Package Vulnerabilities by Ecosystem

10,770 CVE-affected open-source packages across 11 ecosystems, ranked by live CVE volume — 35,148 package-to-CVE mappings sourced from GHSA, NVD, and vendor advisories, with affected ranges and fixed versions. Each package links to its live CVE list, updated continuously as new vulnerabilities publish.

Java / JVM artifacts

Top 8 by CVE volume

  1. 1.org.jenkins-ci.main:jenkins-core249 CVEs
  2. 2.org.apache.tomcat:tomcat160 CVEs
  3. 3.com.liferay.portal:release.portal.bom159 CVEs
  4. 4.com.liferay.portal:release.dxp.bom125 CVEs
  5. 5.org.keycloak:keycloak-services79 CVEs
  6. 6.org.apache.tomcat.embed:tomcat-embed-core72 CVEs
  7. 7.com.fasterxml.jackson.core:jackson-databind69 CVEs
  8. 8.org.apache.struts:struts2-core60 CVEs
View all 3,037 Maven packages →

JavaScript / Node.js packages

Top 8 by CVE volume

  1. 1.openclaw298 CVEs
  2. 2.n8n62 CVEs
  3. 3.flowise58 CVEs
  4. 4.parse-server55 CVEs
  5. 5.directus53 CVEs
  6. 6.electron49 CVEs
  7. 7.nocodb44 CVEs
  8. 8.next42 CVEs
View all 2,636 npm packages →

Python packages

Top 8 by CVE volume

  1. 1.tensorflow427 CVEs
  2. 2.tensorflow-cpu424 CVEs
  3. 3.tensorflow-gpu421 CVEs
  4. 4.django155 CVEs
  5. 5.apache-airflow129 CVEs
  6. 6.plone101 CVEs
  7. 7.open-webui98 CVEs
  8. 8.mlflow73 CVEs
View all 1,358 PyPI packages →

Go modules

Top 8 by CVE volume

  1. 1.github.com/mattermost/mattermost-server245 CVEs
  2. 2.github.com/mattermost/mattermost/server/v8174 CVEs
  3. 3.github.com/mattermost/mattermost-server/v6173 CVEs
  4. 4.stdlib160 CVEs
  5. 5.github.com/mattermost/mattermost-server/v5150 CVEs
  6. 6.github.com/usememos/memos74 CVEs
  7. 7.github.com/grafana/grafana61 CVEs
  8. 8.github.com/hashicorp/vault55 CVEs
View all 1,259 Go packages →

PHP / Composer packages

Top 8 by CVE volume

  1. 1.moodle/moodle435 CVEs
  2. 2.magento/community-edition353 CVEs
  3. 3.magento/project-community-edition161 CVEs
  4. 4.pimcore/pimcore124 CVEs
  5. 5.dolibarr/dolibarr123 CVEs
  6. 6.typo3/cms116 CVEs
  7. 7.drupal/core110 CVEs
  8. 8.phpmyadmin/phpmyadmin107 CVEs
View all 918 Packagist packages →

Rust crates

Top 8 by CVE volume

  1. 1.coreutils44 CVEs
  2. 2.wasmtime36 CVEs
  3. 3.deno34 CVEs
  4. 4.openssl-src26 CVEs
  5. 5.rusqlite15 CVEs
  6. 6.apollo-router12 CVEs
  7. 7.openssl12 CVEs
  8. 8.russh11 CVEs
View all 559 crates.io packages →

.NET packages

Top 8 by CVE volume

  1. 1.Microsoft.ChakraCore247 CVEs
  2. 2.Magick.NET-Q16-AnyCPU58 CVEs
  3. 3.Magick.NET-Q16-HDRI-AnyCPU58 CVEs
  4. 4.Magick.NET-Q16-HDRI-x8658 CVEs
  5. 5.Magick.NET-Q16-x8658 CVEs
  6. 6.Magick.NET-Q8-AnyCPU58 CVEs
  7. 7.Magick.NET-Q8-x8657 CVEs
  8. 8.Magick.NET-Q16-arm6455 CVEs
View all 534 NuGet packages →

Ruby gems

Top 8 by CVE volume

  1. 1.actionpack61 CVEs
  2. 2.rack49 CVEs
  3. 3.nokogiri32 CVEs
  4. 4.rubygems-update25 CVEs
  5. 5.activerecord23 CVEs
  6. 6.puppet22 CVEs
  7. 7.publify_core15 CVEs
  8. 8.activesupport14 CVEs
View all 402 RubyGems packages →

Elixir / Erlang packages

Top 8 by CVE volume

  1. 1.hackney12 CVEs
  2. 2.bandit7 CVEs
  3. 3.cowlib5 CVEs
  4. 4.tesla5 CVEs
  5. 5.ash4 CVEs
  6. 6.grpc4 CVEs
  7. 7.mint4 CVEs
  8. 8.plug4 CVEs
View all 52 Hex packages →

Dart / Flutter packages

Top 8 by CVE volume

  1. 1.archive2 CVEs
  2. 2.agent_dart1 CVEs
  3. 3.dio1 CVEs
  4. 4.http1 CVEs
  5. 5.jose1 CVEs
  6. 6.personnummer1 CVEs
  7. 7.pubnub1 CVEs
  8. 8.serverpod_auth_server1 CVEs
View all 9 Pub packages →

Swift packages

Top 6 by CVE volume

  1. 1.github.com/pytorch/executorch6 CVEs
  2. 2.github.com/apple/swift-nio-http21 CVEs
  3. 3.github.com/facebook/zstd1 CVEs
  4. 4.github.com/mongodb/mongo-swift-driver1 CVEs
  5. 5.github.com/pubnub/swift1 CVEs
  6. 6.github.com/shareup/wasm-interpreter-apple1 CVEs
View all 6 SwiftURL packages →

Which of these packages run in YOUR stack?

EchelonGraph inventories your dependencies across clouds and clusters, then correlates every package against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →