Skip to content
Tools / ActiveMQ / Security

Security Deep Dive

ActiveMQ

Security posture and CVE patch evidence from tracked releases.

Back to Tool

13 actively-exploited dependency CVEs affects activemq-5.19.7.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

Versions by Severity

CVEs are attributed to tracked releases published before the patch release.

10 versions tracked
Version Published C H M L KEV Notes
activemq-5.19.7 2026-05-27
Latest
activemq-6.2.6 2026-05-27
Patches CVE-2016-3088 Patches CVE-2016-4437 Patches CVE-2021-39144 Patches CVE-2021-44228 Patches CVE-2021-45046 Patches CVE-2022-22965 Patches CVE-2023-46604 Patches CVE-2026-34197
activemq-5.19.6 2026-04-21 6 2 KEV 8
activemq-6.2.5 2026-04-21 6 2 KEV 8
activemq-5.19.5 2026-04-08 6 2 KEV 8
activemq-6.2.4 2026-04-08 6 2 KEV 8
activemq-5.19.4 2026-03-28 6 2 KEV 8
activemq-6.2.3 2026-03-27 6 2 KEV 8
activemq-5.19.3 2026-03-20 6 2 KEV 8
activemq-6.2.2 2026-03-20 6 2 KEV 8
— Signed — SLSA — SBOM ✓ Security policy Weekly cadence · 0d median Active maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Present
GitHub repository metadata Repository policy
Checked: 22d ago
Release cadence: weekly Present
0d median over recent releases Release history
Latest release: 7d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 1d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 7d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 7d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 7d ago
1.0/10 Security Score
6.3/10 Scorecard
Dependency Exposure 359 transitive dependency CVEs found in the latest SBOM. 66 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.00 / 0.5

Max EPSS 0.944

freshness

1.00 / 1.0

4d stale

scorecard

2.52 / 4.0

Score 6.3/10

cve health

0.00 / 2.5

⚠ No direct scan — 66c/151h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

-1.50 / 1.5

KEV exposure detected

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 66c/151h

Provenance trust

provenance trust

6.3

40%

scorecard score: 6.3 openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 4d

Operational risk

operational risk

0.0

10%

kev exposure: detected epss max: 0.944
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100
66 Transitive critical CVEs
13 KEV-transitive CVEs
100% Dependency freshness

Scorecard

Scorecard 6.3/10

OpenSSF Scorecard evaluates supply-chain security practices automatically. Score ≥ 6 is passing; ≥ 8 is excellent.

Check Score Reason
Code-Review 10 all changesets reviewed
Maintained 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow 10 no dangerous workflow patterns detected
Security-Policy 10 security policy file detected
CII-Best-Practices 0 no effort to earn an OpenSSF best practices badge detected
Token-Permissions 8 detected GitHub workflow tokens with excessive permissions
Binary-Artifacts 3 binaries present in source code
Packaging -1 packaging workflow not detected
License 10 license file detected
Signed-Releases -1 no releases found
Branch-Protection -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies 0 dependency not pinned by hash detected -- score normalized to 0
Fuzzing 0 project is not fuzzed
SAST 0 SAST tool is not run on all commits -- score normalized to 0

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

CVE Patch History

Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.

CVEs Patched by Year

Critical High Medium Low
2026
8
CVE Severity EPSS Disclosed Fixed in Days to fix vs Ecosystem Median KEV
CVE-2016-3088 CRITICAL 99%ile activemq-6.2.6 KEV
CVE-2016-4437 CRITICAL 99%ile activemq-6.2.6 KEV
CVE-2021-39144 HIGH 99%ile activemq-6.2.6 KEV
CVE-2021-44228 CRITICAL 99%ile activemq-6.2.6 KEV
CVE-2021-45046 CRITICAL 99%ile activemq-6.2.6 KEV
CVE-2022-22965 CRITICAL 99%ile activemq-6.2.6 KEV
CVE-2023-46604 CRITICAL 99%ile activemq-6.2.6 KEV
CVE-2026-34197 HIGH 99%ile activemq-6.2.6 KEV

KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.

Dependency Vulnerabilities

343 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

66

High

151

Medium

132

Low

10

Unknown

0

13 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (0) All (359)
Critical 66 High 151 Medium 132 Low 10
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2013-4366 critical org.apache.httpcomponents:httpclient activemq-6.2.6
CVE-2013-7285 critical com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2014-3600 critical org.apache.activemq:activemq-client activemq-6.2.6
CVE-2014-3600 critical org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2015-1832 critical org.apache.derby:derby activemq-6.2.6
CVE-2015-5254 critical org.apache.activemq:activemq-client activemq-6.2.6
CVE-2015-7501 critical commons-collections:commons-collections activemq-6.2.6
CVE-2016-1000027 critical org.springframework:spring-web activemq-6.2.6
CVE-2016-3088 critical KEV org.apache.activemq:activemq-client activemq-5.19.7
CVE-2016-3720 critical com.fasterxml.jackson.dataformat:jackson-dataformat-xml activemq-6.2.6
CVE-2016-4437 critical KEV org.apache.shiro:shiro-core activemq-5.19.7
CVE-2016-4800 critical org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2017-15095 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2017-17485 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2017-5645 critical org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2017-7525 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2017-7657 critical org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2017-7658 critical org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2018-11307 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-14718 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-14719 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-14720 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-14721 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-19360 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-19361 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-19362 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-7489 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-8027 critical org.apache.camel:camel-core activemq-6.2.6
CVE-2019-10173 critical com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2019-14379 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-14540 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-16335 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-16942 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-16943 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-17267 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-17531 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-17638 critical org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2019-20330 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-20444 critical io.netty:netty-codec-http activemq-6.2.6
CVE-2020-11989 critical org.apache.shiro:shiro-core activemq-6.2.6
CVE-2020-17510 critical org.apache.shiro:shiro-spring activemq-6.2.6
CVE-2020-17523 critical org.apache.shiro:shiro-spring activemq-6.2.6
CVE-2020-1957 critical org.apache.shiro:shiro-core activemq-6.2.6
CVE-2020-8840 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-9546 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-9547 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-9548 critical com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2021-26291 critical org.apache.maven:maven-core activemq-6.2.6
CVE-2021-41303 critical org.apache.shiro:shiro-core activemq-6.2.6
CVE-2021-42392 critical com.h2database:h2 activemq-6.2.6
CVE-2021-44228 critical KEV org.ops4j.pax.logging:pax-logging-log4j2 activemq-5.19.7
CVE-2021-44228 critical KEV org.apache.logging.log4j:log4j-core activemq-5.19.7
CVE-2021-45046 critical KEV org.ops4j.pax.logging:pax-logging-log4j2 activemq-5.19.7
CVE-2021-45046 critical KEV org.apache.logging.log4j:log4j-core activemq-5.19.7
CVE-2022-22965 critical KEV org.springframework:spring-beans activemq-5.19.7
CVE-2022-22965 critical KEV org.springframework:spring-webmvc activemq-5.19.7
CVE-2022-23221 critical com.h2database:h2 activemq-6.2.6
CVE-2022-32532 critical org.apache.shiro:shiro-core activemq-6.2.6
CVE-2022-40145 critical org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2022-40664 critical org.apache.shiro:shiro-core activemq-6.2.6
CVE-2022-42889 critical org.apache.commons:commons-text activemq-6.2.6
CVE-2022-46337 critical org.apache.derby:derby 10.16.1.1 activemq-6.2.6
CVE-2023-20860 critical org.springframework:spring-webmvc activemq-6.2.6
CVE-2023-46604 critical KEV org.apache.activemq:activemq-openwire-legacy activemq-5.19.7
CVE-2023-46604 critical KEV org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-5.19.7
GHSA-xxfh-x98p-j8fr critical org.ops4j.pax.logging:pax-logging-log4j2 activemq-6.2.6
CVE-2010-2232 high org.apache.derby:derby activemq-6.2.6
CVE-2011-2730 high org.springframework:spring-core activemq-6.2.6
CVE-2012-0881 high xerces:xercesImpl activemq-6.2.6
CVE-2012-6153 high org.apache.httpcomponents:httpclient activemq-6.2.6
CVE-2013-4002 high xerces:xercesImpl activemq-6.2.6
CVE-2014-0002 high org.apache.camel:camel-core activemq-6.2.6
CVE-2014-0003 high org.apache.camel:camel-core activemq-6.2.6
CVE-2014-0114 high commons-beanutils:commons-beanutils activemq-6.2.6
CVE-2014-0225 high org.springframework:spring-webmvc activemq-6.2.6
CVE-2014-3576 high org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2014-3612 high org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2014-3612 high org.apache.activemq:activemq-jaas activemq-6.2.6
CVE-2014-9970 high org.jasypt:jasypt activemq-6.2.6
CVE-2015-2080 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2015-5211 high org.springframework:spring-core activemq-6.2.6
CVE-2015-6420 high commons-collections:commons-collections activemq-6.2.6
CVE-2016-3674 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2016-4970 high io.netty:netty-handler activemq-6.2.6
CVE-2016-4974 high org.apache.qpid:qpid-jms-client activemq-6.2.6
CVE-2016-5007 high org.springframework:spring-core activemq-6.2.6
CVE-2016-7051 high com.fasterxml.jackson.dataformat:jackson-dataformat-xml activemq-6.2.6
CVE-2016-9878 high org.springframework:spring-webmvc activemq-6.2.6
CVE-2017-5643 high org.apache.camel:camel-core activemq-6.2.6
CVE-2017-7656 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2017-7957 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2017-9735 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2018-11775 high org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2018-11786 high org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2018-11787 high org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2018-12022 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-12023 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2018-12538 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2018-12545 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2018-1258 high org.springframework:spring-core activemq-6.2.6
CVE-2018-1272 high org.springframework:spring-core activemq-6.2.6
CVE-2018-15756 high org.springframework:spring-core activemq-6.2.6
CVE-2018-17187 high org.apache.qpid:proton-j activemq-6.2.6
CVE-2018-5968 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-0188 high org.apache.camel:camel-core activemq-6.2.6
CVE-2019-0194 high org.apache.camel:camel-core activemq-6.2.6
CVE-2019-0222 high org.apache.activemq:activemq-client activemq-6.2.6
CVE-2019-10086 high commons-beanutils:commons-beanutils activemq-6.2.6
CVE-2019-12086 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-12422 high org.apache.shiro:shiro-core activemq-6.2.6
CVE-2019-14439 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-14892 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-14893 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-10650 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-10672 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-10673 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-10968 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-10969 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-11111 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-11112 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-11113 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-11612 high io.netty:netty-handler activemq-6.2.6
CVE-2020-11619 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-11620 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-11971 high org.apache.camel:camel-core activemq-6.2.6
CVE-2020-11979 high org.apache.ant:ant activemq-6.2.6
CVE-2020-13933 high org.apache.shiro:shiro-core activemq-6.2.6
CVE-2020-14060 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-14061 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-14062 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-14195 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-24616 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-24750 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-25649 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-26217 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2020-27216 high org.eclipse.jetty:jetty-webapp activemq-6.2.6
CVE-2020-35490 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-35491 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-35728 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36179 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36180 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36181 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36182 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36183 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36184 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36185 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36186 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36187 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36188 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36189 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-36518 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2020-5398 high org.springframework:spring-webmvc activemq-6.2.6
CVE-2020-7238 high io.netty:netty-handler activemq-6.2.6
CVE-2021-20190 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2021-21341 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-22118 high org.springframework:spring-web activemq-6.2.6
CVE-2021-23463 high com.h2database:h2 activemq-6.2.6
CVE-2021-28165 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2021-29505 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39139 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39141 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39144 high KEV com.thoughtworks.xstream:xstream activemq-5.19.7
CVE-2021-39145 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39146 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39147 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39148 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39149 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39150 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39151 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39152 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39153 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-39154 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-43859 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-45105 high org.ops4j.pax.logging:pax-logging-log4j2 activemq-6.2.6
CVE-2021-45105 high org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2021-46877 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2022-2191 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2022-22968 high org.springframework:spring-context activemq-6.2.6
CVE-2022-22970 high org.springframework:spring-beans activemq-6.2.6
CVE-2022-40150 high org.codehaus.jettison:jettison activemq-6.2.6
CVE-2022-40151 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2022-41966 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2022-42003 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2022-42004 high com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2022-45685 high org.codehaus.jettison:jettison activemq-6.2.6
CVE-2022-45693 high org.codehaus.jettison:jettison activemq-6.2.6
CVE-2022-45868 high com.h2database:h2 activemq-6.2.6
CVE-2023-1436 high org.codehaus.jettison:jettison activemq-6.2.6
CVE-2023-20863 high org.springframework:spring-expression activemq-6.2.6
CVE-2023-26464 high org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2023-34053 high org.springframework:spring-webmvc activemq-6.2.6
CVE-2024-13009 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2024-22233 high org.springframework:spring-core activemq-6.2.6
CVE-2024-22243 high org.springframework:spring-web activemq-6.2.6
CVE-2024-22259 high org.springframework:spring-web activemq-6.2.6
CVE-2024-22262 high org.springframework:spring-web activemq-6.2.6
CVE-2024-38816 high org.springframework:spring-webmvc activemq-6.2.6
CVE-2024-38819 high org.springframework:spring-webmvc activemq-6.2.6
CVE-2024-47072 high com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2024-47554 high commons-io:commons-io activemq-6.2.6
CVE-2025-24970 high io.netty:netty-handler activemq-6.2.6
CVE-2025-41249 high org.springframework:spring-core activemq-6.2.6
CVE-2025-48734 high commons-beanutils:commons-beanutils activemq-6.2.6
CVE-2025-52999 high com.fasterxml.jackson.core:jackson-core activemq-6.2.6
CVE-2026-1605 high org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2026-33870 high io.netty:netty-codec-http activemq-6.2.6
CVE-2026-34197 high KEV org.apache.activemq:activemq-broker activemq-5.19.7
CVE-2026-34197 high KEV org.apache.activemq:activemq-all activemq-5.19.7
CVE-2026-39304 high org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2026-39304 high org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2026-39304 high org.apache.activemq:activemq-all activemq-6.2.6
CVE-2026-40466 high org.apache.activemq:activemq-all activemq-6.2.6
CVE-2026-40466 high org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2026-41044 high org.apache.activemq:activemq-all activemq-6.2.6
CVE-2026-41044 high org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2026-42584 high io.netty:netty-codec-http activemq-6.2.6
CVE-2026-42587 high io.netty:netty-codec-http activemq-6.2.6
CVE-2005-4849 medium org.apache.derby:derby activemq-6.2.6
CVE-2006-6969 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2006-7217 medium org.apache.derby:derby activemq-6.2.6
CVE-2009-1190 medium org.springframework:spring-core activemq-6.2.6
CVE-2009-2625 medium xerces:xercesImpl activemq-6.2.6
CVE-2009-4269 medium org.apache.derby:derby activemq-6.2.6
CVE-2011-1498 medium org.apache.httpcomponents:httpclient activemq-6.2.6
CVE-2011-2894 medium org.springframework:spring-core activemq-6.2.6
CVE-2011-4461 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2013-1879 medium org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2013-3060 medium org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2013-4152 medium org.springframework:spring-oxm activemq-6.2.6
CVE-2013-4330 medium org.apache.camel:camel-core activemq-6.2.6
CVE-2013-6429 medium org.springframework:spring-web activemq-6.2.6
CVE-2013-6430 medium org.springframework:spring-web activemq-6.2.6
CVE-2013-7315 medium org.springframework:spring-oxm activemq-6.2.6
CVE-2014-0054 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2014-0219 medium org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2014-1904 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2014-3488 medium io.netty:netty-handler activemq-6.2.6
CVE-2014-3577 medium org.apache.httpcomponents:httpclient activemq-6.2.6
CVE-2014-3578 medium org.springframework:spring-core activemq-6.2.6
CVE-2014-3625 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2014-8110 medium org.apache.activemq:activemq-client activemq-6.2.6
CVE-2015-0201 medium org.springframework:spring-core activemq-6.2.6
CVE-2015-0263 medium org.apache.camel:camel-core activemq-6.2.6
CVE-2015-0264 medium org.apache.camel:camel-core activemq-6.2.6
CVE-2015-1830 medium org.apache.activemq:activemq-client activemq-6.2.6
CVE-2015-3192 medium org.springframework:spring-web activemq-6.2.6
CVE-2015-5262 medium org.apache.httpcomponents:httpclient activemq-6.2.6
CVE-2015-6524 medium org.apache.activemq:activemq-jaas activemq-6.2.6
CVE-2015-6524 medium org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2015-7559 medium org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2016-0734 medium org.apache.activemq:activemq-client activemq-6.2.6
CVE-2016-0782 medium org.apache.activemq:activemq-client activemq-6.2.6
CVE-2016-2166 medium org.apache.qpid:proton-j activemq-6.2.6
CVE-2016-6810 medium org.apache.activemq:activemq-client activemq-6.2.6
CVE-2016-8750 medium org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2018-11039 medium org.springframework:spring-web activemq-6.2.6
CVE-2018-11040 medium org.springframework:spring-core activemq-6.2.6
CVE-2018-1199 medium org.springframework:spring-core activemq-6.2.6
CVE-2018-12536 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2018-1257 medium org.springframework:spring-core activemq-6.2.6
CVE-2018-1271 medium org.springframework:spring-core activemq-6.2.6
CVE-2018-1313 medium org.apache.derby:derby activemq-6.2.6
CVE-2019-0191 medium org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2019-10241 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2019-10246 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2019-10247 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2019-12384 medium com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-12814 medium com.fasterxml.jackson.core:jackson-databind activemq-6.2.6
CVE-2019-17632 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2019-20445 medium io.netty:netty-handler activemq-6.2.6
CVE-2020-13956 medium org.apache.httpcomponents:httpclient activemq-6.2.6
CVE-2020-14338 medium xerces:xercesImpl activemq-6.2.6
CVE-2020-15250 medium junit:junit activemq-6.2.6
CVE-2020-1945 medium org.apache.ant:ant activemq-6.2.6
CVE-2020-26258 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2020-26259 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2020-27218 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2020-27223 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2020-5397 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2021-21290 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2021-21342 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21343 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21344 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21345 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21346 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21347 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21348 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21349 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21350 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-21351 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-22060 medium org.springframework:spring-core activemq-6.2.6
CVE-2021-22096 medium org.springframework:spring-core activemq-6.2.6
CVE-2021-28164 medium org.eclipse.jetty:jetty-webapp activemq-6.2.6
CVE-2021-29425 medium commons-io:commons-io activemq-6.2.6
CVE-2021-34429 medium org.eclipse.jetty:jetty-webapp activemq-6.2.6
CVE-2021-36373 medium org.apache.ant:ant activemq-6.2.6
CVE-2021-36374 medium org.apache.ant:ant activemq-6.2.6
CVE-2021-39140 medium com.thoughtworks.xstream:xstream activemq-6.2.6
CVE-2021-43797 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2021-44832 medium org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2021-44832 medium org.ops4j.pax.logging:pax-logging-log4j2 activemq-6.2.6
CVE-2022-22932 medium org.apache.karaf:apache-karaf activemq-6.2.6
CVE-2022-22950 medium org.springframework:spring-expression activemq-6.2.6
CVE-2022-23437 medium xerces:xercesImpl activemq-6.2.6
CVE-2022-24823 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2022-40149 medium org.codehaus.jettison:jettison activemq-6.2.6
CVE-2022-41915 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2023-20861 medium org.springframework:spring-expression activemq-6.2.6
CVE-2023-26048 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2023-34462 medium io.netty:netty-handler activemq-6.2.6
CVE-2023-46749 medium org.apache.shiro:shiro-core activemq-6.2.6
CVE-2024-29025 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2024-38808 medium org.springframework:spring-expression activemq-6.2.6
CVE-2024-38809 medium org.springframework:spring-web activemq-6.2.6
CVE-2024-38820 medium org.springframework:spring-context activemq-6.2.6
CVE-2024-38820 medium org.springframework:spring-web activemq-6.2.6
CVE-2024-38828 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2024-47535 medium io.netty:netty-common activemq-6.2.6
CVE-2024-8184 medium org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2025-25193 medium io.netty:netty-common activemq-6.2.6
CVE-2025-27533 medium org.apache.activemq:activemq-openwire-legacy activemq-6.2.6
CVE-2025-27533 medium org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2025-27636 medium org.apache.camel:camel-support activemq-6.2.6
CVE-2025-29891 medium org.apache.camel:camel-support activemq-6.2.6
CVE-2025-41234 medium org.springframework:spring-web activemq-6.2.6
CVE-2025-41242 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2025-49128 medium com.fasterxml.jackson.core:jackson-core activemq-6.2.6
CVE-2025-66168 medium org.apache.activemq:activemq-mqtt activemq-6.2.6
CVE-2025-66168 medium org.apache.activemq:activemq-all activemq-6.2.6
CVE-2025-67735 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2025-68161 medium org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2026-22737 medium org.springframework:spring-webmvc activemq-6.2.6
CVE-2026-22745 medium org.springframework:spring-webmvc 6.2.17 activemq-6.2.6
CVE-2026-23903 medium org.apache.shiro:shiro-spring activemq-6.2.6
CVE-2026-33227 medium org.apache.activemq:activemq-all activemq-6.2.6
CVE-2026-33227 medium org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2026-33227 medium org.apache.activemq:activemq-client 0.1-SNAPSHOT activemq-6.2.6
CVE-2026-34477 medium org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2026-34478 medium org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2026-34480 medium org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2026-40046 medium org.apache.activemq:activemq-all activemq-6.2.6
CVE-2026-40046 medium org.apache.activemq:activemq-mqtt activemq-6.2.6
CVE-2026-41043 medium org.apache.activemq:activemq-broker activemq-6.2.6
CVE-2026-41043 medium org.apache.activemq:activemq-all activemq-6.2.6
CVE-2026-41417 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2026-42580 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2026-42581 medium io.netty:netty-codec-http activemq-6.2.6
CVE-2026-42585 medium io.netty:netty-codec-http activemq-6.2.6
GHSA-72hv-8253-57qq medium com.fasterxml.jackson.core:jackson-core activemq-6.2.6
CVE-2020-9488 low org.apache.logging.log4j:log4j-core activemq-6.2.6
CVE-2021-34428 low org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2023-26049 low org.eclipse.jetty:jetty-server activemq-6.2.6
CVE-2024-22371 low org.apache.camel:camel-core activemq-6.2.6
CVE-2025-22233 low org.springframework:spring-context activemq-6.2.6
CVE-2025-58056 low io.netty:netty-codec-http activemq-6.2.6
CVE-2026-22735 low org.springframework:spring-webmvc activemq-6.2.6
CVE-2026-22741 low org.springframework:spring-webmvc 6.2.17 activemq-6.2.6
CVE-2026-23901 low org.apache.shiro:shiro-core activemq-6.2.6
GHSA-58qw-p7qm-5rvh low org.eclipse.jetty:jetty-xml activemq-6.2.6

Showing 359 of 359

Beta — feedback welcome: [email protected]