\nThe vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.\n\n### Patches\nIf you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.14.\n\n### Workarounds\nNo user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability.\n\nUsers of XStream 1.4.13 or below who still want to use XStream default blacklist can use a workaround depending on their version in use.\n\nUsers of XStream 1.4.13 can simply add two lines to XStream's setup code:\n```Java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a black list will have to setup such a list from scratch and deny at least the following types: _javax.imageio.ImageIO$ContainsFilter_, _java.beans.EventHandler_, _java.lang.ProcessBuilder_, _java.lang.Void_ and _void_.\n```Java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n```Java\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);\n```\n\n### Credits\nChen L found and reported the issue to XStream and provided the required information to reproduce it.  He was supported by Zhihong Tian and Hui Lu, both from Guangzhou University.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for [CVE-2020-26217](https://x-stream.github.io/CVE-2020-26217.html).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-11-16T20:07:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.0,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","references":["https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2","https://nvd.nist.gov/vuln/detail/CVE-2020-26217","https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a","https://x-stream.github.io/CVE-2020-26217.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html","https://www.debian.org/security/2020/dsa-4811","https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c@%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3@%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e@%3Cissues.activemq.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9@%3Ccommits.camel.apache.org%3E","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://security.netapp.com/advisory/ntap-20210409-0004","https://github.com/advisories/GHSA-mw36-7c6c-q4q2"],"source_kind":"github","identifiers":["GHSA-mw36-7c6c-q4q2","CVE-2020-26217"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:12.991Z","updated_at":"2026-05-04T17:02:34.771Z","epss_percentage":0.93171,"epss_percentile":0.99803,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13MzYtN2M2Yy1xNHEy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13MzYtN2M2Yy1xNHEy","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.14-java7","vulnerable_version_range":"\u003c= 1.4.13"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13MzYtN2M2Yy1xNHEy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdod2MtNDZybS02NWpo","url":"https://github.com/advisories/GHSA-7hwc-46rm-65jh","title":"Denial of service in XStream","description":"XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"\u003cvoid/\u003e\") call.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-06-30T22:48:24.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-7957","https://github.com/x-stream/xstream/commit/6e546ec366419158b1e393211be6d78ab9604ab","https://github.com/x-stream/xstream/commit/8542d02d9ac5d384c85f4b33d6c1888c53bd55d","https://github.com/x-stream/xstream/commit/b3570be2f39234e61f99f9a20640756ea71b1b4","https://access.redhat.com/errata/RHSA-2017:1832","https://access.redhat.com/errata/RHSA-2017:2888","https://access.redhat.com/errata/RHSA-2017:2889","https://exchange.xforce.ibmcloud.com/vulnerabilities/125800","https://www-prd-trops.events.ibm.com/node/715749","http://www.debian.org/security/2017/dsa-3841","http://www.securityfocus.com/bid/100687","http://www.securitytracker.com/id/1039499","http://x-stream.github.io/CVE-2017-7957.html","https://github.com/advisories/GHSA-7hwc-46rm-65jh"],"source_kind":"github","identifiers":["GHSA-7hwc-46rm-65jh","CVE-2017-7957"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:23.816Z","updated_at":"2026-06-04T03:11:17.960Z","epss_percentage":0.02639,"epss_percentile":0.85503,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdod2MtNDZybS02NWpo","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdod2MtNDZybS02NWpo","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.10","vulnerable_version_range":"\u003c 1.4.10"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdod2MtNDZybS02NWpo/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnaDMtOTg3aC13cG13","url":"https://github.com/advisories/GHSA-rgh3-987h-wpmw","title":"XML External Entity Injection in XStream","description":"Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-06-30T22:48:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-3674","https://github.com/x-stream/xstream/issues/25","https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385","http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html","http://rhn.redhat.com/errata/RHSA-2016-2822.html","http://rhn.redhat.com/errata/RHSA-2016-2823.html","http://www.debian.org/security/2016/dsa-3575","http://www.openwall.com/lists/oss-security/2016/03/25/8","http://www.openwall.com/lists/oss-security/2016/03/28/1","http://www.securityfocus.com/bid/85381","http://www.securitytracker.com/id/1036419","http://x-stream.github.io/changes.html#1.4.9","https://github.com/advisories/GHSA-rgh3-987h-wpmw"],"source_kind":"github","identifiers":["GHSA-rgh3-987h-wpmw","CVE-2016-3674"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:23.807Z","updated_at":"2026-06-04T03:11:17.960Z","epss_percentage":0.04224,"epss_percentile":0.8877,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnaDMtOTg3aC13cG13","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnaDMtOTg3aC13cG13","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.9","vulnerable_version_range":"\u003c 1.4.9"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnaDMtOTg3aC13cG13/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw","url":"https://github.com/advisories/GHSA-hf23-9pf7-388p","title":"Deserialization of Untrusted Data and Code Injection in xstream","description":"It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2019-07-26T16:09:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-10173","http://x-stream.github.io/changes.html#1.4.11","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0445","https://access.redhat.com/errata/RHSA-2020:0727","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://github.com/advisories/GHSA-hf23-9pf7-388p"],"source_kind":"github","identifiers":["GHSA-hf23-9pf7-388p","CVE-2019-10173"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:06.140Z","updated_at":"2026-06-01T03:01:49.173Z","epss_percentage":0.92761,"epss_percentile":0.99768,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.11","vulnerable_version_range":"= 1.4.10"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3","url":"https://github.com/advisories/GHSA-f554-x222-wgf7","title":"Command Injection in Xstream","description":"Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2019-05-29T18:05:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2013-7285","http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html","http://seclists.org/oss-sec/2014/q1/69","https://www.mail-archive.com/user@xstream.codehaus.org/msg00604.html","https://www.mail-archive.com/user@xstream.codehaus.org/msg00607.html","https://x-stream.github.io/CVE-2013-7285.html","https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","http://web.archive.org/web/20140204133306/http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html","https://github.com/x-stream/xstream/commit/6344867dce6767af7d0fe34fb393271a6456672d","https://github.com/advisories/GHSA-f554-x222-wgf7"],"source_kind":"github","identifiers":["GHSA-f554-x222-wgf7","CVE-2013-7285"],"repository_url":"https://github.com/x-stream/xstream","blast_radius":0.0,"created_at":"2022-12-21T16:13:30.113Z","updated_at":"2026-06-09T13:07:48.622Z","epss_percentage":0.18767,"epss_percentile":0.95376,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3","packages":[{"ecosystem":"maven","package_name":"com.thoughtworks.xstream:xstream","versions":[{"first_patched_version":"1.4.11","vulnerable_version_range":"= 1.4.10"},{"first_patched_version":"1.4.7","vulnerable_version_range":"\u003c 1.4.7"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream","docker_dependents_count":8503,"docker_downloads_count":5023921787,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.thoughtworks.xstream:xstream/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2025-11-14T01:00:58.600Z","issues_count":100,"pull_requests_count":64,"avg_time_to_close_issue":4904713.214285715,"avg_time_to_close_pull_request":20182995.108695652,"issues_closed_count":84,"pull_requests_closed_count":46,"pull_request_authors_count":30,"issue_authors_count":90,"avg_comments_per_issue":4.3,"avg_comments_per_pull_request":1.9375,"merged_pull_requests_count":15,"bot_issues_count":0,"bot_pull_requests_count":20,"past_year_issues_count":8,"past_year_pull_requests_count":26,"past_year_avg_time_to_close_issue":8845071.125,"past_year_avg_time_to_close_pull_request":1098551.8235294118,"past_year_issues_closed_count":8,"past_year_pull_requests_closed_count":17,"past_year_pull_request_authors_count":5,"past_year_issue_authors_count":8,"past_year_avg_comments_per_issue":3.5,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":20,"past_year_merged_pull_requests_count":12,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},{"id":5029884,"name":"com.thoughtworks.xstream:xstream-distribution","ecosystem":"maven","description":"Distribution project for XStream to build distributables and documentation.","homepage":"http://x-stream.github.io","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/x-stream/xstream","keywords_array":[],"namespace":"com.thoughtworks.xstream","versions_count":27,"first_release_published_at":"2006-11-11T14:01:44.000Z","latest_release_published_at":"2024-11-07T19:15:49.000Z","latest_release_number":"1.4.21","last_synced_at":"2026-06-17T13:47:48.688Z","created_at":"2022-07-27T15:43:31.328Z","updated_at":"2026-06-17T13:47:48.688Z","registry_url":"https://central.sonatype.com/artifact/com.thoughtworks.xstream/xstream-distribution/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.thoughtworks.xstream/xstream-distribution/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2026-02-01T23:30:35.000Z","size":21767,"stargazers_count":756,"open_issues_count":29,"forks_count":237,"subscribers_count":48,"default_branch":"master","last_synced_at":"2026-02-03T03:08:30.843Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2026-02-01T23:30:38.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"d2af3864-daa8-46a7-a7a1-5432fc334cb2","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29062493,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T23:14:54.203Z","status":"ssl_error","status_checked_at":"2026-02-03T23:14:50.873Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"tags":[{"name":"XSTREAM_1_4_21","sha":"e62d2eeea1a627e85caef287e76a9c09078c1798","kind":"tag","published_at":"2024-11-07T18:55:52.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_21","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21/manifests"},{"name":"XSTREAM_1_4_20","sha":"f124f777fb8831430f930816a9e18813788c69cb","kind":"tag","published_at":"2022-12-23T23:13:31.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_20","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20/manifests"},{"name":"XSTREAM_1_4_19","sha":"61a00fa225dc99488013869b57b772af8e2fea03","kind":"tag","published_at":"2022-01-29T16:46:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_19","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19/manifests"},{"name":"XSTREAM_1_4_18","sha":"b9ad1c02724c2b1636a8794c8e1bcd630f46c0b3","kind":"tag","published_at":"2021-08-22T11:57:46.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_18","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18/manifests"},{"name":"XSTREAM_1_4_17","sha":"25eaa5034fca7a492605936ea880132c98bec237","kind":"tag","published_at":"2021-05-14T08:20:10.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_17","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17/manifests"},{"name":"XSTREAM_1_4_16","sha":"3dd9cc610199802e4f13bd49b02a9f99adaba145","kind":"tag","published_at":"2021-03-12T23:22:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_16","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16/manifests"},{"name":"XSTREAM_1_4_15","sha":"f04bbec461f2c2a6f1e2cf41770f42c64aae24a4","kind":"tag","published_at":"2020-12-12T23:21:56.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_15","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15/manifests"},{"name":"XSTREAM_1_4_14","sha":"b9f6f5924681f1d37484df4197712bb768f7ec44","kind":"tag","published_at":"2020-11-15T23:01:08.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_14","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14/manifests"},{"name":"XSTREAM_1_4_13","sha":"cba30d7f75cb0f7e2fd66c03989e51f7c8521232","kind":"tag","published_at":"2020-09-06T21:41:27.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_13","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13/manifests"},{"name":"XSTREAM_1_4_12","sha":"6ec37c8d0129ce73d3264958d1deb38eeb08eea5","kind":"tag","published_at":"2020-04-12T17:16:29.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_12","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12/manifests"},{"name":"XSTREAM_1_4_11_1","sha":"54529d8561c7fc959c8c394c0526bf45cc0c1528","kind":"tag","published_at":"2018-10-26T19:03:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1/manifests"},{"name":"XSTREAM_1_4_11","sha":"807e21fb3ec55061b3becb835df10b0d20279f11","kind":"tag","published_at":"2018-10-22T20:05:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11/manifests"},{"name":"XSTREAM_1_4_10","sha":"4d9499729007ef6090a9989db60099c72f8eb983","kind":"tag","published_at":"2017-05-23T14:27:07.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_10","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10/manifests"},{"name":"XSTREAM_1_4_9","sha":"f66bbea1b383e705988abf8d06ea9782a73f24d4","kind":"tag","published_at":"2016-03-15T23:09:45.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_9","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9/manifests"},{"name":"XSTREAM_1_4_7","sha":"6acae3f1c9a6ab94e78d0bb0e39429c120fcd718","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_7","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7/manifests"},{"name":"XSTREAM_1_4_6","sha":"768c6e417a75e7732fc591bee844e5e81af56a7d","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6/manifests"},{"name":"XSTREAM_1_4_5","sha":"6263a53e8b8c4d1b092a32fa1abcadb6acfce45b","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5/manifests"},{"name":"XSTREAM_1_4_4","sha":"c4c71226515fa42809a48d9ae702756e2831f379","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4/manifests"},{"name":"XSTREAM_1_4_3","sha":"1b7a2f6cac924bed53b876a2d10aff69aff46b51","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3/manifests"},{"name":"XSTREAM_1_4_2","sha":"852891a5ebe48b0302ccff8b25d02df4cb7fd056","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2/manifests"},{"name":"XSTREAM_1_4_1","sha":"5b97cd3e49b65df1de6b601f9b3a8373ef523428","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1/manifests"},{"name":"XSTREAM_1_4","sha":"4b5fb281ce97d021e23c302099f571042e00e9f3","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4/manifests"},{"name":"XSTREAM_1_3_1","sha":"ff23674bfa2d25b56c826e488df9e41a3fa99cec","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1/manifests"},{"name":"XSTREAM_1_3","sha":"94fcafc045f3b7b9a969c7d5cc6ad5eaa43fcb1a","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3/manifests"},{"name":"XSTREAM_1_2_2","sha":"2c2109f23be2c7094cb20da06d1cf8ae767ca1b3","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2/manifests"},{"name":"XSTREAM_1_2_1","sha":"de03e6dced96663a579575dcbb71b3ca9576e173","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1/manifests"},{"name":"XSTREAM_1_2","sha":"cf2ecd483d39f0eca8f98ec4f2bccb273d5c3538","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2/manifests"},{"name":"XSTREAM_1_1_3","sha":"92acd5f00520a1885e5b6f627102ab0a455daa1f","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3/manifests"},{"name":"XSTREAM_1_1_2","sha":"7ed86c98735a02d25caf8bb7a6532fcb3390e92e","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2/manifests"},{"name":"XSTREAM_1_1_1","sha":"afda6dede96f611ac6485ed53280bfee292f5692","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1/manifests"},{"name":"XSTREAM_1_1","sha":"be610b807efda705f45d12a5d6090bf844fcdfff","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1/manifests"},{"name":"XSTREAM_1_0_2","sha":"8e0dbbdbc462da0bd459e28381ac76bf7c6bc8ee","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2/manifests"},{"name":"XSTREAM_1_0_1","sha":"c1bb7484d85ca2290cf16097e394434391307673","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1/manifests"},{"name":"XSTREAM_1_0_RC1","sha":"161829e174498b6003cf8221da5d470afca05649","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1/manifests"},{"name":"XSTREAM_0_6","sha":"6ce6678e233dbb02d46bc87ee4ea15876c1b8365","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6/manifests"},{"name":"XSTREAM_0_6_RC1","sha":"62c22adf2104bfe531b80b46b468d29b46aabfbb","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1/manifests"},{"name":"XSTREAM_0_5","sha":"b116b47b2a9b7f9b68fedf8c40daf98b077660b4","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5/manifests"},{"name":"XSTREAM_0_4","sha":"65f1fb83154b67ae417637d0b674e278c7e5f8fe","kind":"tag","published_at":"2015-03-14T23:20:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4/manifests"},{"name":"XSTREAM_0_3","sha":"8f16b1e3bcd8a9611aa3ad39804aba1ff6736362","kind":"tag","published_at":"2015-03-14T23:12:16.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3/manifests"},{"name":"XSTREAM_0_2","sha":"0522415786058bd64f4d05c31b31b8fae83bc31c","kind":"tag","published_at":"2015-03-14T23:10:48.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2/manifests"},{"name":"XSTREAM_1_4_8","sha":"da0f1b833c27ffe37257d39400029b50757d4ff0","kind":"tag","published_at":"2015-03-14T23:02:50.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_8","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8/manifests"}]},"repo_metadata_updated_at":"2026-05-12T17:17:33.907Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":7,"rankings":{"downloads":null,"dependent_repos_count":9.293916247034208,"dependent_packages_count":50.14986635165033,"stargazers_count":13.52060787474096,"forks_count":13.157404719238356,"docker_downloads_count":null,"average":21.530448798165963},"purl":"pkg:maven/com.thoughtworks.xstream/xstream-distribution","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-distribution","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-distribution","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.thoughtworks.xstream:xstream-distribution/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-02-03T00:09:43.740Z","issues_count":101,"pull_requests_count":73,"avg_time_to_close_issue":4904713.214285715,"avg_time_to_close_pull_request":18438624.69354839,"issues_closed_count":84,"pull_requests_closed_count":62,"pull_request_authors_count":30,"issue_authors_count":91,"avg_comments_per_issue":4.316831683168317,"avg_comments_per_pull_request":1.7808219178082192,"merged_pull_requests_count":28,"bot_issues_count":0,"bot_pull_requests_count":29,"past_year_issues_count":4,"past_year_pull_requests_count":35,"past_year_avg_time_to_close_issue":4767002.0,"past_year_avg_time_to_close_pull_request":1629255.03125,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":32,"past_year_pull_request_authors_count":5,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":4.75,"past_year_avg_comments_per_pull_request":0.5142857142857142,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":29,"past_year_merged_pull_requests_count":25,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-distribution/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-distribution/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-distribution/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-distribution/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-distribution/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-distribution/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},{"id":5029897,"name":"com.thoughtworks.xstream:xstream-benchmark","ecosystem":"maven","description":"Benchmark suite of XStream.","homepage":"http://x-stream.github.io","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/x-stream/xstream","keywords_array":[],"namespace":"com.thoughtworks.xstream","versions_count":27,"first_release_published_at":"2006-11-11T13:57:38.000Z","latest_release_published_at":"2024-11-07T19:15:33.000Z","latest_release_number":"1.4.21","last_synced_at":"2026-06-17T13:47:49.845Z","created_at":"2022-07-27T15:43:36.933Z","updated_at":"2026-06-17T13:47:49.845Z","registry_url":"https://central.sonatype.com/artifact/com.thoughtworks.xstream/xstream-benchmark/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.thoughtworks.xstream/xstream-benchmark/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2026-05-01T07:33:09.000Z","size":21734,"stargazers_count":757,"open_issues_count":35,"forks_count":241,"subscribers_count":48,"default_branch":"master","last_synced_at":"2026-05-31T00:07:53.379Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2026-05-29T08:06:40.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"d2af3864-daa8-46a7-a7a1-5432fc334cb2","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33753957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"tags":[{"name":"XSTREAM_1_4_21","sha":"e62d2eeea1a627e85caef287e76a9c09078c1798","kind":"tag","published_at":"2024-11-07T18:55:52.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_21","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21/manifests"},{"name":"XSTREAM_1_4_20","sha":"f124f777fb8831430f930816a9e18813788c69cb","kind":"tag","published_at":"2022-12-23T23:13:31.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_20","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20/manifests"},{"name":"XSTREAM_1_4_19","sha":"61a00fa225dc99488013869b57b772af8e2fea03","kind":"tag","published_at":"2022-01-29T16:46:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_19","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19/manifests"},{"name":"XSTREAM_1_4_18","sha":"b9ad1c02724c2b1636a8794c8e1bcd630f46c0b3","kind":"tag","published_at":"2021-08-22T11:57:46.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_18","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18/manifests"},{"name":"XSTREAM_1_4_17","sha":"25eaa5034fca7a492605936ea880132c98bec237","kind":"tag","published_at":"2021-05-14T08:20:10.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_17","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17/manifests"},{"name":"XSTREAM_1_4_16","sha":"3dd9cc610199802e4f13bd49b02a9f99adaba145","kind":"tag","published_at":"2021-03-12T23:22:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_16","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16/manifests"},{"name":"XSTREAM_1_4_15","sha":"f04bbec461f2c2a6f1e2cf41770f42c64aae24a4","kind":"tag","published_at":"2020-12-12T23:21:56.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_15","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15/manifests"},{"name":"XSTREAM_1_4_14","sha":"b9f6f5924681f1d37484df4197712bb768f7ec44","kind":"tag","published_at":"2020-11-15T23:01:08.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_14","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14/manifests"},{"name":"XSTREAM_1_4_13","sha":"cba30d7f75cb0f7e2fd66c03989e51f7c8521232","kind":"tag","published_at":"2020-09-06T21:41:27.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_13","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13/manifests"},{"name":"XSTREAM_1_4_12","sha":"6ec37c8d0129ce73d3264958d1deb38eeb08eea5","kind":"tag","published_at":"2020-04-12T17:16:29.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_12","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12/manifests"},{"name":"XSTREAM_1_4_11_1","sha":"54529d8561c7fc959c8c394c0526bf45cc0c1528","kind":"tag","published_at":"2018-10-26T19:03:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1/manifests"},{"name":"XSTREAM_1_4_11","sha":"807e21fb3ec55061b3becb835df10b0d20279f11","kind":"tag","published_at":"2018-10-22T20:05:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11/manifests"},{"name":"XSTREAM_1_4_10","sha":"4d9499729007ef6090a9989db60099c72f8eb983","kind":"tag","published_at":"2017-05-23T14:27:07.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_10","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10/manifests"},{"name":"XSTREAM_1_4_9","sha":"f66bbea1b383e705988abf8d06ea9782a73f24d4","kind":"tag","published_at":"2016-03-15T23:09:45.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_9","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9/manifests"},{"name":"XSTREAM_1_4_7","sha":"6acae3f1c9a6ab94e78d0bb0e39429c120fcd718","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_7","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7/manifests"},{"name":"XSTREAM_1_4_6","sha":"768c6e417a75e7732fc591bee844e5e81af56a7d","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6/manifests"},{"name":"XSTREAM_1_4_5","sha":"6263a53e8b8c4d1b092a32fa1abcadb6acfce45b","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5/manifests"},{"name":"XSTREAM_1_4_4","sha":"c4c71226515fa42809a48d9ae702756e2831f379","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4/manifests"},{"name":"XSTREAM_1_4_3","sha":"1b7a2f6cac924bed53b876a2d10aff69aff46b51","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3/manifests"},{"name":"XSTREAM_1_4_2","sha":"852891a5ebe48b0302ccff8b25d02df4cb7fd056","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2/manifests"},{"name":"XSTREAM_1_4_1","sha":"5b97cd3e49b65df1de6b601f9b3a8373ef523428","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1/manifests"},{"name":"XSTREAM_1_4","sha":"4b5fb281ce97d021e23c302099f571042e00e9f3","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4/manifests"},{"name":"XSTREAM_1_3_1","sha":"ff23674bfa2d25b56c826e488df9e41a3fa99cec","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1/manifests"},{"name":"XSTREAM_1_3","sha":"94fcafc045f3b7b9a969c7d5cc6ad5eaa43fcb1a","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3/manifests"},{"name":"XSTREAM_1_2_2","sha":"2c2109f23be2c7094cb20da06d1cf8ae767ca1b3","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2/manifests"},{"name":"XSTREAM_1_2_1","sha":"de03e6dced96663a579575dcbb71b3ca9576e173","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1/manifests"},{"name":"XSTREAM_1_2","sha":"cf2ecd483d39f0eca8f98ec4f2bccb273d5c3538","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2/manifests"},{"name":"XSTREAM_1_1_3","sha":"92acd5f00520a1885e5b6f627102ab0a455daa1f","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3/manifests"},{"name":"XSTREAM_1_1_2","sha":"7ed86c98735a02d25caf8bb7a6532fcb3390e92e","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2/manifests"},{"name":"XSTREAM_1_1_1","sha":"afda6dede96f611ac6485ed53280bfee292f5692","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1/manifests"},{"name":"XSTREAM_1_1","sha":"be610b807efda705f45d12a5d6090bf844fcdfff","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1/manifests"},{"name":"XSTREAM_1_0_2","sha":"8e0dbbdbc462da0bd459e28381ac76bf7c6bc8ee","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2/manifests"},{"name":"XSTREAM_1_0_1","sha":"c1bb7484d85ca2290cf16097e394434391307673","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1/manifests"},{"name":"XSTREAM_1_0_RC1","sha":"161829e174498b6003cf8221da5d470afca05649","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1/manifests"},{"name":"XSTREAM_0_6","sha":"6ce6678e233dbb02d46bc87ee4ea15876c1b8365","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6/manifests"},{"name":"XSTREAM_0_6_RC1","sha":"62c22adf2104bfe531b80b46b468d29b46aabfbb","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1/manifests"},{"name":"XSTREAM_0_5","sha":"b116b47b2a9b7f9b68fedf8c40daf98b077660b4","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5/manifests"},{"name":"XSTREAM_0_4","sha":"65f1fb83154b67ae417637d0b674e278c7e5f8fe","kind":"tag","published_at":"2015-03-14T23:20:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4/manifests"},{"name":"XSTREAM_0_3","sha":"8f16b1e3bcd8a9611aa3ad39804aba1ff6736362","kind":"tag","published_at":"2015-03-14T23:12:16.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3/manifests"},{"name":"XSTREAM_0_2","sha":"0522415786058bd64f4d05c31b31b8fae83bc31c","kind":"tag","published_at":"2015-03-14T23:10:48.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2/manifests"},{"name":"XSTREAM_1_4_8","sha":"da0f1b833c27ffe37257d39400029b50757d4ff0","kind":"tag","published_at":"2015-03-14T23:02:50.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_8","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8/manifests"}]},"repo_metadata_updated_at":"2026-06-01T02:02:45.617Z","dependent_packages_count":2,"downloads":null,"downloads_period":null,"dependent_repos_count":29,"rankings":{"downloads":null,"dependent_repos_count":4.3450229755028085,"dependent_packages_count":23.156303496881538,"stargazers_count":13.739851234870706,"forks_count":13.848171470332069,"docker_downloads_count":1.168296809458499,"average":11.251529197409123},"purl":"pkg:maven/com.thoughtworks.xstream/xstream-benchmark","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-benchmark","docker_dependents_count":23,"docker_downloads_count":6297616,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-benchmark","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.thoughtworks.xstream:xstream-benchmark/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-05-31T00:03:39.166Z","issues_count":103,"pull_requests_count":76,"avg_time_to_close_issue":4880706.197674419,"avg_time_to_close_pull_request":17590199.015384614,"issues_closed_count":86,"pull_requests_closed_count":65,"pull_request_authors_count":30,"issue_authors_count":93,"avg_comments_per_issue":4.29126213592233,"avg_comments_per_pull_request":1.7105263157894737,"merged_pull_requests_count":31,"bot_issues_count":0,"bot_pull_requests_count":32,"past_year_issues_count":4,"past_year_pull_requests_count":33,"past_year_avg_time_to_close_issue":2581655.6666666665,"past_year_avg_time_to_close_pull_request":1588162.78125,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":32,"past_year_pull_request_authors_count":2,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":1.75,"past_year_avg_comments_per_pull_request":0.5151515151515151,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":32,"past_year_merged_pull_requests_count":26,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-benchmark/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-benchmark/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-benchmark/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-benchmark/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-benchmark/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-benchmark/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},{"id":4779608,"name":"com.thoughtworks.xstream:xstream-jmh","ecosystem":"maven","description":"JMH Benchmark suite of XStream.","homepage":"http://x-stream.github.io","licenses":"BSD","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/x-stream/xstream","keywords_array":[],"namespace":"com.thoughtworks.xstream","versions_count":14,"first_release_published_at":"2016-03-15T23:18:28.000Z","latest_release_published_at":"2024-11-07T19:15:40.000Z","latest_release_number":"1.4.21","last_synced_at":"2026-06-17T13:47:53.263Z","created_at":"2022-07-26T11:12:20.228Z","updated_at":"2026-06-17T13:47:53.263Z","registry_url":"https://central.sonatype.com/artifact/com.thoughtworks.xstream/xstream-jmh/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.thoughtworks.xstream/xstream-jmh/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2026-02-01T23:30:35.000Z","size":21767,"stargazers_count":756,"open_issues_count":29,"forks_count":237,"subscribers_count":48,"default_branch":"master","last_synced_at":"2026-02-03T03:08:30.843Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2026-02-01T23:30:38.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"d2af3864-daa8-46a7-a7a1-5432fc334cb2","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29062493,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T23:14:54.203Z","status":"ssl_error","status_checked_at":"2026-02-03T23:14:50.873Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"tags":[{"name":"XSTREAM_1_4_21","sha":"e62d2eeea1a627e85caef287e76a9c09078c1798","kind":"tag","published_at":"2024-11-07T18:55:52.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_21","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21/manifests"},{"name":"XSTREAM_1_4_20","sha":"f124f777fb8831430f930816a9e18813788c69cb","kind":"tag","published_at":"2022-12-23T23:13:31.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_20","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20/manifests"},{"name":"XSTREAM_1_4_19","sha":"61a00fa225dc99488013869b57b772af8e2fea03","kind":"tag","published_at":"2022-01-29T16:46:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_19","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19/manifests"},{"name":"XSTREAM_1_4_18","sha":"b9ad1c02724c2b1636a8794c8e1bcd630f46c0b3","kind":"tag","published_at":"2021-08-22T11:57:46.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_18","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18/manifests"},{"name":"XSTREAM_1_4_17","sha":"25eaa5034fca7a492605936ea880132c98bec237","kind":"tag","published_at":"2021-05-14T08:20:10.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_17","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17/manifests"},{"name":"XSTREAM_1_4_16","sha":"3dd9cc610199802e4f13bd49b02a9f99adaba145","kind":"tag","published_at":"2021-03-12T23:22:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_16","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16/manifests"},{"name":"XSTREAM_1_4_15","sha":"f04bbec461f2c2a6f1e2cf41770f42c64aae24a4","kind":"tag","published_at":"2020-12-12T23:21:56.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_15","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15/manifests"},{"name":"XSTREAM_1_4_14","sha":"b9f6f5924681f1d37484df4197712bb768f7ec44","kind":"tag","published_at":"2020-11-15T23:01:08.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_14","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14/manifests"},{"name":"XSTREAM_1_4_13","sha":"cba30d7f75cb0f7e2fd66c03989e51f7c8521232","kind":"tag","published_at":"2020-09-06T21:41:27.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_13","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13/manifests"},{"name":"XSTREAM_1_4_12","sha":"6ec37c8d0129ce73d3264958d1deb38eeb08eea5","kind":"tag","published_at":"2020-04-12T17:16:29.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_12","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12/manifests"},{"name":"XSTREAM_1_4_11_1","sha":"54529d8561c7fc959c8c394c0526bf45cc0c1528","kind":"tag","published_at":"2018-10-26T19:03:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1/manifests"},{"name":"XSTREAM_1_4_11","sha":"807e21fb3ec55061b3becb835df10b0d20279f11","kind":"tag","published_at":"2018-10-22T20:05:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11/manifests"},{"name":"XSTREAM_1_4_10","sha":"4d9499729007ef6090a9989db60099c72f8eb983","kind":"tag","published_at":"2017-05-23T14:27:07.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_10","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10/manifests"},{"name":"XSTREAM_1_4_9","sha":"f66bbea1b383e705988abf8d06ea9782a73f24d4","kind":"tag","published_at":"2016-03-15T23:09:45.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_9","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9/manifests"},{"name":"XSTREAM_1_4_7","sha":"6acae3f1c9a6ab94e78d0bb0e39429c120fcd718","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_7","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7/manifests"},{"name":"XSTREAM_1_4_6","sha":"768c6e417a75e7732fc591bee844e5e81af56a7d","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6/manifests"},{"name":"XSTREAM_1_4_5","sha":"6263a53e8b8c4d1b092a32fa1abcadb6acfce45b","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5/manifests"},{"name":"XSTREAM_1_4_4","sha":"c4c71226515fa42809a48d9ae702756e2831f379","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4/manifests"},{"name":"XSTREAM_1_4_3","sha":"1b7a2f6cac924bed53b876a2d10aff69aff46b51","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3/manifests"},{"name":"XSTREAM_1_4_2","sha":"852891a5ebe48b0302ccff8b25d02df4cb7fd056","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2/manifests"},{"name":"XSTREAM_1_4_1","sha":"5b97cd3e49b65df1de6b601f9b3a8373ef523428","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1/manifests"},{"name":"XSTREAM_1_4","sha":"4b5fb281ce97d021e23c302099f571042e00e9f3","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4/manifests"},{"name":"XSTREAM_1_3_1","sha":"ff23674bfa2d25b56c826e488df9e41a3fa99cec","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1/manifests"},{"name":"XSTREAM_1_3","sha":"94fcafc045f3b7b9a969c7d5cc6ad5eaa43fcb1a","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3/manifests"},{"name":"XSTREAM_1_2_2","sha":"2c2109f23be2c7094cb20da06d1cf8ae767ca1b3","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2/manifests"},{"name":"XSTREAM_1_2_1","sha":"de03e6dced96663a579575dcbb71b3ca9576e173","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1/manifests"},{"name":"XSTREAM_1_2","sha":"cf2ecd483d39f0eca8f98ec4f2bccb273d5c3538","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2/manifests"},{"name":"XSTREAM_1_1_3","sha":"92acd5f00520a1885e5b6f627102ab0a455daa1f","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3/manifests"},{"name":"XSTREAM_1_1_2","sha":"7ed86c98735a02d25caf8bb7a6532fcb3390e92e","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2/manifests"},{"name":"XSTREAM_1_1_1","sha":"afda6dede96f611ac6485ed53280bfee292f5692","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1/manifests"},{"name":"XSTREAM_1_1","sha":"be610b807efda705f45d12a5d6090bf844fcdfff","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1/manifests"},{"name":"XSTREAM_1_0_2","sha":"8e0dbbdbc462da0bd459e28381ac76bf7c6bc8ee","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2/manifests"},{"name":"XSTREAM_1_0_1","sha":"c1bb7484d85ca2290cf16097e394434391307673","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1/manifests"},{"name":"XSTREAM_1_0_RC1","sha":"161829e174498b6003cf8221da5d470afca05649","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1/manifests"},{"name":"XSTREAM_0_6","sha":"6ce6678e233dbb02d46bc87ee4ea15876c1b8365","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6/manifests"},{"name":"XSTREAM_0_6_RC1","sha":"62c22adf2104bfe531b80b46b468d29b46aabfbb","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1/manifests"},{"name":"XSTREAM_0_5","sha":"b116b47b2a9b7f9b68fedf8c40daf98b077660b4","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5/manifests"},{"name":"XSTREAM_0_4","sha":"65f1fb83154b67ae417637d0b674e278c7e5f8fe","kind":"tag","published_at":"2015-03-14T23:20:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4/manifests"},{"name":"XSTREAM_0_3","sha":"8f16b1e3bcd8a9611aa3ad39804aba1ff6736362","kind":"tag","published_at":"2015-03-14T23:12:16.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3/manifests"},{"name":"XSTREAM_0_2","sha":"0522415786058bd64f4d05c31b31b8fae83bc31c","kind":"tag","published_at":"2015-03-14T23:10:48.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2/manifests"},{"name":"XSTREAM_1_4_8","sha":"da0f1b833c27ffe37257d39400029b50757d4ff0","kind":"tag","published_at":"2015-03-14T23:02:50.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_8","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8/manifests"}]},"repo_metadata_updated_at":"2026-02-12T21:01:24.230Z","dependent_packages_count":2,"downloads":null,"downloads_period":null,"dependent_repos_count":14,"rankings":{"downloads":null,"dependent_repos_count":6.562083913143589,"dependent_packages_count":23.156303496881538,"stargazers_count":13.763077015487191,"forks_count":13.795312797204899,"docker_downloads_count":6.613941475037291,"average":12.778143739550902},"purl":"pkg:maven/com.thoughtworks.xstream/xstream-jmh","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-jmh","docker_dependents_count":1,"docker_downloads_count":12,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-jmh","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.thoughtworks.xstream:xstream-jmh/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-02-03T00:09:43.740Z","issues_count":101,"pull_requests_count":73,"avg_time_to_close_issue":4904713.214285715,"avg_time_to_close_pull_request":18438624.69354839,"issues_closed_count":84,"pull_requests_closed_count":62,"pull_request_authors_count":30,"issue_authors_count":91,"avg_comments_per_issue":4.316831683168317,"avg_comments_per_pull_request":1.7808219178082192,"merged_pull_requests_count":28,"bot_issues_count":0,"bot_pull_requests_count":29,"past_year_issues_count":4,"past_year_pull_requests_count":35,"past_year_avg_time_to_close_issue":4767002.0,"past_year_avg_time_to_close_pull_request":1629255.03125,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":32,"past_year_pull_request_authors_count":5,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":4.75,"past_year_avg_comments_per_pull_request":0.5142857142857142,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":29,"past_year_merged_pull_requests_count":25,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-jmh/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-jmh/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-jmh/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-jmh/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-jmh/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-jmh/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},{"id":4779642,"name":"com.thoughtworks.xstream:xstream-parent","ecosystem":"maven","description":"XStream is a serialization library from Java objects to XML and back.","homepage":"http://x-stream.github.io","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/x-stream/xstream","keywords_array":[],"namespace":"com.thoughtworks.xstream","versions_count":28,"first_release_published_at":"2006-08-18T08:20:29.000Z","latest_release_published_at":"2024-11-07T19:13:43.000Z","latest_release_number":"1.4.21","last_synced_at":"2026-06-17T13:47:56.040Z","created_at":"2022-07-26T11:12:31.245Z","updated_at":"2026-06-17T13:47:56.040Z","registry_url":"https://central.sonatype.com/artifact/com.thoughtworks.xstream/xstream-parent/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.thoughtworks.xstream/xstream-parent/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":28699284,"uuid":"32219624","full_name":"x-stream/xstream","owner":"x-stream","description":"Serialize Java objects to XML and back again.","archived":false,"fork":false,"pushed_at":"2025-11-01T06:01:27.000Z","size":21945,"stargazers_count":751,"open_issues_count":49,"forks_count":236,"subscribers_count":48,"default_branch":"master","last_synced_at":"2025-11-01T19:01:42.648Z","etag":null,"topics":["java","xml","xstream"],"latest_commit_sha":null,"homepage":"http://x-stream.github.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x-stream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-03-14T15:57:12.000Z","updated_at":"2025-10-30T05:14:39.000Z","dependencies_parsed_at":"2024-01-14T19:12:15.434Z","dependency_job_id":"8e2ca63a-0042-44c9-b521-077bcf5f1ba4","html_url":"https://github.com/x-stream/xstream","commit_stats":{"total_commits":2895,"total_committers":45,"mean_commits":64.33333333333333,"dds":"0.28221070811744386","last_synced_commit":"9cbe8891fe698e4aeec1aca4b13d8ec868ccdf0a"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/x-stream/xstream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/sbom","scorecard":{"id":1237830,"data":{"date":"2025-07-07","repo":{"name":"github.com/x-stream/xstream","commit":"20f26bcecc2256e032b1073cef52f14a8ef44d56"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":4.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/x-stream/xstream/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v-1.4.x'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-17T21:06:14.045Z","repository_id":28699284,"created_at":"2025-09-17T21:06:14.046Z","updated_at":"2025-09-17T21:06:14.046Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":282191220,"owners_count":26629457,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-01T02:00:06.759Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"x-stream","name":"XStream","uuid":"12127637","kind":"organization","description":"","email":null,"website":null,"location":"http://x-stream.github.io","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/12127637?v=4","repositories_count":4,"last_synced_at":"2023-02-28T18:35:26.464Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/x-stream","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-11T20:12:18.814Z","updated_at":"2023-02-28T18:35:26.471Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x-stream/repositories"},"tags":[{"name":"XSTREAM_1_4_21","sha":"e62d2eeea1a627e85caef287e76a9c09078c1798","kind":"tag","published_at":"2024-11-07T18:55:52.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_21","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_21/manifests"},{"name":"XSTREAM_1_4_20","sha":"f124f777fb8831430f930816a9e18813788c69cb","kind":"tag","published_at":"2022-12-23T23:13:31.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_20","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_20/manifests"},{"name":"XSTREAM_1_4_19","sha":"61a00fa225dc99488013869b57b772af8e2fea03","kind":"tag","published_at":"2022-01-29T16:46:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_19","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_19/manifests"},{"name":"XSTREAM_1_4_18","sha":"b9ad1c02724c2b1636a8794c8e1bcd630f46c0b3","kind":"tag","published_at":"2021-08-22T11:57:46.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_18","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_18/manifests"},{"name":"XSTREAM_1_4_17","sha":"25eaa5034fca7a492605936ea880132c98bec237","kind":"tag","published_at":"2021-05-14T08:20:10.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_17","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_17/manifests"},{"name":"XSTREAM_1_4_16","sha":"3dd9cc610199802e4f13bd49b02a9f99adaba145","kind":"tag","published_at":"2021-03-12T23:22:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_16","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_16/manifests"},{"name":"XSTREAM_1_4_15","sha":"f04bbec461f2c2a6f1e2cf41770f42c64aae24a4","kind":"tag","published_at":"2020-12-12T23:21:56.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_15","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_15/manifests"},{"name":"XSTREAM_1_4_14","sha":"b9f6f5924681f1d37484df4197712bb768f7ec44","kind":"tag","published_at":"2020-11-15T23:01:08.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_14","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_14/manifests"},{"name":"XSTREAM_1_4_13","sha":"cba30d7f75cb0f7e2fd66c03989e51f7c8521232","kind":"tag","published_at":"2020-09-06T21:41:27.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_13","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_13/manifests"},{"name":"XSTREAM_1_4_12","sha":"6ec37c8d0129ce73d3264958d1deb38eeb08eea5","kind":"tag","published_at":"2020-04-12T17:16:29.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_12","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_12/manifests"},{"name":"XSTREAM_1_4_11_1","sha":"54529d8561c7fc959c8c394c0526bf45cc0c1528","kind":"tag","published_at":"2018-10-26T19:03:19.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11_1/manifests"},{"name":"XSTREAM_1_4_11","sha":"807e21fb3ec55061b3becb835df10b0d20279f11","kind":"tag","published_at":"2018-10-22T20:05:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_11","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_11/manifests"},{"name":"XSTREAM_1_4_10","sha":"4d9499729007ef6090a9989db60099c72f8eb983","kind":"tag","published_at":"2017-05-23T14:27:07.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_10","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_10/manifests"},{"name":"XSTREAM_1_4_9","sha":"f66bbea1b383e705988abf8d06ea9782a73f24d4","kind":"tag","published_at":"2016-03-15T23:09:45.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_9","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_9/manifests"},{"name":"XSTREAM_1_4_4","sha":"c4c71226515fa42809a48d9ae702756e2831f379","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_4/manifests"},{"name":"XSTREAM_1_4_7","sha":"6acae3f1c9a6ab94e78d0bb0e39429c120fcd718","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_7","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_7/manifests"},{"name":"XSTREAM_1_4_6","sha":"768c6e417a75e7732fc591bee844e5e81af56a7d","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_6/manifests"},{"name":"XSTREAM_1_4_5","sha":"6263a53e8b8c4d1b092a32fa1abcadb6acfce45b","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_5/manifests"},{"name":"XSTREAM_1_4_3","sha":"1b7a2f6cac924bed53b876a2d10aff69aff46b51","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_3/manifests"},{"name":"XSTREAM_1_4_2","sha":"852891a5ebe48b0302ccff8b25d02df4cb7fd056","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_2/manifests"},{"name":"XSTREAM_1_4_1","sha":"5b97cd3e49b65df1de6b601f9b3a8373ef523428","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_1/manifests"},{"name":"XSTREAM_1_4","sha":"4b5fb281ce97d021e23c302099f571042e00e9f3","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4/manifests"},{"name":"XSTREAM_1_3_1","sha":"ff23674bfa2d25b56c826e488df9e41a3fa99cec","kind":"tag","published_at":"2015-03-15T09:38:39.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3_1/manifests"},{"name":"XSTREAM_1_2_1","sha":"de03e6dced96663a579575dcbb71b3ca9576e173","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_1/manifests"},{"name":"XSTREAM_1_2","sha":"cf2ecd483d39f0eca8f98ec4f2bccb273d5c3538","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2/manifests"},{"name":"XSTREAM_1_1_3","sha":"92acd5f00520a1885e5b6f627102ab0a455daa1f","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_3/manifests"},{"name":"XSTREAM_1_1_2","sha":"7ed86c98735a02d25caf8bb7a6532fcb3390e92e","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_2/manifests"},{"name":"XSTREAM_1_1_1","sha":"afda6dede96f611ac6485ed53280bfee292f5692","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1_1/manifests"},{"name":"XSTREAM_1_1","sha":"be610b807efda705f45d12a5d6090bf844fcdfff","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_1/manifests"},{"name":"XSTREAM_1_2_2","sha":"2c2109f23be2c7094cb20da06d1cf8ae767ca1b3","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_2_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_2_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_2_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_2_2/manifests"},{"name":"XSTREAM_1_3","sha":"94fcafc045f3b7b9a969c7d5cc6ad5eaa43fcb1a","kind":"tag","published_at":"2015-03-15T09:38:38.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_3/manifests"},{"name":"XSTREAM_1_0_RC1","sha":"161829e174498b6003cf8221da5d470afca05649","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_RC1/manifests"},{"name":"XSTREAM_1_0_2","sha":"8e0dbbdbc462da0bd459e28381ac76bf7c6bc8ee","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_2/manifests"},{"name":"XSTREAM_1_0_1","sha":"c1bb7484d85ca2290cf16097e394434391307673","kind":"tag","published_at":"2015-03-15T09:38:37.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_0_1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_0_1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_0_1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_0_1/manifests"},{"name":"XSTREAM_0_6","sha":"6ce6678e233dbb02d46bc87ee4ea15876c1b8365","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6/manifests"},{"name":"XSTREAM_0_6_RC1","sha":"62c22adf2104bfe531b80b46b468d29b46aabfbb","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_6_RC1","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_6_RC1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_6_RC1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_6_RC1/manifests"},{"name":"XSTREAM_0_5","sha":"b116b47b2a9b7f9b68fedf8c40daf98b077660b4","kind":"tag","published_at":"2015-03-15T09:35:51.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_5","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_5/manifests"},{"name":"XSTREAM_0_4","sha":"65f1fb83154b67ae417637d0b674e278c7e5f8fe","kind":"tag","published_at":"2015-03-14T23:20:41.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_4","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_4/manifests"},{"name":"XSTREAM_0_3","sha":"8f16b1e3bcd8a9611aa3ad39804aba1ff6736362","kind":"tag","published_at":"2015-03-14T23:12:16.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_3","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_3/manifests"},{"name":"XSTREAM_0_2","sha":"0522415786058bd64f4d05c31b31b8fae83bc31c","kind":"tag","published_at":"2015-03-14T23:10:48.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_0_2","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_0_2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_0_2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_0_2/manifests"},{"name":"XSTREAM_1_4_8","sha":"da0f1b833c27ffe37257d39400029b50757d4ff0","kind":"tag","published_at":"2015-03-14T23:02:50.000Z","download_url":"https://codeload.github.com/x-stream/xstream/tar.gz/XSTREAM_1_4_8","html_url":"https://github.com/x-stream/xstream/releases/tag/XSTREAM_1_4_8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/x-stream/xstream@XSTREAM_1_4_8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/tags/XSTREAM_1_4_8/manifests"}]},"repo_metadata_updated_at":"2025-11-18T03:07:38.112Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":5,"rankings":{"downloads":null,"dependent_repos_count":10.914915556267458,"dependent_packages_count":50.14986635165033,"stargazers_count":13.763077015487191,"forks_count":13.795312797204899,"docker_downloads_count":null,"average":22.15579293015247},"purl":"pkg:maven/com.thoughtworks.xstream/xstream-parent","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-parent","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.thoughtworks.xstream:xstream-parent","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.thoughtworks.xstream:xstream-parent/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-11-01T09:02:26.918Z","issues_count":100,"pull_requests_count":60,"avg_time_to_close_issue":4904713.214285715,"avg_time_to_close_pull_request":21585265.545454547,"issues_closed_count":84,"pull_requests_closed_count":33,"pull_request_authors_count":29,"issue_authors_count":90,"avg_comments_per_issue":4.28,"avg_comments_per_pull_request":1.8666666666666667,"merged_pull_requests_count":7,"bot_issues_count":0,"bot_pull_requests_count":17,"past_year_issues_count":8,"past_year_pull_requests_count":22,"past_year_avg_time_to_close_issue":8845071.125,"past_year_avg_time_to_close_pull_request":431559.0,"past_year_issues_closed_count":8,"past_year_pull_requests_closed_count":5,"past_year_pull_request_authors_count":4,"past_year_issue_authors_count":8,"past_year_avg_comments_per_issue":3.25,"past_year_avg_comments_per_pull_request":0.045454545454545456,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":17,"past_year_merged_pull_requests_count":4,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-parent/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-parent/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-parent/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-parent/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-parent/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.thoughtworks.xstream:xstream-parent/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}}],"commits":{"id":1638171,"full_name":"x-stream/xstream","default_branch":"master","total_commits":2995,"total_committers":47,"total_bot_commits":58,"total_bot_committers":1,"mean_commits":63.723404255319146,"dds":0.29248747913188644,"past_year_total_commits":97,"past_year_total_committers":2,"past_year_total_bot_commits":58,"past_year_total_bot_committers":1,"past_year_mean_commits":48.5,"past_year_dds":0.4020618556701031,"last_synced_at":"2026-06-17T10:06:34.794Z","last_synced_commit":"a0f1637e977e6f682f483873b5877e6fe18247b8","created_at":"2024-06-26T12:43:32.221Z","updated_at":"2026-06-17T10:04:42.218Z","committers":[{"name":"Jörg Schaible","email":"joerg.schaible@gmx.de","login":"joehni","count":2119},{"name":"Joe Walnes","email":"joe@truemesh.com","login":"joewalnes","count":502},{"name":"Mauro Talevi","email":"mauro.talevi@aquilonia.org","login":"maurotalevi","count":125},{"name":"Guilherme Silveira","email":"guilherme.silveira@caelum.com.br","login":"guilhermesilveira","count":69},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":58},{"name":"Jason van Zyl","email":"jvanzyl@apache.org","login":"jvanzyl","count":42},{"name":"Damage Control","email":"dcontrol@codehaus.org","login":null,"count":12},{"name":"James Strachan","email":"james.strachan@gmail.com","login":"jstrachan","count":11},{"name":"Carsten Hammer","email":"carsten.hammer@t-online.de","login":"carstenartur","count":6},{"name":"purnhar","email":"purnhar","login":"purnhar","count":4},{"name":"Bob McWhirter","email":"bob@codehaus.org","login":null,"count":3},{"name":"zeshuai007","email":"51382517@qq.com","login":"zeshuai007","count":3},{"name":"Vladislav Rassokhin","email":"vladislav.rassokhin@jetbrains.com","login":"VladRassokhin","count":2},{"name":"Tom Adams","email":"tadams@thoughtworks.com","login":"tadams","count":2},{"name":"Falko Modler","email":"famod","login":"famod","count":2},{"name":"Basil Crow","email":"me@basilcrow.com","login":"basil","count":2},{"name":"CV","email":"cv@codehaus.org","login":null,"count":2},{"name":"Aslak Hellesøy","email":"aslak.hellesoy@gmail.com","login":"aslakhellesoy","count":2},{"name":"Aaron","email":"aaron@ajexperience.com","login":"aaron13100","count":1},{"name":"Anonymous","email":"anon@codehaus.org","login":null,"count":1},{"name":"Elliotte Harold","email":"elharo@google.com","login":null,"count":1},{"name":"Julia Boes","email":"julia.boes@oracle.com","login":null,"count":1},{"name":"Sean Sullivan","email":"ssullivan@gilt.com","login":null,"count":1},{"name":"张逸扬","email":"33390928+gdut-yy","login":"gdut-yy","count":1},{"name":"xfournet","email":"xfournet","login":"xfournet","count":1},{"name":"pzi","email":"92990747+https418","login":"https418","count":1},{"name":"balrajbains","email":"polltery@gmail.com","login":"polltery","count":1},{"name":"Yann Massard","email":"yamass@gmail.com","login":"yamass","count":1},{"name":"Wes Wannemacher","email":"wwannemacher@sonatype.com","login":"wwannemacher","count":1},{"name":"Vaclav Haisman","email":"vhaisman@gmail.com","login":"wilx","count":1},{"name":"Tobias Gierke","email":"tobias.gierke@code-sourcery.de","login":"toby1984","count":1},{"name":"Steve Davidson","email":"steve@j2eeguys.com","login":"gorky","count":1},{"name":"Stefan Cordes@home","email":"stefan.cordes@canda.com","login":"ca-stefan-cordes","count":1},{"name":"Robin Kreis","email":"r.kreis@uni-bremen.de","login":"rkreis","count":1},{"name":"Nikita Gryzlov","email":"nixel2007@gmail.com","login":"nixel2007","count":1},{"name":"Ken Geis","email":"kgeis@berkeley.edu","login":"kgeis","count":1},{"name":"John Bergqvist","email":"John.Bergqvist@diffblue.com","login":"JohnLBergqvist","count":1},{"name":"Jesse Glick","email":"jglick@cloudbees.com","login":"jglick","count":1},{"name":"Jakob Schnell","email":"github@ezelo.de","login":"koebi","count":1},{"name":"Honor Systems Updater Jenkins","email":"hsujenkins@j2eeguys.com","login":"hsujenkins","count":1},{"name":"Hervé Boutemy","email":"hboutemy@apache.org","login":"hboutemy","count":1},{"name":"Harald Schmitt","email":"linux@hschmitt.de","login":"surfing","count":1},{"name":"HIGUCHI Yuta","email":"y-higuchi","login":"y-higuchi","count":1},{"name":"Baptiste Mesta","email":"baptiste.mesta@gmail.com","login":"baptistemesta","count":1},{"name":"Alex Blekhman","email":"ablekhman@atlassian.com","login":"ablekhman","count":1},{"name":"Aleksey Dobrynin","email":"aleksey.dobrynin@jetbrains.com","login":"madlexa","count":1},{"name":"Matej Cimbora","email":"mcimbora@redhat.com","login":null,"count":1}],"past_year_committers":[{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":58},{"name":"joehni","email":"joerg.schaible@gmx.de","login":"joehni","count":39}],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-06-19T00:00:07.604Z","repositories_count":6263713,"commits_count":875002357,"contributors_count":35073036,"owners_count":1168674,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues":{"table":{"full_name":"x-stream/xstream","html_url":"https://github.com/x-stream/xstream","last_synced_at":"2026-06-04T00:05:04.286Z","status":"active","issues_count":103,"pull_requests_count":89,"avg_time_to_close_issue":4880706.197674419,"avg_time_to_close_pull_request":16934635.411764707,"issues_closed_count":86,"pull_requests_closed_count":68,"pull_request_authors_count":31,"issue_authors_count":93,"avg_comments_per_issue":4.300970873786408,"avg_comments_per_pull_request":1.4943820224719102,"merged_pull_requests_count":31,"bot_issues_count":0,"bot_pull_requests_count":43,"past_year_issues_count":4,"past_year_pull_requests_count":46,"past_year_avg_time_to_close_issue":2581655.6666666665,"past_year_avg_time_to_close_pull_request":1686099.4571428571,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":35,"past_year_pull_request_authors_count":3,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":1.75,"past_year_avg_comments_per_pull_request":0.43478260869565216,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":43,"past_year_merged_pull_requests_count":26,"created_at":"2023-05-15T21:47:50.193Z","updated_at":"2026-06-04T00:05:04.287Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/x-stream%2Fxstream/issues","issue_labels_count":{"table":{"question":42,"bug":10,"invalid":10,"enhancement":9,"duplicate":9,"improvement":8,"wontfix":1,"help wanted":1,"notification":1}},"pull_request_labels_count":{"table":{"dependencies":43,"java":42,"improvement":13,"bug":9,"enhancement":6,"github_actions":1}},"issue_author_associations_count":{"table":{"NONE":98,"CONTRIBUTOR":5}},"pull_request_author_associations_count":{"table":{"CONTRIBUTOR":68,"NONE":21}},"issue_authors":{"table":{"quantrpeter":4,"jtnord":2,"NicholasWMRitchie":2,"wangliang181230":2,"gorky":2,"better-kay":2,"henryrneh":2,"adjiandov":2,"dmitryallen":1,"UKreher":1,"luismora1224":1,"Thihup":1,"ZanDev32":1,"rabeltra":1,"vipul79321":1,"mkoncek":1,"ajaysharma2":1,"Sarthak160":1,"Han-Jiaxuan":1,"joakapp":1,"jvbrandis":1,"seiyafei":1,"cmanlh":1,"dockter34":1,"wimjongman":1,"joseluiswork":1,"surfing":1,"vijayanandof":1,"MartyAlien":1,"paweleck":1,"nagarajgond":1,"ncteam1990":1,"thoger":1,"Erhannis":1,"vargen":1,"gengzhy":1,"scantor":1,"rani111agrawal":1,"jglick":1,"dit-j":1,"mnckstle":1,"basil":1,"fenggeZhang":1,"thxwelchs":1,"raptorshots":1,"famod":1,"scholzb-hb":1,"Sheldon66-Huang":1,"tristantarrant":1,"aceeric":1,"guykoth":1,"punkdis":1,"zqfan":1,"bmr-exerp":1,"mdealer":1,"rgoldberg":1,"sachin1surya":1,"mattrpav":1,"AllanElleuch":1,"lixun027":1,"mikhal":1,"Betalord":1,"psevestre":1,"Sawraz-OpenRef":1,"DJSmy":1,"sagga001":1,"tcullum-rh":1,"repobilitycom":1,"Shikari0744":1,"Malle0203":1,"Ercu84":1,"ghost":1,"xtaixe":1,"sahil3390":1,"jpink":1,"wertklop":1,"injulkarnilesh":1,"daniel-beck":1,"morris821028":1,"AmitAmar":1,"ankitbardiyasapiens":1,"jotare":1,"nfalco79":1,"hcoles":1,"jjazzboss":1,"urn1ce":1,"aliaksei-burlakou":1,"JueShan":1,"nobody102":1,"BadTrasher":1,"pmouawad":1,"0x7d7b":1,"elavy-harris":1}},"pull_request_authors":{"table":{"dependabot[bot]":43,"basil":4,"toby1984":3,"gorky":3,"kgeis":2,"carstenartur":2,"VladRassokhin":2,"luczus":2,"zeshuai007":2,"htanwar-atlassian":2,"jmestwa-coder":2,"ablekhman":2,"ge0ffrey":2,"Valkryst":1,"wborn":1,"polltery":1,"Ganeshgautam":1,"ejba":1,"ghost":1,"stzdzyhs":1,"surfing":1,"gdut-yy":1,"theshadowco":1,"pjfanning":1,"wangliang181230":1,"wwannemacher":1,"koebi":1,"hboutemy":1,"y-higuchi":1,"sullis":1,"FrauBoes":1}},"host":{"table":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-06-08T00:00:18.161Z","repositories_count":14781088,"issues_count":33500333,"pull_requests_count":110185815,"authors_count":11295197,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"}},"past_year_issue_labels_count":{"table":{"question":2,"enhancement":1}},"past_year_pull_request_labels_count":{"table":{"dependencies":43,"java":42,"github_actions":1}},"past_year_issue_author_associations_count":{"table":{"NONE":4}},"past_year_pull_request_author_associations_count":{"table":{"CONTRIBUTOR":43,"NONE":3}},"past_year_issue_authors":{"table":{"bmr-exerp":1,"nfalco79":1,"repobilitycom":1,"ZanDev32":1}},"past_year_pull_request_authors":{"table":{"dependabot[bot]":43,"jmestwa-coder":2,"theshadowco":1}},"maintainers":[],"active_maintainers":[]}},"events":{"total":{"DeleteEvent":28,"PullRequestEvent":134,"ForkEvent":14,"IssuesEvent":23,"WatchEvent":15,"IssueCommentEvent":52,"PushEvent":121,"CreateEvent":43},"last_year":{"DeleteEvent":28,"PullRequestEvent":127,"ForkEvent":4,"IssuesEvent":7,"WatchEvent":6,"IssueCommentEvent":20,"PushEvent":98,"CreateEvent":42}},"keywords":["java","xml","xstream"],"dependencies":[{"ecosystem":"maven","filepath":"pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:34.922Z","updated_at":"2022-08-07T14:00:34.922Z","repository_link":"https://github.com/x-stream/xstream/blob/master/pom.xml","dependencies":[{"id":598622006,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"runtime","optional":false},{"id":598622007,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"test","optional":false},{"id":598622008,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"provided","optional":false},{"id":598622009,"package_name":"com.thoughtworks.xstream:xstream-hibernate","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"runtime","optional":false},{"id":598622010,"package_name":"com.thoughtworks.xstream:xstream-hibernate","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"provided","optional":false},{"id":598622011,"package_name":"com.thoughtworks.xstream:xstream-jmh","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"runtime","optional":false},{"id":598622012,"package_name":"com.thoughtworks.xstream:xstream-jmh","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"provided","optional":false},{"id":598622013,"package_name":"com.thoughtworks.xstream:xstream-benchmark","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"runtime","optional":false},{"id":598622014,"package_name":"com.thoughtworks.xstream:xstream-benchmark","ecosystem":"maven","requirements":"1.5.0-SNAPSHOT","direct":true,"kind":"provided","optional":false},{"id":598622015,"package_name":"org.apache.commons:commons-lang3","ecosystem":"maven","requirements":"3.8.1","direct":true,"kind":"runtime","optional":false},{"id":598622016,"package_name":"cglib:cglib-nodep","ecosystem":"maven","requirements":"2.2","direct":true,"kind":"runtime","optional":false},{"id":598622017,"package_name":"javassist:javassist","ecosystem":"maven","requirements":"3.12.1.GA","direct":true,"kind":"runtime","optional":false},{"id":598622018,"package_name":"org.dom4j:dom4j","ecosystem":"maven","requirements":"2.0.2","direct":true,"kind":"runtime","optional":false},{"id":598622019,"package_name":"org.jdom:jdom","ecosystem":"maven","requirements":"1.1.3","direct":true,"kind":"runtime","optional":false},{"id":598622020,"package_name":"org.jdom:jdom2","ecosystem":"maven","requirements":"2.0.6","direct":true,"kind":"runtime","optional":false},{"id":598622021,"package_name":"joda-time:joda-time","ecosystem":"maven","requirements":"2.10.1","direct":true,"kind":"runtime","optional":false},{"id":598622022,"package_name":"com.megginson.sax:xml-writer","ecosystem":"maven","requirements":"0.2","direct":true,"kind":"runtime","optional":false},{"id":598622023,"package_name":"stax:stax","ecosystem":"maven","requirements":"1.2.0","direct":true,"kind":"runtime","optional":false},{"id":598622024,"package_name":"com.fasterxml.woodstox:woodstox-core","ecosystem":"maven","requirements":"5.2.0","direct":true,"kind":"runtime","optional":false},{"id":598622025,"package_name":"xom:xom","ecosystem":"maven","requirements":"1.3.2","direct":true,"kind":"runtime","optional":false},{"id":598622026,"package_name":"io.github.x-stream:mxparser","ecosystem":"maven","requirements":"1.2.2","direct":true,"kind":"runtime","optional":false},{"id":598622027,"package_name":"xpp3:xpp3_min","ecosystem":"maven","requirements":"1.1.4c","direct":true,"kind":"runtime","optional":false},{"id":598622028,"package_name":"net.sf.kxml:kxml2-min","ecosystem":"maven","requirements":"2.3.0","direct":true,"kind":"runtime","optional":false},{"id":598622029,"package_name":"net.sf.kxml:kxml2","ecosystem":"maven","requirements":"2.3.0","direct":true,"kind":"runtime","optional":false},{"id":598622030,"package_name":"xmlpull:xmlpull","ecosystem":"maven","requirements":"1.1.3.1","direct":true,"kind":"runtime","optional":false},{"id":598622031,"package_name":"org.json:json","ecosystem":"maven","requirements":"20180813","direct":true,"kind":"runtime","optional":false},{"id":598622032,"package_name":"org.codehaus.jettison:jettison","ecosystem":"maven","requirements":"1.4.1","direct":true,"kind":"runtime","optional":false},{"id":598622033,"package_name":"xerces:xercesImpl","ecosystem":"maven","requirements":"2.8.1","direct":true,"kind":"runtime","optional":false},{"id":598622034,"package_name":"jakarta.activation:jakarta.activation-api","ecosystem":"maven","requirements":"1.2.1","direct":true,"kind":"runtime","optional":false},{"id":598622035,"package_name":"jakarta.annotation:jakarta.annotation-api","ecosystem":"maven","requirements":"1.3.4","direct":true,"kind":"runtime","optional":false},{"id":598622036,"package_name":"jakarta.xml.bind:jakarta.xml.bind-api","ecosystem":"maven","requirements":"2.3.2","direct":true,"kind":"runtime","optional":false},{"id":598622037,"package_name":"com.sun.xml.ws:jaxws-rt","ecosystem":"maven","requirements":"2.2","direct":true,"kind":"runtime","optional":false},{"id":598622038,"package_name":"org.hibernate:hibernate-core","ecosystem":"maven","requirements":"4.2.5.Final","direct":true,"kind":"runtime","optional":false},{"id":598622039,"package_name":"org.hibernate:hibernate-envers","ecosystem":"maven","requirements":"4.2.5.Final","direct":true,"kind":"runtime","optional":false},{"id":598622040,"package_name":"org.hsqldb:hsqldb","ecosystem":"maven","requirements":"2.2.8","direct":true,"kind":"runtime","optional":false},{"id":598622041,"package_name":"org.slf4j:slf4j-api","ecosystem":"maven","requirements":"1.6.1","direct":true,"kind":"runtime","optional":false},{"id":598622042,"package_name":"org.slf4j:slf4j-simple","ecosystem":"maven","requirements":"1.6.1","direct":true,"kind":"runtime","optional":false},{"id":598622043,"package_name":"org.openjdk.jmh:jmh-core","ecosystem":"maven","requirements":"1.21","direct":true,"kind":"runtime","optional":false},{"id":598622044,"package_name":"org.openjdk.jmh:jmh-generator-annprocess","ecosystem":"maven","requirements":"1.21","direct":true,"kind":"provided","optional":false},{"id":598622045,"package_name":"commons-codec:commons-codec","ecosystem":"maven","requirements":"1.11","direct":true,"kind":"runtime","optional":false},{"id":598622046,"package_name":"com.brsanthu:migbase64","ecosystem":"maven","requirements":"2.2","direct":true,"kind":"runtime","optional":false},{"id":598622047,"package_name":"junit:junit","ecosystem":"maven","requirements":"3.8.1","direct":true,"kind":"test","optional":false},{"id":598622048,"package_name":"jmock:jmock","ecosystem":"maven","requirements":"1.0.1","direct":true,"kind":"test","optional":false},{"id":598622049,"package_name":"jakarta.inject:jakarta.inject-api","ecosystem":"maven","requirements":"1.0","direct":true,"kind":"runtime","optional":false},{"id":598622050,"package_name":"org.apache.felix:org.apache.felix.framework","ecosystem":"maven","requirements":"6.0.3","direct":true,"kind":"test","optional":false},{"id":598622051,"package_name":"org.ops4j.pax.exam:pax-exam-container-native","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false},{"id":598622052,"package_name":"org.ops4j.pax.exam:pax-exam-extender-service","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false},{"id":598622053,"package_name":"org.ops4j.pax.exam:pax-exam-inject","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false},{"id":598622054,"package_name":"org.ops4j.pax.exam:pax-exam-invoker-junit","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false},{"id":598622055,"package_name":"org.ops4j.pax.exam:pax-exam-junit4","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false},{"id":598622056,"package_name":"org.ops4j.pax.exam:pax-exam-link-assembly","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false},{"id":598622057,"package_name":"org.ops4j.pax.exam:pax-exam-link-mvn","ecosystem":"maven","requirements":"4.13.4","direct":true,"kind":"test","optional":false}]},{"ecosystem":"maven","filepath":"xstream/pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:35.260Z","updated_at":"2022-08-07T14:00:35.260Z","repository_link":"https://github.com/x-stream/xstream/blob/master/xstream/pom.xml","dependencies":[{"id":598624871,"package_name":"org.dom4j:dom4j","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624872,"package_name":"org.jdom:jdom","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624873,"package_name":"org.jdom:jdom2","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624874,"package_name":"joda-time:joda-time","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624875,"package_name":"com.fasterxml.woodstox:woodstox-core","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624876,"package_name":"stax:stax","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624877,"package_name":"xom:xom","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624878,"package_name":"io.github.x-stream:mxparser","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624879,"package_name":"net.sf.kxml:kxml2-min","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624880,"package_name":"xpp3:xpp3_min","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624881,"package_name":"cglib:cglib-nodep","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624882,"package_name":"org.codehaus.jettison:jettison","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624883,"package_name":"jakarta.activation:jakarta.activation-api","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624884,"package_name":"jakarta.xml.bind:jakarta.xml.bind-api","ecosystem":"maven","requirements":null,"direct":true,"kind":"provided","optional":false},{"id":598624885,"package_name":"junit:junit","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624886,"package_name":"jmock:jmock","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598624887,"package_name":"org.json:json","ecosystem":"maven","requirements":null,"direct":true,"kind":"test","optional":false},{"id":598624888,"package_name":"com.megginson.sax:xml-writer","ecosystem":"maven","requirements":null,"direct":true,"kind":"test","optional":false},{"id":598624889,"package_name":"org.apache.commons:commons-lang3","ecosystem":"maven","requirements":null,"direct":true,"kind":"test","optional":false},{"id":598624890,"package_name":"com.sun.xml.ws:jaxws-rt","ecosystem":"maven","requirements":null,"direct":true,"kind":"test","optional":false}]},{"ecosystem":"maven","filepath":"xstream-builder/pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:35.917Z","updated_at":"2022-08-07T14:00:35.917Z","repository_link":"https://github.com/x-stream/xstream/blob/master/xstream-builder/pom.xml","dependencies":[{"id":598634015,"package_name":"${project.groupId}:xstream","ecosystem":"maven","requirements":"${project.version}","direct":true,"kind":"runtime","optional":false},{"id":598634016,"package_name":"junit:junit","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"maven","filepath":"xstream-distribution/pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:36.344Z","updated_at":"2022-08-07T14:00:36.344Z","repository_link":"https://github.com/x-stream/xstream/blob/master/xstream-distribution/pom.xml","dependencies":[{"id":598642203,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598642204,"package_name":"com.thoughtworks.xstream:xstream-hibernate","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598642205,"package_name":"com.thoughtworks.xstream:xstream-jmh","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598642206,"package_name":"com.thoughtworks.xstream:xstream-benchmark","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"maven","filepath":"xstream-hibernate/pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:37.117Z","updated_at":"2022-08-07T14:00:37.117Z","repository_link":"https://github.com/x-stream/xstream/blob/master/xstream-hibernate/pom.xml","dependencies":[{"id":598650586,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650587,"package_name":"org.hibernate:hibernate-core","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650588,"package_name":"org.hibernate:hibernate-envers","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650589,"package_name":"org.hsqldb:hsqldb","ecosystem":"maven","requirements":null,"direct":true,"kind":"test","optional":false},{"id":598650590,"package_name":"org.slf4j:slf4j-simple","ecosystem":"maven","requirements":null,"direct":true,"kind":"provided","optional":false},{"id":598650591,"package_name":"javassist:javassist","ecosystem":"maven","requirements":null,"direct":true,"kind":"provided","optional":false},{"id":598650592,"package_name":"cglib:cglib-nodep","ecosystem":"maven","requirements":null,"direct":true,"kind":"provided","optional":false},{"id":598650593,"package_name":"junit:junit","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"maven","filepath":"xstream-its/pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:37.353Z","updated_at":"2022-08-07T14:00:37.353Z","repository_link":"https://github.com/x-stream/xstream/blob/master/xstream-its/pom.xml","dependencies":[{"id":598650796,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650797,"package_name":"jakarta.inject:jakarta.inject-api","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650798,"package_name":"org.apache.felix:org.apache.felix.framework","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650799,"package_name":"org.ops4j.pax.exam:pax-exam-container-native","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650800,"package_name":"org.ops4j.pax.exam:pax-exam-extender-service","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650801,"package_name":"org.ops4j.pax.exam:pax-exam-invoker-junit","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650802,"package_name":"org.ops4j.pax.exam:pax-exam-junit4","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650803,"package_name":"org.ops4j.pax.exam:pax-exam-inject","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650804,"package_name":"org.ops4j.pax.exam:pax-exam-link-assembly","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650805,"package_name":"org.ops4j.pax.exam:pax-exam-link-mvn","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650806,"package_name":"junit:junit","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598650807,"package_name":"org.slf4j:slf4j-simple","ecosystem":"maven","requirements":null,"direct":true,"kind":"test","optional":false}]},{"ecosystem":"maven","filepath":"xstream-jmh/pom.xml","sha":null,"kind":"manifest","created_at":"2022-08-07T14:00:37.445Z","updated_at":"2022-08-07T14:00:37.445Z","repository_link":"https://github.com/x-stream/xstream/blob/master/xstream-jmh/pom.xml","dependencies":[{"id":598652401,"package_name":"com.thoughtworks.xstream:xstream","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652402,"package_name":"org.openjdk.jmh:jmh-core","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652403,"package_name":"org.openjdk.jmh:jmh-generator-annprocess","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652404,"package_name":"commons-codec:commons-codec","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652405,"package_name":"com.brsanthu:migbase64","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652406,"package_name":"io.github.x-stream:mxparser","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652407,"package_name":"xpp3:xpp3_min","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652408,"package_name":"net.sf.kxml:kxml2-min","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652409,"package_name":"stax:stax","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652410,"package_name":"com.fasterxml.woodstox:woodstox-core","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652411,"package_name":"org.dom4j:dom4j","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652412,"package_name":"org.jdom:jdom","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652413,"package_name":"org.jdom:jdom2","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652414,"package_name":"xom:xom","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652415,"package_name":"org.codehaus.jettison:jettison","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false},{"id":598652416,"package_name":"jakarta.xml.bind:jakarta.xml.bind-api","ecosystem":"maven","requirements":null,"direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/maven.yml","sha":null,"kind":"manifest","created_at":"2023-01-14T09:22:38.383Z","updated_at":"2023-01-14T09:22:38.383Z","repository_link":"https://github.com/x-stream/xstream/blob/master/.github/workflows/maven.yml","dependencies":[{"id":6893868311,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":6893868312,"package_name":"actions/setup-java","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false}]}],"score":32.87494262508248,"created_at":"2025-08-29T11:14:22.685Z","updated_at":"2026-06-20T11:30:22.682Z","avatar_url":"https://github.com/x-stream.png","language":"Java","codemeta":null,"publiccode":null,"project_url":"https://summary.ecosyste.ms/api/v1/projects/363070","html_url":"https://summary.ecosyste.ms/projects/363070"}