VulnerableCode Package Details - pkg:maven/org.apache.activemq/activemq-parent@5.16.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.activemq/activemq-parent@5.16.0

purl	pkg:maven/org.apache.activemq/activemq-parent@5.16.0

Next non-vulnerable version	5.16.1
Latest non-vulnerable version	5.16.1
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-37ws-cqf7-4udm Aliases: CVE-2020-13947 GHSA-66gw-ch5v-74v8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.	5.16.1 Affected by 0 other vulnerabilities.
VCID-6fqa-fzda-x3ej Aliases: CVE-2021-26117 GHSA-9mgm-gcq8-86wq	Improper Authentication in Apache ActiveMQ and Apache Artemis The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.	5.16.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:57:29.685801+00:00	GHSA Importer	Affected by	VCID-6fqa-fzda-x3ej	https://github.com/advisories/GHSA-9mgm-gcq8-86wq	38.1.0
2026-04-01T15:59:32.293357+00:00	GHSA Importer	Affected by	VCID-37ws-cqf7-4udm	https://github.com/advisories/GHSA-66gw-ch5v-74v8	38.0.0