Is io.quarkus:quarkus-core safe to use?

io.quarkus:quarkus-core has 2 known vulnerabilities on the latest version (3.23.0). DepScope rates its health at 57/100 (high risk).

What is the latest version of io.quarkus:quarkus-core?

The latest version of io.quarkus:quarkus-core is 3.23.0, released 2025-05-22.

Does io.quarkus:quarkus-core have known vulnerabilities?

Yes. io.quarkus:quarkus-core has 2 known vulnerabilities. See depscope.dev/pkg/maven/io.quarkus:quarkus-core for details.

Is io.quarkus:quarkus-core deprecated?

No, io.quarkus:quarkus-core is actively maintained. Latest release: 3.23.0 (2025-05-22).

What are alternatives to io.quarkus:quarkus-core?

DepScope has no curated alternatives for io.quarkus:quarkus-core at this time.

What license does io.quarkus:quarkus-core use?

License information for io.quarkus:quarkus-core is not declared in the registry metadata.

io.quarkus:quarkus-core

mavenv3.23.0

377 versions0 deps143,871 weekly dl

/ 100

Health

update required

io.quarkus:[email protected] has vulnerabilities — update to latest

Update to >= 3.2.12.Final to fix known vulnerabilities

Moderate health score (57/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

10/25

maintenance

14/20

popularity

18/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 high1 medium

Advisories (2)

Severity	ID	Summary	Fixed in
medium	CVE-2023-2974	quarkus-core vulnerable to client driven TLS cipher downgrading	2.16.8.Final
high	CVE-2024-2700	quarkus-core leaks local environment variables from Quarkus namespace during application's build	3.2.12.Final

OSS Scorecard

OpenSSF security posture score

6.1/10

moderate

Maintainer trust

Active maintainers (3m)

26

Contributors (12m)

26

Primary author dominance

20%

GitHub stars

15,628

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/io.quarkus:quarkus-core

Last updated · 2025-05-22T12:52:10+00:00