Maven Package Vulnerabilities
All 3,052 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,829 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 1,901.org.apache.causeway.core:causeway-core1 CVE
- 1,902.org.apache.causeway.viewer:causeway-viewer-wicket1 CVE
- 1,903.org.apache.cayenne:cayenne-parent1 CVE
- 1,904.org.apache.cayenne:cayenne-server1 CVE
- 1,905.org.apache.cocoon:cocoon-forms-impl1 CVE
- 1,906.org.apache.cocoon:cocoon-sitemap-impl1 CVE
- 1,907.org.apache.commons:commons-beanutils21 CVE
- 1,908.org.apache.commons:commons-collections41 CVE
- 1,909.org.apache.commons:commons-fileupload2-core1 CVE
- 1,910.org.apache.commons:commons-io1 CVE
- 1,911.org.apache.commons:commons-lang31 CVE
- 1,912.org.apache.commons:commons-text1 CVE
- 1,913.org.apache.cxf:cxf-rt-databinding-aegis1 CVE
- 1,914.org.apache.cxf:cxf-rt-management1 CVE
- 1,915.org.apache.cxf:cxf-rt-rs-security-jose1 CVE
- 1,916.org.apache.cxf:cxf-rt-rs-security-sso-saml1 CVE
- 1,917.org.apache.cxf:cxf-rt-rs-service-description1 CVE
- 1,918.org.apache.cxf:cxf-rt-ws-security1 CVE
- 1,919.org.apache.cxf:cxf-rt-ws-transfer1 CVE
- 1,920.org.apache.cxf.fediz:fediz-core1 CVE
- 1,921.org.apache.cxf.fediz:fediz-idp1 CVE
- 1,922.org.apache.cxf.fediz:fediz-oidc1 CVE
- 1,923.org.apache.cxf.karaf:apache-cxf1 CVE
- 1,924.org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap1 CVE
- 1,925.org.apache.ddlutils:ddlutils1 CVE
- 1,926.org.apache.deltaspike:deltaspike1 CVE
- 1,927.org.apache.deltaspike.modules:jsf-module-project1 CVE
- 1,928.org.apache.directory.api:apache-ldap-api1 CVE
- 1,929.org.apache.directory.api:api-ldap-client-api1 CVE
- 1,930.org.apache.directory.api:api-ldap-model1 CVE
- 1,931.org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core1 CVE
- 1,932.org.apache.directory.studio:org.apache.directory.studio.parent1 CVE
- 1,933.org.apache.dolphinscheduler:dolphinscheduler-alert-plugins1 CVE
- 1,934.org.apache.dolphinscheduler:dolphinscheduler-dao1 CVE
- 1,935.org.apache.dolphinscheduler:dolphinscheduler-rpc1 CVE
- 1,936.org.apache.dolphinscheduler:dolphinscheduler-server1 CVE
- 1,937.org.apache.dolphinscheduler:dolphinscheduler-service1 CVE
- 1,938.org.apache.dolphinscheduler:dolphinscheduler-task-api1 CVE
- 1,939.org.apache.drill:drill-common1 CVE
- 1,940.org.apache.drill.exec:drill-java-exec1 CVE
- 1,941.org.apache.druid.extensions:druid-basic-security1 CVE
- 1,942.org.apache.druid.extensions:druid-pac4j1 CVE
- 1,943.org.apache.dubbo:dubbo-common1 CVE
- 1,944.org.apache.dubbo:dubbo-rpc-http-invoker1 CVE
- 1,945.org.apache.eventmesh:eventmesh-connector-rabbitmq1 CVE
- 1,946.org.apache.eventmesh:eventmesh-meta-raft1 CVE
- 1,947.org.apache.eventmesh:eventmesh-runtime1 CVE
- 1,948.org.apache-extras.beanshell:bsh1 CVE
- 1,949.org.apache.felix:org.apache.felix.healthcheck.webconsoleplugin1 CVE
- 1,950.org.apache.felix:org.apache.felix.http.webconsoleplugin1 CVE
Which Maven packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →