One or more dependencies were identified with known vulnerabilities in SpotBugs Maven Plugin:
httpclient-4.0.2.jar (cpe:/a:apache:httpclient:4.0.2, org.apache.httpcomponents:httpclient:4.0.2) : CVE-2015-5262, CVE-2014-3577
maven-core-3.0.jar (cpe:/a:apache:maven:3.0.4, org.apache.maven:maven-core:3.0) : CVE-2013-0253
xbean-reflect-3.7.jar (cpe:/a:apache:geronimo:3.7, org.apache.xbean:xbean-reflect:3.7) : CVE-2008-0732
groovy-2.4.14.jar (cpe:/a:apache:groovy:2.4.14, org.codehaus.groovy:groovy:2.4.14) : CVE-2016-6497
lombok-1.16.18.jar (cpe:/a:spice_project:spice:1.16.18, org.projectlombok:lombok:1.16.18) : CVE-2016-2150, CVE-2016-0749
plexus-build-api-0.0.7.jar (cpe:/a:spice_project:spice:0.0.7, org.sonatype.plexus:plexus-build-api:0.0.7) : CVE-2016-2150, CVE-2016-0749, CVE-2015-5261, CVE-2015-5260, CVE-2013-4130
plexus-cipher-1.4.jar (cpe:/a:spice_project:spice:1.4, org.sonatype.plexus:plexus-cipher:1.4) : CVE-2016-2150, CVE-2016-0749
plexus-sec-dispatcher-1.3.jar (cpe:/a:spice_project:spice:1.3, org.sonatype.plexus:plexus-sec-dispatcher:1.3) : CVE-2016-2150, CVE-2016-0749
See the dependency-check report for more details.