When dependencies in your project have known vulnerabilities, how do you know whether you're actually using the vulnerable part of a dependency? Use IntelliJ IDEA's Vulnerable API Usages inspection to find out!

If we are looking at code that calls the vulnerable API of a dependency, this code will be highlighted in the editor. When we hover over the highlighted code, we see a list of vulnerabilities found in this API call. We can show context actions ⌥⏎ (macOS) / Alt+Enter (Windows/Linux) and select Go to file with declared dependency from the menu. This will navigate to the part of our build file where the vulnerable dependency is declared. Here we can use ⌥⏎ (macOS) / Alt+Enter (Windows/Linux) again to upgrade to an unaffected version (if one is available).