Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2022-44797 btcd mishandles witness size checkingCVE-2024-38365 btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionalityCVE-2024-34478 btcd susceptible to consensus failuresCVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereferenceCVE-2020-7919 golang: Integer overflow on 32bit architectures via crafted certificate allows for denial of serviceCVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panicCVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panicCVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh serverCVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/cryptoCVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/sshCVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESSCVE-2026-39827 An authenticated SSH client that repeatedly opened channels which were ...CVE-2026-39828 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissionsCVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parametersCVE-2026-39830 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responsesCVE-2026-39832 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictionsCVE-2026-39835 SSH servers which use CertChecker as a public key callback without set ...CVE-2026-42508 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKeyCVE-2026-46595 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validationCVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side p ...CVE-2019-11840 golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counterCVE-2019-11841 A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)CVE-2025-47914 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messagesCVE-2025-58181 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authenticationYour dependencies cross-checked against the OSV vulnerability database.
GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcdGO-2024-3189 Consensus failure in github.com/btcsuite/btcdGHSA-vqpr-j7v3-hqw9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`GHSA-vqpr-j7v3-hqw9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`GO-2024-2818 Consensus failures in github.com/btcsuite/btcdRUSTSEC-2026-0190 Unsoundness in `Error::downcast_mut()`RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.