{"package":"github.com/bishopfox/sliver","ecosystem":"go","latest_version":"v1.7.3","description":"Adversary Emulation Framework","license":"GPL-3.0","license_risk":"strong_copyleft","commercial_use_notes":"GPL-3.0: derivative works must release source under GPL; includes explicit patent grant.","homepage":"https://pkg.go.dev/github.com/bishopfox/sliver","repository":"https://github.com/bishopfox/sliver","downloads_weekly":11080,"health":{"score":66,"risk":"moderate","breakdown":{"maintenance":20,"popularity":10,"security":16,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":10,"critical":0,"high":1,"medium":2,"low":7,"details":[{"vuln_id":"CVE-2026-34227","severity":"medium","summary":"Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface","affected_versions":"<1.7.4","fixed_version":"1.7.4","source":"osv","published_at":"2026-03-31T23:07:48Z","in_kev":false,"epss_prob":0.0002,"epss_percentile":0.05481,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-32941","severity":"medium","summary":"Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports","affected_versions":"<=1.7.3","fixed_version":null,"source":"osv","published_at":"2026-03-17T17:48:45Z","in_kev":false,"epss_prob":0.00054,"epss_percentile":0.16696,"threat_tier":"theoretical"},{"vuln_id":"GO-2026-4899","severity":"high","summary":"Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted","affected_versions":"<=1.7.3","fixed_version":null,"source":"osv","published_at":"2026-03-29T15:25:42Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2026-29781","severity":"low","summary":"Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers","affected_versions":"<=1.7.3","fixed_version":null,"source":"osv","published_at":"2026-03-05T00:26:40Z","in_kev":false,"epss_prob":0.00024,"epss_percentile":0.06486,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-41111","severity":"unknown","summary":"Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver","affected_versions":">=1.5.40","fixed_version":null,"source":"osv","published_at":"2024-07-22T18:24:38Z","in_kev":false,"epss_prob":0.00227,"epss_percentile":0.45366,"threat_tier":"theoretical"},{"vuln_id":"GHSA-hjr9-wj7v-7hv8","severity":"unknown","summary":"Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver","affected_versions":">=1.5.0","fixed_version":null,"source":"osv","published_at":"2026-01-12T17:39:39Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2026-25791","severity":"unknown","summary":"Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service in github.com/bishopfox/sliver","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2026-02-17T18:09:06Z","in_kev":false,"epss_prob":0.00028,"epss_percentile":0.07951,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-29781","severity":"unknown","summary":"Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2026-03-10T18:28:10Z","in_kev":false,"epss_prob":0.00024,"epss_percentile":0.06486,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-32941","severity":"unknown","summary":"Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2026-03-26T20:33:02Z","in_kev":false,"epss_prob":0.00054,"epss_percentile":0.16696,"threat_tier":"theoretical"},{"vuln_id":"GHSA-c279-989m-238f","severity":"unknown","summary":"Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2026-04-02T18:42:30Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.7.3","total_count":104,"recent":["v1.5.3","v1.4.19","v1.5.44","v1.4.15","v1.5.30","v1.4.12","v1.6.6","v1.5.32","v1.5.27","v0.0.1-alpha","v1.5.18","v1.6.2","v1.4.8","v1.7.4","v0.0.3-alpha","v1.1.0","v1.4.17","v1.5.14","v1.6.7","v1.4.7"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":123,"first_published":null,"last_published":"2026-02-24T04:49:28Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"v1.7.3","version_hint":"Update to >= 1.7.4 to fix known vulnerabilities","summary":"github.com/bishopfox/sliver@v1.7.3 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":63,"avg_days_between_releases":null,"release_velocity":"active"}}