Skip to content

Error in NistApiMirrorTask: NullPointerException: Cannot read the array length because "<parameter1>" is null #5262

New issue
New issue
Closed
Closed
Error in NistApiMirrorTask: NullPointerException: Cannot read the array length because "<parameter1>" is null#5262
Labels
defectSomething isn't workingintegration/nvdRelated to the NVD integration
Milestone
4.13.5
@SaberStrat

Description

@SaberStrat
SaberStrat
opened on Aug 28, 2025

Current Behavior

...
2025-08-28 19:25:57,312 INFO [NistApiMirrorTask] CVEs were not previously mirrored via NVD API; Will mirror all CVEs
...
2025-08-28 19:25:58,430 ERROR [NistApiMirrorTask] An unexpected error occurred while mirroring the contents of the National Vulnerability Database
java.lang.NullPointerException: Cannot read the array length because "<parameter1>" is null
	at java.base/java.lang.String.<init>(Unknown Source)
	at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:440)
	at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:379)
	at org.dependencytrack.tasks.NistApiMirrorTask.inform(NistApiMirrorTask.java:154)
	at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
2025-08-28 19:25:58,433 INFO [NistApiMirrorTask] Mirroring of 0 CVEs completed in PT1.122199778S
...

Steps to Reproduce

  1. activate NVD mirroring, using settings
  • NVD Feeds URL: https://nvd.nist.gov/feeds
  • API endpoint: https://services.nvd.nist.gov/rest/json/cves/2.0
  • API key: a valid one requested from NIST
  • Last Modification (UTC): empty fields
  1. activate "Enable mirroring via API"
  2. restart apiserver (optional, just to trigger a download and not having to wait for the next task trigger)

Expected Behavior

Download via API should work just like a download via classic data feed (which, for me, does).

Dependency-Track Version

4.13.4

First time observed in 4.12.7

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

16.3.0

Browser

Mozilla Firefox

Checklist

Metadata

Metadata

Assignees

No one assigned

    Labels

    defectSomething isn't workingintegration/nvdRelated to the NVD integration

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions