Some older versions of standard maven plugins are dependent on third party libraries with known high severity security vulnerabilities.  This should be addressed by upgrades to newer plugin versions and, in some cases, overriding the dependency versions to force a patched version of the dependency to be used.