Maven Package Vulnerabilities

All 3,053 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,831 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 2,151.org.apache.spark:spark-parent_2.111 CVE
  2. 2,152.org.apache.sshd:sshd-mina1 CVE
  3. 2,153.org.apache.sshd:sshd-sftp1 CVE
  4. 2,154.org.apache.storm:storm-kafka1 CVE
  5. 2,155.org.apache.storm:storm-kafka-client1 CVE
  6. 2,156.org.apache.storm:storm-metrics-prometheus1 CVE
  7. 2,157.org.apache.storm:storm-webapp1 CVE
  8. 2,158.org.apache.streampark:streampark-common_2.111 CVE
  9. 2,159.org.apache.streampark:streampark-common_2.121 CVE
  10. 2,160.org.apache.streampipes:streampipes-resource-management1 CVE
  11. 2,161.org.apache.struts:struts2-convention-plugin1 CVE
  12. 2,162.org.apache.struts:struts2-dojo-plugin1 CVE
  13. 2,163.org.apache.struts:struts2-struts1-plugin1 CVE
  14. 2,164.org.apache.struts:struts-extras1 CVE
  15. 2,165.org.apache.struts:struts-parent1 CVE
  16. 2,166.org.apache.struts:struts-tiles1 CVE
  17. 2,167.org.apache.submarine:submarine-commons-utils1 CVE
  18. 2,168.org.apache.synapse:synapse-core1 CVE
  19. 2,169.org.apache.syncope.client:syncope-client-console1 CVE
  20. 2,170.org.apache.syncope.client:syncope-client-enduser1 CVE
  21. 2,171.org.apache.syncope.core:syncope-core-provisioning-api1 CVE
  22. 2,172.org.apache.systemds:systemds1 CVE
  23. 2,173.org.apache.taglibs:taglibs-standard1 CVE
  24. 2,174.org.apache.taglibs:taglibs-standard-impl1 CVE
  25. 2,175.org.apache.tapestry:tapestry-project1 CVE
  26. 2,176.org.apache.tika:tika-server1 CVE
  27. 2,177.org.apache.tomcat.experimental:tomcat-embed-programmatic1 CVE
  28. 2,178.org.apache.tomcat:jasper1 CVE
  29. 2,179.org.apache.tomcat:jsp-api1 CVE
  30. 2,180.org.apache.tomcat:servlet-api1 CVE
  31. 2,181.org.apache.tomcat:tomcat-catalina-jmx-remote1 CVE
  32. 2,182.org.apache.tomcat:tomcat-embed-core1 CVE
  33. 2,183.org.apache.tomcat:tomcat-juli1 CVE
  34. 2,184.org.apache.tomcat:tomcat-servlet-api1 CVE
  35. 2,185.org.apache.tomee:apache-tomee1 CVE
  36. 2,186.org.apache.tomee:tomee1 CVE
  37. 2,187.org.apache.tomee:tomee-webapp1 CVE
  38. 2,188.org.apache.uima:uima-ducc-parent1 CVE
  39. 2,189.org.apache.uima:uima-ducc-web1 CVE
  40. 2,190.org.apache.uima:uimafit-core1 CVE
  41. 2,191.org.apache.uima:uimaj1 CVE
  42. 2,192.org.apache.uima:uimaj-as-core1 CVE
  43. 2,193.org.apache.velocity.tools:velocity-tools-parent1 CVE
  44. 2,194.org.apache.velocity:velocity1 CVE
  45. 2,195.org.apache.velocity:velocity-engine-parent1 CVE
  46. 2,196.org.apache.velocity:velocity-tools1 CVE
  47. 2,197.org.apache.wicket:wicket1 CVE
  48. 2,198.org.apache.wicket:wicket-auth-roles1 CVE
  49. 2,199.org.apache.wicket:wicket-util1 CVE
  50. 2,200.org.apache.xmlbeans:xmlbeans1 CVE

Which Maven packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →