This page collects WhisperX intelligence signals tagged #Maven. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability in a widely used Java library allows attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-67030, is a Directory Traversal vulnerability in the `extractFile` method of `org.codehaus.plexus.util.Expand` within the `plexus-utils` library. This vulnerability enable...
Dependency-Track, an open-source software composition analysis (SCA) platform, has expanded its vulnerability scanning capabilities to include the Maven ecosystem. This marks the ninth package manager supported by the project, integrating Java projects into its automated security analysis pipeline. The new feature enab...