https://ask.clojure.org/index.php/tag/cve https://ask.clojure.org/index.php/14872/cve-warning-org-fressian-fressian-org-clojure-data-fressian <p>Dependency Information<br> When running clj-watson in a project with </p> <p>org.clojure/data.fressian {:mvn/version "1.1.1"}</p> <p>I get the following warning, refering to <a rel="nofollow" href="https://nvd.nist.gov/vuln/detail/cve-2018-10054">CVE-2018-10054</a> (relates to a vulnerability in H2 and its usage in older versions of datomic). I assume this is a false positive.</p> <hr> <p>NAME: org.fressian/fressian<br> VERSION: 0.6.8</p> <p>DEPENDENCY FOUND IN:</p> <p>[org.clojure/data.fressian]</p> <p>FIX SUGGESTION:</p> <h3>Vulnerabilities</h3> <p>SEVERITY: HIGH<br> IDENTIFIERS: CVE-2018-10054<br> CVSS: 8.8 (version 3.1)<br> PATCHED VERSION: Information not available.</p> Clojure https://ask.clojure.org/index.php/14872/cve-warning-org-fressian-fressian-org-clojure-data-fressian Fri, 09 Jan 2026 12:45:21 +0000