Go Package Vulnerabilities

All 1,264 Go modules with known CVEs, ranked by live CVE volume — 5,148 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 1,201.gitlab.com/uniget-org/cli1 CVE
  2. 1,202.goa.design/goa1 CVE
  3. 1,203.goa.design/goa/v31 CVE
  4. 1,204.go.elastic.co/apm1 CVE
  5. 1,205.go.etcd.io/etcd/client/v31 CVE
  6. 1,206.golang.org/x/crypto/ssh/agent1 CVE
  7. 1,207.golang.org/x/oauth21 CVE
  8. 1,208.go.mongodb.org/mongo-driver/v21 CVE
  9. 1,209.google.golang.org/grpc1 CVE
  10. 1,210.google.golang.org/protobuf/encoding/protojson1 CVE
  11. 1,211.google.golang.org/protobuf/internal/encoding/json1 CVE
  12. 1,212.go.opentelemetry.io/collector/config/configgrpc1 CVE
  13. 1,213.go.opentelemetry.io/collector/config/confighttp1 CVE
  14. 1,214.go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego1 CVE
  15. 1,215.go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful1 CVE
  16. 1,216.go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin1 CVE
  17. 1,217.go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux1 CVE
  18. 1,218.go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho1 CVE
  19. 1,219.go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc1 CVE
  20. 1,220.go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron1 CVE
  21. 1,221.go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace1 CVE
  22. 1,222.go.opentelemetry.io/otel1 CVE
  23. 1,223.go.opentelemetry.io/otel/baggage1 CVE
  24. 1,224.go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp1 CVE
  25. 1,225.go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp1 CVE
  26. 1,226.go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp1 CVE
  27. 1,227.go.opentelemetry.io/otel/propagation1 CVE
  28. 1,228.go.opentelemetry.io/otel/schema/v1.01 CVE
  29. 1,229.go.opentelemetry.io/otel/schema/v1.11 CVE
  30. 1,230.go.pinniped.dev1 CVE
  31. 1,231.gopkg.in/go-jose/go-jose.v21 CVE
  32. 1,232.gopkg.in/macaron.v11 CVE
  33. 1,233.gopkg.in/square/go-jose.v21 CVE
  34. 1,234.gopkg.in/yaml.v31 CVE
  35. 1,235.go.qbee.io/transport1 CVE
  36. 1,236.go.senan.xyz/gonic1 CVE
  37. 1,237.go.temporal.io/api1 CVE
  38. 1,238.go.thethings.network/lorawan-stack1 CVE
  39. 1,239.go.thethings.network/lorawan-stack/v31 CVE
  40. 1,240.heckel.io/ntfy/v21 CVE
  41. 1,241.k8s.io/apiextensions-apiserver1 CVE
  42. 1,242.k8s.io/apimachinery1 CVE
  43. 1,243.k8s.io/apiserver1 CVE
  44. 1,244.k8s.io/kops1 CVE
  45. 1,245.k8s.io/kubernetes/cmd/kube-apiserver1 CVE
  46. 1,246.k8s.io/kubernetes/cmd/kubelet1 CVE
  47. 1,247.k8s.io/kubernetes/pkg/kubelet1 CVE
  48. 1,248.k8s.io/kube-state-metrics1 CVE
  49. 1,249.k8s.io/minikube1 CVE
  50. 1,250.k8s.io/mount-utils1 CVE

Which Go packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →