Visit Support

Viewing Detected CVEs in the Web UI

Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

Use the CVE Analysis view to monitor if your applications have executed code known to be affected by a CVE. Open the web UI and select "Vulnerability Detection".

The table shows all CVEs that have been detected in the classes loaded by your instances. The CVE Status column indicates whether the vulnerable code has been executed or not:

  • USED: The instance has executed the code affected by the CVE.

  • PRESENT: The CVE is present in the classes loaded by the instance, but the instance has not executed the code containing the CVE.

Column Description


The name of the component.
If a known component is detected, its name is shown. In all other cases, the jar-filename is in this column.


The component version.


The CVE ID. If the component is not affected by any CVE, the column contains the string "No CVE impact".

CVE Score

The CVE score.

CVE Status

Indicates whether the code containing the CVE has been executed.


The timestamp when the CVE was detected.


The hostname of the instance host machine.

Instance ID

The instance ID. An instance prints its ID to the console at startup if you enable logging of instance IDs.

For a short time (a few minutes) after a JVM starts, it will be shown in this overview but no components are listed yet. As soon as vulnerabilities analysis has been performed for the first time, the list will contain the correct data for this new JVM.