{"package":"cosmwasm-vm","ecosystem":"cargo","latest_version":"3.0.5","description":"VM bindings to run CosmWasm contracts","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":null,"repository":"https://github.com/CosmWasm/cosmwasm","downloads_weekly":24123,"health":{"score":73,"risk":"moderate","breakdown":{"maintenance":25,"popularity":10,"security":23,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"GO-2025-3449","severity":"medium","summary":"wasmvm: Malicious smart contract can slow down block production","affected_versions":">=2.2.0,<2.2.1|>=2.1.0,<2.1.6|>=2.0.0,<2.0.9|<1.5.10|>=0.1.0,<1.5.8|>=2.2.0,<2.2.2|>=2.1.0,<2.1.5|>=2.0.0,<2.0.6|<0.0.0-20250204093451-1f4db20199b8|<2.0.0-20250204103256-d62c3b826a9d|>=1.5.8-0,<1.5.8-0.20250204093451-1f4db20199b8|>=2.0.6-0,<2.0.6-0.20250204103256-d62c3b826a9d|=2.2.0","fixed_version":"2.0.6-0.20250204103256-d62c3b826a9d","source":"osv","published_at":"2025-02-04T18:57:21Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.0.5","total_count":201,"recent":["3.0.5","3.0.5-rc.0","3.0.4","2.3.2","2.2.7","3.0.4-rc.0","2.3.2-rc.0","2.2.7-rc.1","2.2.7-rc.0","3.0.3","2.3.1","2.2.6","2.2.5","2.2.4","2.2.4-rc.0","2.2.3","2.3.0","3.0.2","3.0.1","3.0.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":"2019-10-08T12:14:19.362062Z","last_published":"2026-04-24T17:17:23.407292Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"3.0.5","version_hint":"Update to >= 2.0.6-0.20250204103256-d62c3b826a9d to fix known vulnerabilities","summary":"cosmwasm-vm@3.0.5 is safe to use (health: 73/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":534,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":2397,"last_release_days_ago":6,"avg_days_between_releases":126,"release_velocity":"active"}}