Java Embedded Vulnerability Detector
Introducing a New Access Labs App: Java Embedded Vulnerability Detector
Upload your JAR (or class) files and this app will tell you if any of your files match one of the many publicly distributed files that the Red Hat Security team has identified as containing a known security flaw, or CVE..
A CVE is an item in a list of known vulnerabilities in all software. It provides a common way for people from different organizations to identify a particular known vulnerability.
Often when building your own Java application, you will rely upon JAR files built and distributed by others. While JEVD can't tell you if your Java code contains security flaws (wouldn't that be cool?), it can tell you if you are relying upon a JAR that Red Hat has determined is vulnerable to a CVE.
The Java Embedded Vulnerability Detector can be used as a web app in you browser. Navigate to the app, choose the JAR and/or class files you want scanned, and click submit. The app also has a direct HTTP/REST interface that can be used directly by any tool that can send HTTP requests.
The Java Embedded Vulnerability Detector is built entirely upon the work of the Victims project and provides simplified access to their work for Red Hat Customers.

Comments
Hi, the database doesn't seem to include CVE-2015-7501 (commons-collection). Uploading a vulnerable jar the cve doesn't get detected. Is the database still being updated? Regards Tim
The database is still being updated. I tested both EAP 6.4.4, and EAP 5.2.0, unpatched version of commons-collections, and they both show vulnerable to CVE-2015-7501
I tried using both the web (no response) and downloading the jar executable. The jar gives me a: error: Failed to sync database WARNING: Victims database is empty! Run command again with the --update flag.
Is the database available?