Maven Package Vulnerabilities

All 3,051 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,816 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 851.org.apache.nifi:nifi-standard-processors2 CVEs
  2. 852.org.apache.nifi:nifi-web-ui2 CVEs
  3. 853.org.apache.parquet:parquet-avro2 CVEs
  4. 854.org.apache.pdfbox:pdfbox-parent2 CVEs
  5. 855.org.apache.pinot:pinot2 CVEs
  6. 856.org.apache.pinot:pinot-controller2 CVEs
  7. 857.org.apache.poi:poi-scratchpad2 CVEs
  8. 858.org.apache.polaris:polaris-core2 CVEs
  9. 859.org.apache.polaris:polaris-runtime-service2 CVEs
  10. 860.org.apache.portals.jetspeed-2:jetspeed-commons2 CVEs
  11. 861.org.apache.qpid:proton-j2 CVEs
  12. 862.org.apache.rocketmq:rocketmq-broker2 CVEs
  13. 863.org.apache.rocketmq:rocketmq-namesrv2 CVEs
  14. 864.org.apache.sanselan:sanselan2 CVEs
  15. 865.org.apache.seata:seata-config-core2 CVEs
  16. 866.org.apache.shardingsphere:shardingsphere2 CVEs
  17. 867.org.apache.shiro:shiro-root2 CVEs
  18. 868.org.apache.sling:org.apache.sling.auth.core2 CVEs
  19. 869.org.apache.solr:solr-solrj2 CVEs
  20. 870.org.apache.spark:spark-core_2.122 CVEs
  21. 871.org.apache.spark:spark-core_2.132 CVEs
  22. 872.org.apache.spark:spark-parent_2.122 CVEs
  23. 873.org.apache.storm:storm-client2 CVEs
  24. 874.org.apache.submarine:submarine-server-core2 CVEs
  25. 875.org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui2 CVEs
  26. 876.org.apache.syncope.client.idrepo:syncope-client-idrepo-console2 CVEs
  27. 877.org.apache.syncope.core:syncope-core-spring2 CVEs
  28. 878.org.apache.tika:tika-parser-pdf-module2 CVEs
  29. 879.org.apache.tiles:tiles-core2 CVEs
  30. 880.org.apache.tomcat.embed:tomcat-embed-jasper2 CVEs
  31. 881.org.apache.tomcat.embed:tomcat-embed-websocket2 CVEs
  32. 882.org.apache.tomcat:tomcat-coyote-ffm2 CVEs
  33. 883.org.apache.tomcat:tomcat-websocket2 CVEs
  34. 884.org.apache.uima:uimaj-core2 CVEs
  35. 885.org.apache.wicket:wicket-parent2 CVEs
  36. 886.org.apache.wss4j:wss4j-ws-security-dom2 CVEs
  37. 887.org.apache.zeppelin:zeppelin-jdbc2 CVEs
  38. 888.org.apache.zeppelin:zeppelin-web2 CVEs
  39. 889.org.apereo.cas:cas-management-webapp-support2 CVEs
  40. 890.org.bouncycastle:bcpkix-jdk15on2 CVEs
  41. 891.org.bouncycastle:bcpkix-jdk15to182 CVEs
  42. 892.org.bouncycastle:bcprov-debug-jdk142 CVEs
  43. 893.org.bouncycastle:bcprov-debug-jdk15to182 CVEs
  44. 894.org.bouncycastle:bcprov-debug-jdk18on2 CVEs
  45. 895.org.bouncycastle:bcprov-ext-jdk142 CVEs
  46. 896.org.bouncycastle:bcprov-ext-jdk15to182 CVEs
  47. 897.org.bouncycastle:bcprov-ext-jdk18on2 CVEs
  48. 898.org.clojure:clojure2 CVEs
  49. 899.org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin2 CVEs
  50. 900.org.codehaus.jackson:jackson-mapper-asl2 CVEs

Which Maven packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →