Maven Package Vulnerabilities

All 3,041 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,782 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 1.org.jenkins-ci.main:jenkins-core249 CVEs
  2. 2.org.apache.tomcat:tomcat160 CVEs
  3. 3.com.liferay.portal:release.portal.bom159 CVEs
  4. 4.com.liferay.portal:release.dxp.bom125 CVEs
  5. 5.org.keycloak:keycloak-services79 CVEs
  6. 6.org.apache.tomcat.embed:tomcat-embed-core72 CVEs
  7. 7.com.fasterxml.jackson.core:jackson-databind70 CVEs
  8. 8.org.apache.struts:struts2-core60 CVEs
  9. 9.org.keycloak:keycloak-core48 CVEs
  10. 10.org.xwiki.platform:xwiki-platform-oldcore45 CVEs
  11. 11.org.apache.tomcat:tomcat-catalina43 CVEs
  12. 12.org.elasticsearch:elasticsearch43 CVEs
  13. 13.net.mingsoft:ms-mcms39 CVEs
  14. 14.io.undertow:undertow-core38 CVEs
  15. 15.com.jfinal:jfinal36 CVEs
  16. 16.com.thoughtworks.xstream:xstream35 CVEs
  17. 17.org.jenkins-ci.plugins:script-security35 CVEs
  18. 18.org.opencms:opencms-core31 CVEs
  19. 19.org.springframework.security:spring-security-core31 CVEs
  20. 20.org.apache.solr:solr-core30 CVEs
  21. 21.org.apache.tomcat:tomcat-coyote29 CVEs
  22. 22.org.eclipse.jetty:jetty-server26 CVEs
  23. 23.org.apache.openmeetings:openmeetings-parent25 CVEs
  24. 24.org.bouncycastle:bcprov-jdk1425 CVEs
  25. 25.org.keycloak:keycloak-parent25 CVEs
  26. 26.org.bouncycastle:bcprov-jdk15on24 CVEs
  27. 27.org.xwiki.platform:xwiki-platform-web-templates23 CVEs
  28. 28.org.apache.nifi:nifi21 CVEs
  29. 29.org.cloudfoundry.identity:cloudfoundry-identity-server21 CVEs
  30. 30.com.liferay.portal:com.liferay.portal.impl18 CVEs
  31. 31.org.apache.activemq:activemq-client18 CVEs
  32. 32.org.apache.jspwiki:jspwiki-main18 CVEs
  33. 33.org.springframework:spring-core18 CVEs
  34. 34.org.springframework:spring-webmvc18 CVEs
  35. 35.org.apache.dolphinscheduler:dolphinscheduler17 CVEs
  36. 36.org.apache.geode:geode-core17 CVEs
  37. 37.org.apache.inlong:manager-pojo17 CVEs
  38. 38.io.netty:netty-codec-http16 CVEs
  39. 39.org.apache.dubbo:dubbo16 CVEs
  40. 40.org.apache.ranger:ranger16 CVEs
  41. 41.org.apache.struts.xwork:xwork-core16 CVEs
  42. 42.org.bouncycastle:bcprov-jdk1516 CVEs
  43. 43.ai.h2o:h2o-core15 CVEs
  44. 44.org.geoserver.web:gs-web-app15 CVEs
  45. 45.org.xwiki.platform:xwiki-platform-web15 CVEs
  46. 46.org.apache.hadoop:hadoop-main13 CVEs
  47. 47.org.apache.kylin:kylin13 CVEs
  48. 48.org.apache.tika:tika-core13 CVEs
  49. 49.org.jenkins-ci.plugins:git13 CVEs
  50. 50.org.jenkins-ci.plugins.workflow:workflow-cps13 CVEs

Which Maven packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →