Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2026-41907 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentialityYour dependencies cross-checked against the OSV vulnerability database.
GO-2024-3105 Stack exhaustion in all Parse functions in go/parserGO-2024-3106 Stack exhaustion in Decoder.Decode in encoding/gobGO-2024-3107 Stack exhaustion in Parse in go/build/constraintGO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/httpGO-2025-3447 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistecGO-2025-3503 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/netGO-2025-3563 Request smuggling due to acceptance of invalid chunked data in net/httpGO-2025-3750 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscallGO-2025-3751 Sensitive headers not cleared on cross-origin redirect in net/httpGO-2025-3849 Incorrect results returned from Rows.Scan in database/sqlGO-2025-3956 Unexpected paths returned from LookPath in os/execGO-2025-4006 Excessive CPU consumption in ParseAddress in net/mailGO-2025-4007 Quadratic complexity when checking name constraints in crypto/x509GO-2025-4008 ALPN negotiation error contains attacker controlled information in crypto/tlsGO-2025-4009 Quadratic complexity when parsing some invalid inputs in encoding/pemGO-2025-4010 Insufficient validation of bracketed IPv6 hostnames in net/urlGO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1GO-2025-4012 Lack of limit when parsing cookies can cause memory exhaustion in net/httpGO-2025-4013 Panic when validating certificates with DSA public keys in crypto/x509GO-2025-4014 Unbounded allocation when parsing GNU sparse map in archive/tarGO-2025-4015 Excessive CPU consumption in Reader.ReadResponse in net/textprotoGO-2025-4155 Excessive resource consumption when printing error string for host certificate validation in crypto/x509GO-2025-4175 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509GO-2026-4337 Unexpected session resumption in crypto/tlsCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 2.3/10scorecard-Binary-Artifacts Binary-Artifacts scored 0: binaries present in source codescorecard-CI-Tests CI-Tests scored 0: 0 out of 11 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detected