aero.albers.osmbse:mdzip-process-sources-maven-plugin (=0.0.1), aero.albers.osmbse:mdzip-validate-maven-plugin (=0.0.1) +23920 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.6.0)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1, =0.1.0, =0.0.1, =0.0.6, =0.1.10, =0.1.3, =0.0.1, =0.0.1, =0.2.0, =0.1.3, =0.1.3, =0.1.5 - ai.pipestream:pipestream-engine =0.0.6 - ai.pipestream:pipestream-engine-kafka-sidecar =0.0.2 and more Source cves: CVE-2025-67030 Source advisory...

at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), au.com.acegi:xml-format-maven-plugin (>=4.0.1 <=4.1.0) +1991 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=4.0.0 <=4.0.2)

org.codehaus.plexus:plexus-utils MAVEN version =4.0.0, =9.1.1, =4.0.1, =0.0.1, =0.0.9, =0.4.0, =0.0.0, =1.9.2, =1.0.0-M5, =1.0.0-M6, =1.0.0-M1, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =1.0.0-M10 and more Source cves: CVE-2025-67030 Source advisory: SNYK:JAVA-ORGCODEHAUSPLEXUS-15766699...

ch.acanda.maven:code-analysis-maven-plugin (>=0.1.0 <=1.27.0), com.alibaba.p3c.idea:p3c-common (=1.0.0) +175 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=5.2.0 <=7.21.0)

net.sourceforge.pmd:pmd-core MAVEN version =5.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =2.7.1, =ev1.4.1, =ev1.4.1, =2.14.1, =1.0.0, =0.1.0, =0.1.2 and more Source cves: CVE-2026-28338 Source advisory: OSV:GHSA-8RR6-2QW5-PC7R...

ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...

ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for mojo-parent (SUSE-SU-SUSE-RU-2024:3971-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:3971-1 advisory. xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed...

at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +4141 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=5.13.2.202306221912-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =2.0.0, =0.0.1, =0.2.8, =1.5.6 - br.com.sabium.gradle-bump:br.com.sabium.gradle-bump.gradle.plugin =1.0.1 and more Source cves: CVE-2023-4759 Source advisory: OSV:GHSA-3P86-9955-H393...

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +3282 more potentially affected by CVE-2023-37460 via org.codehaus.plexus:plexus-archiver (>=1.0 <=4.7.1)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =1.0.0, =1.0.0, =0.7.6, =0.6.0, =0.6.0, =0.6.0, =0.8.0 and more Source cves: CVE-2023-37460 Source advisory: OSV:GHSA-WH3P-FPHP-9H2M...

au.net.causal.maven.plugins:boxdb-maven-plugin (=3.2), co.elastic.docker-base:co.elastic.docker-base.gradle.plugin (>=0.0.1 <=0.0.5) +78 more potentially affected by CVE-2022-25914 via com.google.cloud.tools:jib-core (>=0.10.0 <=0.21.0)

com.google.cloud.tools:jib-core MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0, =0.4.0, =0.34.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.4.2 and more Source cves: CVE-2022-25914 Source advisory: OSV:GHSA-936V-CG49-M2G5...

au.net.causal.maven.plugins:boxdb-maven-plugin (=3.2), co.elastic.docker-base:co.elastic.docker-base.gradle.plugin (>=0.0.1 <=0.0.5) +78 more potentially affected by CVE-2022-25914 via com.google.cloud.tools:jib-core (>=0.10.0 <=0.21.0)

com.google.cloud.tools:jib-core MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0, =0.4.0, =0.34.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.4.2 and more Source cves: CVE-2022-25914 Source advisory: SNYK:JAVA-COMGOOGLECLOUDTOOLS-2968871...

org.apache.uima:PearPackagingMavenPlugin (>=3.0.0-alpha <=3.0.0-alpha02), org.apache.uima:jcasgen-maven-plugin (>=3.0.0-alpha <=3.0.0-alpha02) +13 more potentially affected by CVE-2017-15691 via org.apache.uima:uimaj-core (>=3.0.0-alpha <=3.0.0-alpha02)

org.apache.uima:uimaj-core MAVEN version =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha, =3.0.0-alpha02 Source cves:...

at.bestsolution:maven-osgi-package-plugin (=0.0.1), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.1.1) +2070 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=1.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =1.0, =9.1.1, =1.0, =0.1-1, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =0.9.0, =1.0.0, =ccbc95eb and more Source cves: CVE-2018-1002200 Source advisory: OSV:GHSA-HCXQ-X77Q-3469...

cc.kebei:onion-expands-compress (>=3.0.0 <=3.0.6), com.aftia.plugin:aem-build-maven-plugin.core (>=1.1.1 <=1.2.2) +90 more potentially affected by CVE-2018-1002201 via org.zeroturnaround:zt-zip (>=1.10 <=1.12)

org.zeroturnaround:zt-zip MAVEN version =1.10, =3.0.0, =1.1.1, =5.0, =2.1.6, =3.6.1, =0.1.4, =1.0.3, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2018-1002201 Source advisory: OSV:GHSA-QCF3-9VMH-XW4R...

ca.ace-design-lab:island-arena (=3.0), ca.ace-design-lab:island-engine (=3.0) +386 more potentially affected by CVE-2017-5661 via org.apache.xmlgraphics:fop (>=0.93 <=2.11)

org.apache.xmlgraphics:fop MAVEN version =0.93, =2.0.8, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.2 and more Source cves: CVE-2017-5661 Source advisory: OSV:GHSA-5HG8-R9VQ-GJQP...

app.keyconnect.api:keyconnect-api (=1.0.0), app.keyconnect:keyconnect-rippled-api (=1.0.0) +2676 more potentially affected by CVE-2021-26291 via org.apache.maven:maven-compat (>=2.2.0 <=3.6.3)

org.apache.maven:maven-compat MAVEN version =2.2.0, =2.4, =0.1-1, =0.1-2, =0.1-1, =0.1-1, =3.0.0, =4.3.0, =0.1.0, =0.6.0, =0.7.0 and more Source cves: CVE-2021-26291 Source advisory: OSV:GHSA-2F88-5HG8-9X2X...

ai.langsa:start-with-langsa-plugin (>=0.1 <=0.5), app.keyconnect.api:keyconnect-api (=1.0.0) +8319 more potentially affected by CVE-2021-26291 via org.apache.maven:maven-core (>=2.0 <=3.6.3)

org.apache.maven:maven-core MAVEN version =2.0, =0.1, =1.0.0, =1.1.1, =1.0.0, =3.0.1, =1.0, =4.1.0, =4.0.0, =4.0.10 and more Source cves: CVE-2021-26291 Source advisory: OSV:GHSA-2F88-5HG8-9X2X...

[SECURITY] Fedora 32 Update: eclipse-m2e-core-1.16.1-1.fc32

The goal of the m2ec project is to provide a first-class Apache Maven suppo rt in the Eclipse IDE, making it easier to edit Maven's pom.xml, run a build f rom the IDE and much more. For Java developers, the very tight integration with JDT greatly simplifies the consumption of Java artifacts eithe...

cc.kebei:onion-expands-compress (>=3.0.0 <=3.0.6), com.aftia.plugin:aem-build-maven-plugin.core (>=1.1.1 <=1.2.2) +90 more potentially affected by CVE-2018-1002201 via org.zeroturnaround:zt-zip (>=1.10 <=1.12)

org.zeroturnaround:zt-zip MAVEN version =1.10, =3.0.0, =1.1.1, =5.0, =2.1.6, =3.6.1, =0.1.4, =1.0.3, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2018-1002201 Source advisory: SNYK:JAVA-ORGZEROTURNAROUND-31681...