{"package":"github.com/binance-chain/tss-lib","ecosystem":"go","latest_version":"v1.3.5","description":"Threshold Signature Scheme, for ECDSA and EDDSA","license":"","license_risk":"unknown","commercial_use_notes":"No license declared in registry metadata — verify manually before commercial use.","homepage":"https://pkg.go.dev/github.com/binance-chain/tss-lib","repository":"https://github.com/binance-chain/tss-lib","downloads_weekly":1009,"health":{"score":30,"risk":"critical","breakdown":{"maintenance":0,"popularity":6,"security":8,"maturity":6,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":7,"critical":1,"high":1,"medium":1,"low":4,"details":[{"vuln_id":"CVE-2023-26556","severity":"critical","summary":"IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication","affected_versions":"<2.0.0|<2.0.0","fixed_version":"2.0.0","source":"osv","published_at":"2023-04-21T18:30:24Z","in_kev":false,"epss_prob":0.00534,"epss_percentile":0.67449,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-47930","severity":"medium","summary":"IO FinNet tss-lib vulnerable to replay attacks involving proofs","affected_versions":"<2.0.0|<2.0.0","fixed_version":"2.0.0","source":"osv","published_at":"2023-04-21T18:30:24Z","in_kev":false,"epss_prob":0.00074,"epss_percentile":0.22116,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-26557","severity":"high","summary":"IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic","affected_versions":"<1.3.6-0.20230324145555-bb6fb30bd3eb|<1.3.6-0.20230324145555-bb6fb30bd3eb","fixed_version":"1.3.6-0.20230324145555-bb6fb30bd3eb","source":"osv","published_at":"2023-04-21T18:30:24Z","in_kev":false,"epss_prob":0.00268,"epss_percentile":0.50232,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-26556","severity":"unknown","summary":"Timing attack from non-constant time scalar multiplication in github.com/bnb-chain/tss-lib","affected_versions":"<1.3.6-0.20230324145555-bb6fb30bd3eb","fixed_version":"1.3.6-0.20230324145555-bb6fb30bd3eb","source":"osv","published_at":"2023-07-11T18:44:09Z","in_kev":false,"epss_prob":0.00534,"epss_percentile":0.67449,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-26557","severity":"unknown","summary":"Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib","affected_versions":"<1.3.6-0.20230324145555-bb6fb30bd3eb","fixed_version":"1.3.6-0.20230324145555-bb6fb30bd3eb","source":"osv","published_at":"2023-07-11T18:44:28Z","in_kev":false,"epss_prob":0.00268,"epss_percentile":0.50232,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-47930","severity":"unknown","summary":"Replay attacks involving proofs in github.com/bnb-chain/tss-lib","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2023-07-11T18:44:16Z","in_kev":false,"epss_prob":0.00074,"epss_percentile":0.22116,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-47931","severity":"unknown","summary":"Collision of hash values in github.com/bnb-chain/tss-lib","affected_versions":"<1.3.6-0.20230324145555-bb6fb30bd3eb","fixed_version":"1.3.6-0.20230324145555-bb6fb30bd3eb","source":"osv","published_at":"2023-07-11T18:44:23Z","in_kev":false,"epss_prob":0.00202,"epss_percentile":0.4216,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.3.5","total_count":10,"recent":["v1.3.0","v1.0.0","v1.3.3","v1.1.1","v1.3.1","v1.5.0","v1.3.2","v1.2.0","v1.3.5","v1.1.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":23,"first_published":null,"last_published":"2022-09-23T02:44:11Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":1011,"forks":350,"open_issues":66,"is_archived":false,"pushed_at":"2026-04-09T13:36:58Z","subscribers_count":34},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (30/100)","1 high severity vulnerabilities","1 critical vulnerabilities"],"use_version":"v1.3.5","version_hint":"Update to >= 1.3.6-0.20230324145555-bb6fb30bd3eb to fix known vulnerabilities","summary":"github.com/binance-chain/tss-lib has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":10,"first_release_age_days":2371,"last_release_days_ago":1314,"avg_days_between_releases":263,"release_velocity":"stale"}}