{"package":"github.com/ginuerzh/gost","ecosystem":"go","latest_version":"v0.0.0-20241231130840-1d516e35e654","description":"GO Simple Tunnel - a simple tunnel written in golang","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/ginuerzh/gost","repository":"https://github.com/ginuerzh/gost","downloads_weekly":17875,"health":{"score":42,"risk":"high","breakdown":{"maintenance":5,"popularity":10,"security":13,"maturity":9,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":1,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2024-39223","severity":"critical","summary":"Missing key verification in gost","affected_versions":"<=2.11.5","fixed_version":null,"source":"osv","published_at":"2024-07-03T18:48:20Z","in_kev":false,"epss_prob":0.00063,"epss_percentile":0.19352,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-32691","severity":"medium","summary":"ginuerzh/gost vulnerable to Timing Attack","affected_versions":"<=2.11.5","fixed_version":null,"source":"osv","published_at":"2023-05-22T19:47:15Z","in_kev":false,"epss_prob":0.00376,"epss_percentile":0.59178,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-39223","severity":"unknown","summary":"Missing key verification in gost in github.com/ginuerzh/gost","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2024-10-28T15:20:02Z","in_kev":false,"epss_prob":0.00063,"epss_percentile":0.19352,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.0.0-20241231130840-1d516e35e654","total_count":1,"recent":["v2.6.1+incompatible"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":46,"first_published":null,"last_published":"2024-12-31T13:08:40Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"v0.0.0-20241231130840-1d516e35e654","version_hint":null,"summary":"github.com/ginuerzh/gost has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1938,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":2,"first_release_age_days":2716,"last_release_days_ago":485,"avg_days_between_releases":2716,"release_velocity":"stale"}}