Precondition
Describe the bug
NVD has published a record that this cannot handle.
[ERROR] Failed to process CVE-2025-2682
java.lang.NullPointerException: Cannot invoke "String.toUpperCase()" because the return value of "io.github.jeremylong.openvulnerability.client.nvd.CveItem.getVulnStatus()" is null
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:1093)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.updateCveDb (NvdApiProcessor.java:119)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:96)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:317)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
at java.lang.Thread.run (Thread.java:1583)
Version of dependency-check used
The problem occurs using version 12.1.0 of the maven plugin
To Reproduce
mvn dependency-check:check
Expected behavior
No errors when processing NVD data.
Additional context
Running a second time does not throw any errors, as it still recorded the update timestamp.
[INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
Precondition
Describe the bug
NVD has published a record that this cannot handle.
Version of dependency-check used
The problem occurs using version 12.1.0 of the maven plugin
To Reproduce
mvn dependency-check:checkExpected behavior
No errors when processing NVD data.
Additional context
Running a second time does not throw any errors, as it still recorded the update timestamp.