{"package":"com.google.guava:guava","ecosystem":"maven","latest_version":"33.4.8-jre","description":"Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/google/guava","repository":"https://github.com/google/guava","downloads_weekly":0,"health":{"score":41,"risk":"high","breakdown":{"maintenance":5,"popularity":0,"security":21,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":0,"medium":2,"low":1,"details":[{"vuln_id":"CVE-2020-8908","severity":"low","summary":"Information Disclosure in Guava","affected_versions":"<32.0.0-android|=10.0|=10.0-rc1|=10.0-rc2|=10.0-rc3|=10.0.1|=11.0|=11.0-rc1|=11.0.1|=11.0.2|=12.0|=12.0-rc1|=12.0-rc2|=12.0.1|=13.0|=13.0-rc1|=13.0-rc2|=13.0.1|=14.0|=14.0-rc1|=14.0-rc2|=14.0-rc3|=14.0.1|=15.0|=15.0-rc1|=16.0|=16.0-rc1|=16.0.1|=17.0|=17.0-rc1|=17.0-rc2|=18.0|=18.0-rc1|=18.0-rc2|=19.0|=19.0-rc1|=19.0-rc2|=19.0-rc3|=20.0|=20.0-rc1|=21.0|=21.0-rc1|=21.0-rc2|=22.0|=22.0-android|=22.0-rc1|=22.0-rc1-android|=23.0|=23.0-android|=23.0-rc1|=23.0-rc1-android|=23.1-android|=23.1-jre|=23.2-android|=23.2-jre|=23.3-android|=23.3-jre|=23.4-android|=23.4-jre|=23.5-android|=23.5-jre|=23.6-android|=23.6-jre|=23.6.1-android|=23.6.1-jre|=24.0-android|=24.0-jre|=24.1-android|=24.1-jre|=24.1.1-android|=24.1.1-jre|=25.0-android|=25.0-jre|=25.1-android|=25.1-jre|=26.0-android|=26.0-jre|=27.0-android|=27.0-jre|=27.0.1-android|=27.0.1-jre|=27.1-android|=27.1-jre|=28.0-android|=28.0-jre|=28.1-android|=28.1-jre|=28.2-android|=28.2-jre|=29.0-android|=29.0-jre|=30.0-android|=30.0-jre|=30.1-android|=30.1-jre|=30.1.1-android|=30.1.1-jre|=31.0-android|=31.0-jre|=31.0.1-android|=31.0.1-jre|=31.1-android|=31.1-jre|=r03|=r05|=r06|=r07|=r08|=r09","fixed_version":"32.0.0-android","source":"osv","published_at":"2021-03-25T17:04:19Z","in_kev":false,"epss_prob":0.00072,"epss_percentile":0.21749,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-2976","severity":"medium","summary":"Guava vulnerable to insecure use of temporary directory","affected_versions":">=1.0,<32.0.0-android|=10.0|=10.0-rc1|=10.0-rc2|=10.0-rc3|=10.0.1|=11.0|=11.0-rc1|=11.0.1|=11.0.2|=12.0|=12.0-rc1|=12.0-rc2|=12.0.1|=13.0|=13.0-rc1|=13.0-rc2|=13.0.1|=14.0|=14.0-rc1|=14.0-rc2|=14.0-rc3|=14.0.1|=15.0|=15.0-rc1|=16.0|=16.0-rc1|=16.0.1|=17.0|=17.0-rc1|=17.0-rc2|=18.0|=18.0-rc1|=18.0-rc2|=19.0|=19.0-rc1|=19.0-rc2|=19.0-rc3|=20.0|=20.0-rc1|=21.0|=21.0-rc1|=21.0-rc2|=22.0|=22.0-android|=22.0-rc1|=22.0-rc1-android|=23.0|=23.0-android|=23.0-rc1|=23.0-rc1-android|=23.1-android|=23.1-jre|=23.2-android|=23.2-jre|=23.3-android|=23.3-jre|=23.4-android|=23.4-jre|=23.5-android|=23.5-jre|=23.6-android|=23.6-jre|=23.6.1-android|=23.6.1-jre|=24.0-android|=24.0-jre|=24.1-android|=24.1-jre|=24.1.1-android|=24.1.1-jre|=25.0-android|=25.0-jre|=25.1-android|=25.1-jre|=26.0-android|=26.0-jre|=27.0-android|=27.0-jre|=27.0.1-android|=27.0.1-jre|=27.1-android|=27.1-jre|=28.0-android|=28.0-jre|=28.1-android|=28.1-jre|=28.2-android|=28.2-jre|=29.0-android|=29.0-jre|=30.0-android|=30.0-jre|=30.1-android|=30.1-jre|=30.1.1-android|=30.1.1-jre|=31.0-android|=31.0-jre|=31.0.1-android|=31.0.1-jre|=31.1-android|=31.1-jre","fixed_version":"32.0.0-android","source":"osv","published_at":"2023-06-14T18:30:38Z","in_kev":false,"epss_prob":0.00065,"epss_percentile":0.19972,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-10237","severity":"medium","summary":"Denial of Service in Google Guava","affected_versions":">=11.0,<24.1.1-android|<=17.0|<=11.0.1|<=7.4.0|<=14.0.1-h-3|=11.0|=11.0.1|=11.0.2|=12.0|=12.0-rc1|=12.0-rc2|=12.0.1|=13.0|=13.0-rc1|=13.0-rc2|=13.0.1|=14.0|=14.0-rc1|=14.0-rc2|=14.0-rc3|=14.0.1|=15.0|=15.0-rc1|=16.0|=16.0-rc1|=16.0.1|=17.0|=17.0-rc1|=17.0-rc2|=18.0|=18.0-rc1|=18.0-rc2|=19.0|=19.0-rc1|=19.0-rc2|=19.0-rc3|=20.0|=20.0-rc1|=21.0|=21.0-rc1|=21.0-rc2|=22.0|=22.0-android|=22.0-rc1|=22.0-rc1-android|=23.0|=23.0-android|=23.0-rc1|=23.0-rc1-android|=23.1-android|=23.1-jre|=23.2-android|=23.2-jre|=23.3-android|=23.3-jre|=23.4-android|=23.4-jre|=23.5-android|=23.5-jre|=23.6-android|=23.6-jre|=23.6.1-android|=23.6.1-jre|=24.0-android|=24.0-jre|=24.1-android|=24.1-jre|=13.0|=14.0.1|=14.0.1-rc1|=16.0|=16.0-rc1|=17.0|=17.0-rc1|=17.0-rc2|=10.0.0|=10.0.1|=11.0.0|=11.0.1|=3.0.0|=4.0.0|=5.0.0|=6.0.0|=7.0.0|=8.0.0|=9.0.0|=1.3.1|=1.3.4|=1.3.6|=1.3.7|=1.6.0|=1.6.1|=6.2.0|=7.0.0|=7.1.0|=7.2.0|=7.4.0|=14.0.1-h-1|=14.0.1-h-2|=14.0.1-h-3|=0.11.1","fixed_version":"24.1.1-android","source":"osv","published_at":"2020-06-15T20:35:11Z","in_kev":false,"epss_prob":0.03259,"epss_percentile":0.87189,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"33.4.8-jre","total_count":150,"recent":["33.4.8-jre","33.4.8-android","33.4.7-jre","33.4.7-android","33.4.6-jre","33.4.6-android","33.4.5-jre","33.4.4-jre","33.4.3-jre","33.4.1-jre","33.4.2-jre","33.4.5-android","33.4.4-android","33.4.3-android","33.4.1-android","33.4.2-android","33.4.0-jre","33.4.0-android","33.3.1-jre","33.3.1-android"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-04-14T17:25:22.422000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"33.4.8-jre","version_hint":"Update to >= 24.1.1-android to fix known vulnerabilities","summary":"com.google.guava:guava@33.4.8-jre is safe to use (health: 41/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":971,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":10,"active_contributors_12m":10,"primary_author_ratio":0.84,"owner_account_age_days":5212,"is_archived":false,"stars":51496,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"docker","occurrences":4},{"package":"@editorjs/marker","occurrences":2},{"package":"bundler-audit","occurrences":2},{"package":"google-cloud-container","occurrences":2}],"version_history_summary":{"total_versions":20,"first_release_age_days":5849,"last_release_days_ago":382,"avg_days_between_releases":308,"release_velocity":"stale"}}