Upload your JAR (or class) files and this app will tell you if any of your files match one of the many publicly distributed files that the Red Hat Security team has identified as containing a known security flaw, or CVE..
A CVE is an item in a list of known vulnerabilities in all software. It provides a common way for people from different organizations to identify a particular known vulnerability.
Often when building your own Java application, you will rely upon JAR files built and distributed by others. While JEVD can't tell you if your Java code contains security flaws (wouldn't that be cool?), it can tell you if you are relying upon a JAR that Red Hat has determined is vulnerable to a CVE.
The Java Embedded Vulnerability Detector can be used as a web app in you browser. Navigate to the app, choose the JAR and/or class files you want scanned, and click submit. The app also has a direct HTTP/REST interface that can be used directly by any tool that can send HTTP requests.
The Java Embedded Vulnerability Detector is built entirely upon the work of the Victims project and provides simplified access to their work for Red Hat Customers.