Maven Package Vulnerabilities

All 3,041 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,785 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 51.org.apache.cassandra:cassandra-all12 CVEs
  2. 52.org.apache.cxf:cxf12 CVEs
  3. 53.org.apache.cxf:cxf-core12 CVEs
  4. 54.org.apache.hadoop:hadoop-common12 CVEs
  5. 55.org.apache.streampark:streampark12 CVEs
  6. 56.org.bouncycastle:bcprov-jdk15to1812 CVEs
  7. 57.org.jeecgframework.boot:jeecg-boot-parent12 CVEs
  8. 58.org.springframework:spring-web12 CVEs
  9. 59.com.xuxueli:xxl-job11 CVEs
  10. 60.io.netty:netty-handler11 CVEs
  11. 61.org.apache.archiva:archiva11 CVEs
  12. 62.org.apache.camel:camel-core11 CVEs
  13. 63.org.apache.commons:commons-compress11 CVEs
  14. 64.org.apache.james:james-server11 CVEs
  15. 65.org.apache.jspwiki:jspwiki-war11 CVEs
  16. 66.org.apache.logging.log4j:log4j-core11 CVEs
  17. 67.org.apache.shiro:shiro-core11 CVEs
  18. 68.org.graylog2:graylog2-server11 CVEs
  19. 69.org.igniterealtime.openfire:parent11 CVEs
  20. 70.org.jenkins-ci.plugins:email-ext11 CVEs
  21. 71.org.mortbay.jetty:jetty11 CVEs
  22. 72.org.xwiki.platform:xwiki-platform-administration-ui11 CVEs
  23. 73.org.xwiki.platform:xwiki-platform-rest-server11 CVEs
  24. 74.struts:struts11 CVEs
  25. 75.com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer10 CVEs
  26. 76.com.vaadin:flow-server10 CVEs
  27. 77.io.netty:netty10 CVEs
  28. 78.org.apache.hive:hive-exec10 CVEs
  29. 79.org.apache.inlong:manager-service10 CVEs
  30. 80.org.apache.linkis:linkis10 CVEs
  31. 81.org.bouncycastle:bc-fips10 CVEs
  32. 82.org.craftercms:crafter-studio10 CVEs
  33. 83.org.jboss.netty:netty10 CVEs
  34. 84.org.jenkins-ci.plugins.workflow:workflow-cps-global-lib10 CVEs
  35. 85.org.springframework:spring-webflux10 CVEs
  36. 86.cn.hutool:hutool-core9 CVEs
  37. 87.com.vaadin:vaadin-bom9 CVEs
  38. 88.io.jenkins:configuration-as-code9 CVEs
  39. 89.mysql:mysql-connector-java9 CVEs
  40. 90.org.apache.activemq:activemq-broker9 CVEs
  41. 91.org.apache.activemq:apache-activemq9 CVEs
  42. 92.org.apache.dolphinscheduler:dolphinscheduler-api9 CVEs
  43. 93.org.apache.hive:hive9 CVEs
  44. 94.org.apache.spark:spark-core_2.119 CVEs
  45. 95.org.apache.tapestry:tapestry-core9 CVEs
  46. 96.org.apache.xmlgraphics:batik9 CVEs
  47. 97.org.apache.zookeeper:zookeeper9 CVEs
  48. 98.org.bouncycastle:bcprov-jdk18on9 CVEs
  49. 99.org.jenkins-ci.plugins:active-directory9 CVEs
  50. 100.org.jenkins-ci.plugins:config-file-provider9 CVEs

Which Maven packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →