Is com.google.guava:guava safe to use?

com.google.guava:guava has 3 known vulnerabilities on the latest version (33.4.8-jre). DepScope rates its health at 41/100 (high risk).

What is the latest version of com.google.guava:guava?

The latest version of com.google.guava:guava is 33.4.8-jre, released 2025-04-14.

Does com.google.guava:guava have known vulnerabilities?

Yes. com.google.guava:guava has 3 known vulnerabilities. See depscope.dev/pkg/maven/com.google.guava:guava for details.

Is com.google.guava:guava deprecated?

No, com.google.guava:guava is actively maintained. Latest release: 33.4.8-jre (2025-04-14).

What are alternatives to com.google.guava:guava?

DepScope has no curated alternatives for com.google.guava:guava at this time.

What license does com.google.guava:guava use?

com.google.guava:guava is licensed under Apache-2.0.

com.google.guava:guava

mavenv33.4.8-jre

Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.

License Apache-2.0permissive150 versions0 deps

google/guava

/ 100

Health

safe to use

com.google.guava:[email protected] is safe to use (health: 41/100)

Update to >= 24.1.1-android to fix known vulnerabilities

Health breakdown0 – 100

5/25

maintenance

0/20

popularity

21/25

security

15/15

maturity

0/15

community

Vulnerabilities

2 medium1 low

Advisories (3)

Severity	ID	Summary	Fixed in
low	CVE-2020-8908	Information Disclosure in Guava	32.0.0-android
medium	CVE-2023-2976	Guava vulnerable to insecure use of temporary directory	32.0.0-android
medium	CVE-2018-10237	Denial of Service in Google Guava	24.1.1-android

Maintainer trust

Active maintainers (3m)

10

Contributors (12m)

10

Primary author dominance

84%

GitHub stars

51,496

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/com.google.guava:guava

Last updated · 2025-04-14T17:25:22.422000+00:00