org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2026-6785'; Value too long for column "URL CHARACTER VARYING(1000)

**Precondition**
- [x] I checked the issues list for existing open or closed reports of the same problem.

**Describe the bug**
The dependency check fails because two mozilla CVEs have URLs that seem to be longer than the database field size allows.

**Version of dependency-check used**
The problem occurs using version 12.2.1 of the dependency check gradle plugin

**Log file**
```
Failed to process CVE-2026-6785
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2026-6785'; Value too long for column "URL CHARACTER VARYING(1000)": "'https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2... (1585)"; SQL statement:
INSERT INTO reference (cveid, name, url, source) VALUES (?, ?, ?, ?) [22001-240]
	at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(CveDB.java:1104)
	at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.updateCveDb(NvdApiProcessor.java:119)
	at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call(NvdApiProcessor.java:102)
	at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call(NvdApiProcessor.java:40)
	at java.base@25.0.2/java.util.concurrent.FutureTask.run(FutureTask.java:328)
	at java.base@25.0.2/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
	at java.base@25.0.2/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
	at java.base@25.0.2/java.lang.Thread.run(Thread.java:1474)
Failed to process CVE-2026-6786
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2026-6786'; Value too long for column "URL CHARACTER VARYING(1000)": "'https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2C2019004%2C2019224%2C2... (1115)"; SQL statement:
INSERT INTO reference (cveid, name, url, source) VALUES (?, ?, ?, ?) [22001-240]
	at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(CveDB.java:1104)
	at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.updateCveDb(NvdApiProcessor.java:119)
	at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call(NvdApiProcessor.java:102)
	at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call(NvdApiProcessor.java:40)
	at java.base@25.0.2/java.util.concurrent.FutureTask.run(FutureTask.java:328)
	at java.base@25.0.2/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1090)
	at java.base@25.0.2/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:614)
	at java.base@25.0.2/java.lang.Thread.run(Thread.java:1474)
```

**To Reproduce**
Steps to reproduce the behavior:
1. Run the dependency check, e.g. via `./gradlew dependencyCheckAggregate`

**Expected behavior**
The check should be able to handle CVEs from Mozilla which have these kind of super long URLs.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2026-6785'; Value too long for column "URL CHARACTER VARYING(1000) #8466

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2026-6785'; Value too long for column "URL CHARACTER VARYING(1000) #8466

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions