{"package":"org.assertj:assertj-core","ecosystem":"maven","latest_version":"4.0.0-M1","description":"Rich and fluent assertions for testing in Java","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://assertj.github.io/doc/#assertj-core","repository":"https://github.com/assertj/assertj/assertj-parent/assertj-core","downloads_weekly":null,"health":{"score":40,"risk":"high","breakdown":{"maintenance":5,"popularity":0,"security":20,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-24400","severity":"high","summary":"AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion","affected_versions":">=1.4.0,<3.27.7|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=2.0.0|=2.1.0|=2.2.0|=2.3.0|=2.4.0|=2.4.1|=2.5.0|=2.6.0|=2.7.0|=2.8.0|=2.9.0|=2.9.1|=3.0.0|=3.1.0|=3.10.0|=3.11.0|=3.11.1|=3.12.0|=3.12.1|=3.12.2|=3.13.0|=3.13.1|=3.13.2|=3.14.0|=3.15.0|=3.16.0|=3.16.1|=3.17.0|=3.17.1|=3.17.2|=3.18.0|=3.18.1|=3.19.0|=3.2.0|=3.20.0|=3.20.1|=3.20.2|=3.21.0|=3.22.0|=3.23.0|=3.23.1|=3.24.0|=3.24.1|=3.24.2|=3.25.0|=3.25.1|=3.25.2|=3.25.3|=3.26.0|=3.26.3|=3.27.0|=3.27.1|=3.27.2|=3.27.3|=3.27.4|=3.27.5|=3.27.6|=3.3.0|=3.4.0|=3.4.1|=3.5.0|=3.5.1|=3.5.2|=3.6.0|=3.6.1|=3.6.2|=3.7.0|=3.8.0|=3.9.0|=3.9.1","fixed_version":"3.27.7","source":"osv","published_at":"2026-01-26T21:31:41Z","in_kev":false,"epss_prob":0.00014,"epss_percentile":0.02765,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"4.0.0-M1","total_count":78,"recent":["4.0.0-M1","3.27.3","3.27.2","3.27.1","3.27.0","3.26.3","3.26.0","3.25.3","3.25.2","3.25.1","3.25.0","3.24.2","3.24.1","3.24.0","3.23.1","3.23.0","3.22.0","3.21.0","3.20.2","3.20.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-03-09T23:18:11.256000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"4.0.0-M1","version_hint":"Update to >= 3.27.7 to fix known vulnerabilities","summary":"org.assertj:assertj-core@4.0.0-M1 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1241,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"org.apache.activemq:activemq-osgi","occurrences":1}],"version_history_summary":{"total_versions":20,"first_release_age_days":4784,"last_release_days_ago":417,"avg_days_between_releases":252,"release_velocity":"stale"}}