CVE Archive

Maven Vulnerability Archive

Recent and critical CVEs affecting Maven packages. Kodem’s runtime-powered SCA identifies which are actually reachable in your applications.

Top affected packages

org.apache.dolphinscheduler:dolphinscheduler-api 5 CVEs
io.netty:netty-codec-http2 3 CVEs
com.cedarpolicy:cedar-java 2 CVEs
io.strimzi:strimzi 2 CVEs
org.geoserver.web:gs-web-app 2 CVEs
org.springframework.kafka:spring-kafka 2 CVEs
io.qameta.allure:allure-generator 1 CVE
io.qameta.allure:allure-commandline 1 CVE
nl.nl-portal:form 1 CVE
nl.nl-portal:documenten-api 1 CVE

Recent Maven CVEs

CVE

Package / summary

Severity

io.qameta.allure:allure-generator · Allure Report: Stored XSS via unescaped ANSI helper in status message/trace…

io.qameta.allure:allure-commandline · Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read

com.cedarpolicy:cedar-java · CedarJava has policy injection vulnerability

com.cedarpolicy:cedar-java · CedarJava has type confusion vulnerability

nl.nl-portal:form · NL Portal Backend Libraries: Unauthenticated form resolver forwards the…

nl.nl-portal:documenten-api · NL Portal Backend Libraries: Document contents remained downloadable by any…

io.strimzi:strimzi · Strimzi: Unrestricted access to all Secrets within namespace watched by the…

io.strimzi:strimzi · Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 · HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches()…

com.github.jknack:handlebars · handlebars.java FileTemplateLoader Path Traversal

dev.langchain4j:langchain4j-mariadb · LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and…

org.apache.dolphinscheduler:dolphinscheduler-api · Apache DolphinScheduler: An incorrect authorization vulnerability allows…

org.apache.dolphinscheduler:dolphinscheduler-api · Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to…

org.apache.dolphinscheduler:dolphinscheduler-api · Apache DolphinScheduler: Incorrect Authorization vulnerability allows users…

org.apache.dolphinscheduler:dolphinscheduler-api · Apache DolphinScheduler: The `/v2` experimental interface lacks permission…

org.apache.dolphinscheduler:dolphinscheduler-api · Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to…

io.netty:netty-codec-http2 · Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

io.netty:netty-codec-http · Netty: HttpObjectDecoder skips arbitrary initial control characters when only…

io.netty:netty-codec-redis · Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length

io.netty:netty-handler · Netty: Wrapping plain trust manager silently disables hostname verification

io.netty:netty-codec-classes-quic · Netty: QUIC stateless reset token material exposed through header-visible…

io.netty:netty-codec-http3 · Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

org.geoserver.web:gs-web-app · GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML…

org.geoserver.web:gs-web-app · GeoServer has an arbitrary file write vulnerability in its Master Password Dump…

org.geoserver.extension:gs-db2 · GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

io.netty:netty-codec-http2 · netty-codec-http2: ByteBuf Reference-Count Leak in…

org.cometd.java:cometd-java-server-common · Acknowledgement extension out of memory

org.jenkins-ci.main:jenkins-core · Jenkins: Stored XSS vulnerability in node offline cause description

org.springframework.kafka:spring-kafka · In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled,…

org.springframework.kafka:spring-kafka · In Spring for Apache Kafka, overly broad trusted-package matching in header…

io.netty:netty-resolver-dns · Netty has Insufficient Bailiwick Validation for NS Records

io.netty:netty-codec-http2 · Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo

Get a personalized demo