You will notice that it depends on commons-compress 1.25.0, which is know for these CVEs:
Dependency maven:org.apache.commons:commons-compress:1.25.0 is vulnerable
CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity foundResults powered by Checkmarx(c)
Perhaps you need to upgrade the commons-compress dependency to the latest safe version?
When you track the dependencies for fastexcel-reader 0.17.0 here: https://central.sonatype.com/artifact/org.dhatim/fastexcel-reader/dependencies
You will notice that it depends on commons-compress 1.25.0, which is know for these CVEs:
Perhaps you need to upgrade the commons-compress dependency to the latest safe version?