Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2026-33186 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validationCVE-2024-6104 go-retryablehttp: url might write sensitive information to log fileCVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/cryptoCVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/sshCVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESSCVE-2026-39827 An authenticated SSH client that repeatedly opened channels which were ...CVE-2026-39828 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissionsCVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parametersCVE-2026-39830 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responsesCVE-2026-39832 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictionsCVE-2026-39835 SSH servers which use CertChecker as a public key callback without set ...CVE-2026-42508 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKeyCVE-2026-46595 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validationCVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side p ...CVE-2025-47914 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messagesCVE-2025-58181 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authenticationCVE-2026-39831 The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ...CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys ...CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH cha ...CVE-2026-46598 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed inputCVE-2023-45288 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoSCVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/htmlCVE-2026-25680 Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ...CVE-2026-25681 Parsing arbitrary HTML which is then rendered using Render can result ...CVE-2026-27136 Parsing arbitrary HTML which is then rendered using Render can result ...Your dependencies cross-checked against the OSV vulnerability database.
GO-2024-3321 Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/cryptoGO-2026-4762 Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpcGO-2024-2947 Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttpGO-2025-3487 Potential denial of service in golang.org/x/cryptoGO-2025-4134 Unbounded memory consumption in golang.org/x/crypto/sshGO-2025-4135 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agentGO-2024-2687 HTTP/2 CONTINUATION flood in net/httpGO-2025-3503 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/netGO-2025-3595 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/netGO-2025-3488 Unexpected memory consumption during token parsing in golang.org/x/oauth2GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobufGO-2024-2631 Decompression bomb vulnerability in github.com/go-jose/go-josePYSEC-2024-230 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.PYSEC-2026-215 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions priorGHSA-7gcm-g887-7qv7 protobuf affected by a JSON recursion depth bypassGHSA-8qvm-5x2c-j2w7 protobuf-python has a potential Denial of Service issueGHSA-jr27-m4p2-rc6r Denial of Service in pyasn1 via Unbounded RecursionGHSA-9hjg-9r4m-mvj7 Requests vulnerable to .netrc credentials leak via malicious URLsGHSA-9wx4-h78v-vm56 Requests `Session` object does not verify requests after making first request with verify=FalseGHSA-gc5v-m9x4-r6x2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility functionPYSEC-2026-141 urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=FalGHSA-2xpw-w6gg-jr37 urllib3 streaming API improperly handles highly compressed dataGHSA-34jh-p97f-mpxf urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirectsGHSA-38jv-5279-wg99 Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)GHSA-gm62-xv2j-4w53 urllib3 allows an unbounded number of links in the decompression chainCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.