Maven Package Vulnerabilities

All 3,052 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,829 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 1,901.org.apache.causeway.core:causeway-core1 CVE
  2. 1,902.org.apache.causeway.viewer:causeway-viewer-wicket1 CVE
  3. 1,903.org.apache.cayenne:cayenne-parent1 CVE
  4. 1,904.org.apache.cayenne:cayenne-server1 CVE
  5. 1,905.org.apache.cocoon:cocoon-forms-impl1 CVE
  6. 1,906.org.apache.cocoon:cocoon-sitemap-impl1 CVE
  7. 1,907.org.apache.commons:commons-beanutils21 CVE
  8. 1,908.org.apache.commons:commons-collections41 CVE
  9. 1,909.org.apache.commons:commons-fileupload2-core1 CVE
  10. 1,910.org.apache.commons:commons-io1 CVE
  11. 1,911.org.apache.commons:commons-lang31 CVE
  12. 1,912.org.apache.commons:commons-text1 CVE
  13. 1,913.org.apache.cxf:cxf-rt-databinding-aegis1 CVE
  14. 1,914.org.apache.cxf:cxf-rt-management1 CVE
  15. 1,915.org.apache.cxf:cxf-rt-rs-security-jose1 CVE
  16. 1,916.org.apache.cxf:cxf-rt-rs-security-sso-saml1 CVE
  17. 1,917.org.apache.cxf:cxf-rt-rs-service-description1 CVE
  18. 1,918.org.apache.cxf:cxf-rt-ws-security1 CVE
  19. 1,919.org.apache.cxf:cxf-rt-ws-transfer1 CVE
  20. 1,920.org.apache.cxf.fediz:fediz-core1 CVE
  21. 1,921.org.apache.cxf.fediz:fediz-idp1 CVE
  22. 1,922.org.apache.cxf.fediz:fediz-oidc1 CVE
  23. 1,923.org.apache.cxf.karaf:apache-cxf1 CVE
  24. 1,924.org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap1 CVE
  25. 1,925.org.apache.ddlutils:ddlutils1 CVE
  26. 1,926.org.apache.deltaspike:deltaspike1 CVE
  27. 1,927.org.apache.deltaspike.modules:jsf-module-project1 CVE
  28. 1,928.org.apache.directory.api:apache-ldap-api1 CVE
  29. 1,929.org.apache.directory.api:api-ldap-client-api1 CVE
  30. 1,930.org.apache.directory.api:api-ldap-model1 CVE
  31. 1,931.org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core1 CVE
  32. 1,932.org.apache.directory.studio:org.apache.directory.studio.parent1 CVE
  33. 1,933.org.apache.dolphinscheduler:dolphinscheduler-alert-plugins1 CVE
  34. 1,934.org.apache.dolphinscheduler:dolphinscheduler-dao1 CVE
  35. 1,935.org.apache.dolphinscheduler:dolphinscheduler-rpc1 CVE
  36. 1,936.org.apache.dolphinscheduler:dolphinscheduler-server1 CVE
  37. 1,937.org.apache.dolphinscheduler:dolphinscheduler-service1 CVE
  38. 1,938.org.apache.dolphinscheduler:dolphinscheduler-task-api1 CVE
  39. 1,939.org.apache.drill:drill-common1 CVE
  40. 1,940.org.apache.drill.exec:drill-java-exec1 CVE
  41. 1,941.org.apache.druid.extensions:druid-basic-security1 CVE
  42. 1,942.org.apache.druid.extensions:druid-pac4j1 CVE
  43. 1,943.org.apache.dubbo:dubbo-common1 CVE
  44. 1,944.org.apache.dubbo:dubbo-rpc-http-invoker1 CVE
  45. 1,945.org.apache.eventmesh:eventmesh-connector-rabbitmq1 CVE
  46. 1,946.org.apache.eventmesh:eventmesh-meta-raft1 CVE
  47. 1,947.org.apache.eventmesh:eventmesh-runtime1 CVE
  48. 1,948.org.apache-extras.beanshell:bsh1 CVE
  49. 1,949.org.apache.felix:org.apache.felix.healthcheck.webconsoleplugin1 CVE
  50. 1,950.org.apache.felix:org.apache.felix.http.webconsoleplugin1 CVE

Which Maven packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →