com.google.guava:guava

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.google.guava:guavapage 1 of 1

CVE-2018-10237MEDIUMCVSS 5.9EG 5.9✓ Fixed in 24.1.1-android
2018-04-26
vulnerable: 11.0 ... 24.1-jre (62 versions)
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the Atomic…
CVE-2020-8908LOWCVSS 3.3EG 3.3✓ Fixed in 32.0.0-android
2020-12-10
vulnerable: 10.0 ... r09 (108 versions)
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(…
CVE-2023-2976MEDIUMCVSS 5.5EG 5.5✓ Fixed in 32.0.0-android
2023-06-14
vulnerable: 10.0 ... 31.1-jre (102 versions)
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the defau…

Check whether com.google.guava:guava is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.google.guava:guava CVEs against the assets you own.

Start Free Scan →