Vulnerabilities in open-source software, particularly in ecosystems like Maven Central, propagate risks across projects. This paper examines vulnerability trends in Maven artifacts, focusing on recurrence patterns, user behavior after disclosures, and the link between popularity and exposure. Analyzing 24 vulnerable artifacts and 2,900+ releases, we find recurring risks in previously vulnerable artifacts, significant intra- vs. extra-organizational differences in user behavior, and minimal correlation between popularity and vulnerability exposure. These results underscore the need for proactive security, effective disclosures, and better dependency management to strengthen ecosystem resilience.