maven-install-plugin 3.1.3 — Open Ingredients

maven-install-plugin3.1.3

Classifier: LIBRARYSource

Security state

Critical 0High 0Medium 0Low 0Unassigned 0

Vulnerable components0

Inherited Risk Score0.0

Last BOM importMar 1, 2026, 12:23 AM

Last vulnerability analysisMay 8, 2026, 2:15 PM

Draft

What this plugin is

The Maven Install Plugin runs in the `install` phase and copies a build's artifacts (`.jar`, `.pom`, attached classifiers) into the local Maven repository. Local repository state is what every subsequent build on the same machine — including downstream multi-module reactor builds — resolves against.

Why it matters

Compromise of the install path can poison every dependent build on the same developer machine or CI worker. Even subtle metadata bugs (incorrect checksums, missing signatures) erode the trust contract between the local repository and Maven Central.

Open Elements' role

Open Elements contributes to the Maven Install Plugin under the Support & Care programme and surfaces its security state via Open Ingredients.

Components

Outdated only

Component	Version	License	Status
plexus-cipher	2.0	Apache-2.0	outdated
plexus-classworlds	2.7.0	Apache-2.0	outdated
plexus-component-annotations	2.1.0	Apache-2.0	outdated
plexus-interpolation	1.26	Apache-2.0	outdated
plexus-sec-dispatcher	2.0	Apache-2.0	outdated
plexus-utils	4.0.1	Apache-2.0	outdated
plexus-xml	3.0.1	Apache-2.0	outdated
slf4j-api	1.7.36	MIT	outdated

Findings

All Critical High Medium Low Unassigned

No findings match the current filter.

Download SBOM

Download SBOM (JSON)Download SBOM (XML)

CycloneDX 1.x. Re-generated server-side; no registration required.