Maven Package Vulnerabilities
All 3,053 Java / JVM artifacts with known CVEs, ranked by live CVE volume — 7,831 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 2,151.org.apache.spark:spark-parent_2.111 CVE
- 2,152.org.apache.sshd:sshd-mina1 CVE
- 2,153.org.apache.sshd:sshd-sftp1 CVE
- 2,154.org.apache.storm:storm-kafka1 CVE
- 2,155.org.apache.storm:storm-kafka-client1 CVE
- 2,156.org.apache.storm:storm-metrics-prometheus1 CVE
- 2,157.org.apache.storm:storm-webapp1 CVE
- 2,158.org.apache.streampark:streampark-common_2.111 CVE
- 2,159.org.apache.streampark:streampark-common_2.121 CVE
- 2,160.org.apache.streampipes:streampipes-resource-management1 CVE
- 2,161.org.apache.struts:struts2-convention-plugin1 CVE
- 2,162.org.apache.struts:struts2-dojo-plugin1 CVE
- 2,163.org.apache.struts:struts2-struts1-plugin1 CVE
- 2,164.org.apache.struts:struts-extras1 CVE
- 2,165.org.apache.struts:struts-parent1 CVE
- 2,166.org.apache.struts:struts-tiles1 CVE
- 2,167.org.apache.submarine:submarine-commons-utils1 CVE
- 2,168.org.apache.synapse:synapse-core1 CVE
- 2,169.org.apache.syncope.client:syncope-client-console1 CVE
- 2,170.org.apache.syncope.client:syncope-client-enduser1 CVE
- 2,171.org.apache.syncope.core:syncope-core-provisioning-api1 CVE
- 2,172.org.apache.systemds:systemds1 CVE
- 2,173.org.apache.taglibs:taglibs-standard1 CVE
- 2,174.org.apache.taglibs:taglibs-standard-impl1 CVE
- 2,175.org.apache.tapestry:tapestry-project1 CVE
- 2,176.org.apache.tika:tika-server1 CVE
- 2,177.org.apache.tomcat.experimental:tomcat-embed-programmatic1 CVE
- 2,178.org.apache.tomcat:jasper1 CVE
- 2,179.org.apache.tomcat:jsp-api1 CVE
- 2,180.org.apache.tomcat:servlet-api1 CVE
- 2,181.org.apache.tomcat:tomcat-catalina-jmx-remote1 CVE
- 2,182.org.apache.tomcat:tomcat-embed-core1 CVE
- 2,183.org.apache.tomcat:tomcat-juli1 CVE
- 2,184.org.apache.tomcat:tomcat-servlet-api1 CVE
- 2,185.org.apache.tomee:apache-tomee1 CVE
- 2,186.org.apache.tomee:tomee1 CVE
- 2,187.org.apache.tomee:tomee-webapp1 CVE
- 2,188.org.apache.uima:uima-ducc-parent1 CVE
- 2,189.org.apache.uima:uima-ducc-web1 CVE
- 2,190.org.apache.uima:uimafit-core1 CVE
- 2,191.org.apache.uima:uimaj1 CVE
- 2,192.org.apache.uima:uimaj-as-core1 CVE
- 2,193.org.apache.velocity.tools:velocity-tools-parent1 CVE
- 2,194.org.apache.velocity:velocity1 CVE
- 2,195.org.apache.velocity:velocity-engine-parent1 CVE
- 2,196.org.apache.velocity:velocity-tools1 CVE
- 2,197.org.apache.wicket:wicket1 CVE
- 2,198.org.apache.wicket:wicket-auth-roles1 CVE
- 2,199.org.apache.wicket:wicket-util1 CVE
- 2,200.org.apache.xmlbeans:xmlbeans1 CVE
Which Maven packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →