Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAYCVE-2022-41723 golang.org/x/net/http2: avoid quadratic complexity in HPACK decodingCVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)CVE-2023-45288 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoSCVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/htmlCVE-2026-25680 Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ...CVE-2026-25681 Parsing arbitrary HTML which is then rendered using Render can result ...CVE-2026-27136 Parsing arbitrary HTML which is then rendered using Render can result ...CVE-2026-33814 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frameCVE-2026-39821 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processingCVE-2026-42502 Parsing arbitrary HTML which is then rendered using Render can result ...CVE-2026-42506 Parsing arbitrary HTML which is then rendered using Render can result ...CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requestsCVE-2023-3978 golang.org/x/net/html: Cross site scriptingCVE-2025-22870 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/netCVE-2025-22872 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/netCVE-2025-47911 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/htmlCVE-2025-58190 golang.org/x/net/html: Infinite parsing loop in golang.org/x/netCVE-2022-29526 golang: syscall: faccessat checks wrong groupCVE-2022-28948 golang-gopkg-yaml: crash when attempting to deserialize invalid inputCVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windowsYour dependencies cross-checked against the OSV vulnerability database.
GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/netGO-2023-1988 Improper rendering of text nodes in golang.org/x/net/htmlGO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/httpGO-2024-2687 HTTP/2 CONTINUATION flood in net/httpGO-2025-3503 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/netGO-2025-3595 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/netGHSA-qppj-fm5r-hxr3 HTTP/2 Stream Cancellation AttackGO-2022-0493 Incorrect privilege reporting in syscall and golang.org/x/sys/unixGO-2022-0603 Panic in gopkg.in/yaml.v3GO-2024-3333 Non-linear parsing of case-insensitive content in golang.org/x/net/htmlGO-2026-4440 Quadratic parsing complexity in golang.org/x/net/htmlGO-2026-4441 Infinite parsing loop in golang.org/x/netGO-2026-4918 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/netGO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/htmlGO-2026-5026 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idnaGO-2026-5027 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/htmlGO-2026-5028 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/htmlGO-2026-5029 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/htmlGO-2026-5030 Invoking duplicate attributes can cause XSS in golang.org/x/net/htmlGO-2026-5024 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windowsGO-2022-0969 Denial of service in net/http and golang.org/x/net/http2GO-2022-1037 Unbounded memory consumption when reading headers in archive/tarGO-2022-1038 Incorrect sanitization of forwarded query parameters in net/http/httputilCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.