Maven Package Vulnerabilities

All 3,051 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,816 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 801.org.alluxio:alluxio-parent2 CVEs
  2. 802.org.apache.activemq:activemq-jaas2 CVEs
  3. 803.org.apache.activemq:activemq-mqtt2 CVEs
  4. 804.org.apache.activemq:activemq-openwire-legacy2 CVEs
  5. 805.org.apache.activemq:apache-artemis2 CVEs
  6. 806.org.apache.activemq:artemis-core-client2 CVEs
  7. 807.org.apache.activemq:artemis-openwire-protocol2 CVEs
  8. 808.org.apache.avro:avro2 CVEs
  9. 809.org.apache.axis2.wso2:axis22 CVEs
  10. 810.org.apache.brooklyn:brooklyn2 CVEs
  11. 811.org.apache.camel:camel-coap2 CVEs
  12. 812.org.apache.camel:camel-infinispan2 CVEs
  13. 813.org.apache.camel:camel-mail2 CVEs
  14. 814.org.apache.camel:camel-support2 CVEs
  15. 815.org.apache.cocoon:cocoon2 CVEs
  16. 816.org.apache.commons:commons-email2 CVEs
  17. 817.org.apache.commons:commons-vfs22 CVEs
  18. 818.org.apache.continuum:continuum2 CVEs
  19. 819.org.apache.cxf:cxf-rt-transports-jms2 CVEs
  20. 820.org.apache.cxf.fediz:fediz-jetty82 CVEs
  21. 821.org.apache.cxf.fediz:fediz-jetty92 CVEs
  22. 822.org.apache.cxf.fediz:fediz-spring32 CVEs
  23. 823.org.apache.dolphinscheduler:dolphinscheduler-common2 CVEs
  24. 824.org.apache.dolphinscheduler:dolphinscheduler-master2 CVEs
  25. 825.org.apache.druid:druid-core2 CVEs
  26. 826.org.apache.dubbo:dubbo-parent2 CVEs
  27. 827.org.apache.gobblin:gobblin-core2 CVEs
  28. 828.org.apache.guacamole:guacamole-common2 CVEs
  29. 829.org.apache.hbase:hbase2 CVEs
  30. 830.org.apache.helix:helix2 CVEs
  31. 831.org.apache.httpcomponents.client5:httpclient52 CVEs
  32. 832.org.apache.hugegraph:hugegraph-api2 CVEs
  33. 833.org.apache.inlong:manager-test2 CVEs
  34. 834.org.apache.iotdb:iotdb-grafana-connector2 CVEs
  35. 835.org.apache.iotdb:iotdb-parent2 CVEs
  36. 836.org.apache.iotdb:iotdb-server2 CVEs
  37. 837.org.apache.isis.core:isis-core2 CVEs
  38. 838.org.apache.jena:jena-fuseki2 CVEs
  39. 839.org.apache.juddi:juddi-client2 CVEs
  40. 840.org.apache.kafka:kafka_2.102 CVEs
  41. 841.org.apache.karaf.management:org.apache.karaf.management.server2 CVEs
  42. 842.org.apache.kylin:kylin-common-service2 CVEs
  43. 843.org.apache.kylin:kylin-core-metadata2 CVEs
  44. 844.org.apache.kylin:kylin-ops-server2 CVEs
  45. 845.org.apache.kylin:kylin-server2 CVEs
  46. 846.org.apache.logging.log4j:log4j2 CVEs
  47. 847.org.apache.myfaces.core:myfaces-impl2 CVEs
  48. 848.org.apache.nifi:nifi-dbcp-base2 CVEs
  49. 849.org.apache.nifi:nifi-framework-core2 CVEs
  50. 850.org.apache.nifi:nifi-hikari-dbcp-service2 CVEs

Which Maven packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →