Maven Package Vulnerabilities
All 3,041 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,782 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 1.org.jenkins-ci.main:jenkins-core249 CVEs
- 2.org.apache.tomcat:tomcat160 CVEs
- 3.com.liferay.portal:release.portal.bom159 CVEs
- 4.com.liferay.portal:release.dxp.bom125 CVEs
- 5.org.keycloak:keycloak-services79 CVEs
- 6.org.apache.tomcat.embed:tomcat-embed-core72 CVEs
- 7.com.fasterxml.jackson.core:jackson-databind70 CVEs
- 8.org.apache.struts:struts2-core60 CVEs
- 9.org.keycloak:keycloak-core48 CVEs
- 10.org.xwiki.platform:xwiki-platform-oldcore45 CVEs
- 11.org.apache.tomcat:tomcat-catalina43 CVEs
- 12.org.elasticsearch:elasticsearch43 CVEs
- 13.net.mingsoft:ms-mcms39 CVEs
- 14.io.undertow:undertow-core38 CVEs
- 15.com.jfinal:jfinal36 CVEs
- 16.com.thoughtworks.xstream:xstream35 CVEs
- 17.org.jenkins-ci.plugins:script-security35 CVEs
- 18.org.opencms:opencms-core31 CVEs
- 19.org.springframework.security:spring-security-core31 CVEs
- 20.org.apache.solr:solr-core30 CVEs
- 21.org.apache.tomcat:tomcat-coyote29 CVEs
- 22.org.eclipse.jetty:jetty-server26 CVEs
- 23.org.apache.openmeetings:openmeetings-parent25 CVEs
- 24.org.bouncycastle:bcprov-jdk1425 CVEs
- 25.org.keycloak:keycloak-parent25 CVEs
- 26.org.bouncycastle:bcprov-jdk15on24 CVEs
- 27.org.xwiki.platform:xwiki-platform-web-templates23 CVEs
- 28.org.apache.nifi:nifi21 CVEs
- 29.org.cloudfoundry.identity:cloudfoundry-identity-server21 CVEs
- 30.com.liferay.portal:com.liferay.portal.impl18 CVEs
- 31.org.apache.activemq:activemq-client18 CVEs
- 32.org.apache.jspwiki:jspwiki-main18 CVEs
- 33.org.springframework:spring-core18 CVEs
- 34.org.springframework:spring-webmvc18 CVEs
- 35.org.apache.dolphinscheduler:dolphinscheduler17 CVEs
- 36.org.apache.geode:geode-core17 CVEs
- 37.org.apache.inlong:manager-pojo17 CVEs
- 38.io.netty:netty-codec-http16 CVEs
- 39.org.apache.dubbo:dubbo16 CVEs
- 40.org.apache.ranger:ranger16 CVEs
- 41.org.apache.struts.xwork:xwork-core16 CVEs
- 42.org.bouncycastle:bcprov-jdk1516 CVEs
- 43.ai.h2o:h2o-core15 CVEs
- 44.org.geoserver.web:gs-web-app15 CVEs
- 45.org.xwiki.platform:xwiki-platform-web15 CVEs
- 46.org.apache.hadoop:hadoop-main13 CVEs
- 47.org.apache.kylin:kylin13 CVEs
- 48.org.apache.tika:tika-core13 CVEs
- 49.org.jenkins-ci.plugins:git13 CVEs
- 50.org.jenkins-ci.plugins.workflow:workflow-cps13 CVEs
Which Maven packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →