Paste your pom.xml or Maven coordinates (groupId:artifactId:version, one per line). Checks each artifact against Maven Central for the latest version and last release date.
Paste your pom.xml or a list of Maven coordinates (groupId:artifactId:version, one per line). Checks each dependency against Maven Central for the latest version and release date. Works with Spring Boot, Jakarta EE, and any Maven artifact.
pom.xml XML directly — the tool will parse <dependency> blocks automatically.What to watch for
- log4j 1.x and log4j 2.0–2.14 (Critical): log4j 1.2.17 is EOL and has multiple CVEs with no fixes. log4j 2.0–2.14 are vulnerable to Log4Shell (CVE-2021-44228). If you see these in your pom.xml, update immediately to log4j2 2.17.2+ or switch to Logback/SLF4J.
- Spring Boot major version behind: Spring Boot 2.x reached end of open-source support in November 2023. Spring Boot 3.x requires Java 17 as minimum, Jakarta EE 9 namespace changes. Migration guide: Spring Boot 3.0 Migration Guide.
- junit:junit (old JUnit 4): JUnit 5 (org.junit.jupiter) has been the current major version since 2017. JUnit 4 still works but is not actively developed. The artifact coordinates changed entirely for JUnit 5.
- Version property placeholders (${…}): This tool skips entries using
${spring.version}or similar property references — it can’t resolve them without the full project context.
For CVE scanning across Java deps, use the Vulnerability Scanner. Full dep health suite: npm · PyPI · Go · Rust · Maven (this tool).
📦 More Dependency Health Tools
Browse all 19 free tools in the Dependency Health collection — npm, PyPI, Go, Rust, Maven, PHP Composer, NuGet, RubyGems health checkers and more.
📚 See also: Java Reference — free developer quick-reference.