About modernmvn

Modern Maven is a dependency intelligence platform for Java developers. Browse Maven Central artifacts, detect CVEs with real CVSS scores, visualize dependency trees, and get security-aware version recommendations — all in one place.

What it does

Artifact Search

Full-text and GAV search across 800k+ Maven Central artifacts.

Security Intelligence

CVE data from OSV.dev and NVD with real CVSS v3.1 scores for every version.

Dependency Trees

Transitive dependency visualization with conflict detection and resolution paths.

Smart Recommendations

Version recommendations that avoid CVE-affected releases and prefer stable lines.

Vulnerability Trends

Historical tracking of vulnerability counts and CVSS trends over time.

Embeddable Badges

Dynamic SVG version and security badges for README files.

Technology Stack

Frontend

Next.js 16, React 19, Tailwind CSS 4, Recharts

Backend

Spring Boot 3, Java 21, Spring Data JPA

Data

PostgreSQL, Redis, Maven Central API

Security Data

OSV.dev API, NVD CVSS v3.1

How the scores are calculated

Every version carries two derived signals. We publish how they are computed so you can judge them for yourself rather than trust a black box.

Security & the safety indicator

For each groupId:artifactId:version we query OSV.dev and enrich advisories with NVD CVSS v3.1 scores. The count and highest severity of matching advisories collapse into a single safety indicator: SAFE (no known advisories), CAUTION, WARNING, or DANGER as severity and count rise. Each advisory links back to its CVE/GHSA record, CVSS vector, and fixed-version range.

Stability score & grade

The stability score is a 0–100 value that blends release maturity (a tagged release versus a pre-release/SNAPSHOT), recency of publication, and the version's security posture. It is summarized as a grade — Stable, Recent, Pre-release, or Outdated — and feeds the recommended-version logic, which prefers the newest stable line that is not affected by known CVEs.

Freshness & limitations

Artifact and version data are pulled from Maven Central; security data is re-scanned periodically, so a brand-new advisory may take time to appear. Scores are an aid, not a guarantee — always review the linked upstream advisories before making a release decision.

Who builds Modern Maven

Modern Maven is an independently built and maintained project, created by Java developers who were tired of switching between Maven Central, CVE databases, and dependency-tree tools to answer a single question. It is not affiliated with the Apache Software Foundation, Sonatype, or the Maven project. Data-source attribution is shown wherever scores appear, and the security policy is published at /.well-known/security.txt.

Contact

For inquiries, feature requests, or security reports, please reach out at hello@modernmvn.com.

See also: security.txt