{"package":"github.com/caddyserver/caddy","ecosystem":"go","latest_version":"v1.0.5","description":"Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/caddyserver/caddy","repository":"https://github.com/caddyserver/caddy","downloads_weekly":71808,"health":{"score":60,"risk":"moderate","breakdown":{"maintenance":0,"popularity":10,"security":23,"maturity":12,"community":15},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2022-29718","severity":"medium","summary":"Open redirect in caddy","affected_versions":"<2.5.0|<2.5.0","fixed_version":"2.5.0","source":"osv","published_at":"2022-06-03T00:00:29Z","in_kev":false,"epss_prob":0.00283,"epss_percentile":0.51697,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.0.5","total_count":49,"recent":["v0.10.13","v0.10.12","v0.5.1","v0.10.1","v1.0.4","v0.11.0","v0.11.2","v0.7.1","v0.11.3","v0.9.1","v0.10.11","v0.10.4","v0.11.4","v0.7.6","v0.8.2","v0.11.1","v0.10.6","v1.0.1","v1.0.0-beta2","v0.9.4"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":384,"first_published":null,"last_published":"2020-01-15T16:57:41Z","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":3,"bugs_severity":{"medium":1,"low":1,"critical":1},"status_breakdown":{"fixed":3},"link":"/api/bugs/go/github.com/caddyserver/caddy?version=v1.0.5","scope":"version","details":[{"title":"Open redirect in caddy","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"2.5.0","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29718"},{"title":"Caddy allows enumeration of Certificates and Hostnames","severity":"low","status":"fixed","affected_version":null,"fixed_version":"0.11.1","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19148"},{"title":"Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication","severity":"critical","status":"fixed","affected_version":null,"fixed_version":"0.10.13","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21246"}]},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v1.0.5","version_hint":"Update to >= 2.5.0 to fix known vulnerabilities","summary":"github.com/caddyserver/caddy@v1.0.5 is safe to use (health: 60/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":39,"active_contributors_12m":39,"primary_author_ratio":0.25,"owner_account_age_days":3964,"is_archived":false,"stars":71842,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}