Every CVE whose affected-product data names Apache Maven, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-26291 — CVSS 9.1 (critical): Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some…
CVE-2013-0253 — CVSS 5.8 (medium): The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers…