rdf-tables 1.0.4 has a dependency that includes commons-beanutils via com.opencsv:opencsv.

CVE-2019-10086 for commons-beanutils is fixed in 1.9.4.

io.github.galbiston:rdf-tables:jar:1.0.4:compile
+- com.opencsv:opencsv:jar:3.9:runtime
   \- commons-beanutils:commons-beanutils:jar:1.9.3:runtime

com.opencsv:opencsv is now at 5.5.2 which is quite a jump.

Forcing commons-beanutils 1.9.4 should work as it is a x.x.1 release and the Apache Commons project components follow semantic versioning quite carefully.

For jena-fuseki-geosparql, we can make an exclusion and explicit dependency to be 1.9.4.