{"package":"github.com/caddyserver/caddy/v2","ecosystem":"go","latest_version":"v2.11.2","description":"Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/caddyserver/caddy/v2","repository":"https://github.com/caddyserver/caddy/v2","downloads_weekly":71808,"health":{"score":85,"risk":"low","breakdown":{"maintenance":20,"popularity":10,"security":25,"maturity":15,"community":15},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"v2.11.2","total_count":100,"recent":["v2.1.0-beta.2","v2.5.1","v2.6.0-beta.1","v2.0.0-rc.2","v2.1.1","v2.0.0-beta.14","v2.2.0-rc.2","v2.2.3","v2.3.0-1","v2.4.3","v2.11.2","v2.5.0-rc.1","v2.3.0-rc.2","v2.8.2","v2.6.4","v2.5.0","v2.5.2","v2.4.4","v2.7.5","v2.11.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":384,"first_published":null,"last_published":"2026-03-05T15:41:54Z","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":15,"bugs_severity":{"high":4,"medium":11},"status_breakdown":{"fixed":15},"link":"/api/bugs/go/github.com/caddyserver/caddy/v2?version=v2.11.2","scope":"version","details":[{"title":"Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass","severity":"high","status":"fixed","affected_version":null,"fixed_version":"2.11.1","url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-x76f-jf84-rqj8"},{"title":"Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed","severity":"high","status":"fixed","affected_version":null,"fixed_version":"2.11.1","url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7"},{"title":"Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass","severity":"high","status":"fixed","affected_version":null,"fixed_version":"2.11.1","url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-g7pc-pc7g-h8jh"},{"title":"Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport","severity":"high","status":"fixed","affected_version":null,"fixed_version":"2.11.1","url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g"},{"title":"Caddy MatchHost becomes case-sensitive in github.com/caddyserver/caddy/v2","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"2.11.1","url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-x76f-jf84-rqj8"}]},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v2.11.2","version_hint":null,"summary":"github.com/caddyserver/caddy/v2@v2.11.2 is safe to use (health: 85/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}