My project relies on several dependencies that transitively depend on Apache Commons Collections 3.2.2. IntelliJ warns me about a CVE in this library, which curiously is not visible on maven repository. For example Apache Commons BeanUtils 1.9.4, despite being on the last available version still uses that old version of commons-collections, which apparently has this annoying CVE. And a LOT of librairies use beanutils