{"package":"github.com/go-pg/pg/v9","ecosystem":"go","latest_version":"v9.2.1","description":"Golang ORM with focus on PostgreSQL features and performance","license":"BSD-2-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/go-pg/pg/v9","repository":"https://github.com/go-pg/pg/v9","downloads_weekly":5783,"health":{"score":46,"risk":"high","breakdown":{"maintenance":0,"popularity":6,"security":23,"maturity":12,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2024-44905","severity":"medium","summary":"go-pg SQL injection vulnerability via the component /types/append_value.go","affected_versions":"<10.15.0|<=9.2.1|<=8.0.7","fixed_version":"10.15.0","source":"osv","published_at":"2025-06-12T18:31:47Z","in_kev":false,"epss_prob":0.00199,"epss_percentile":0.41752,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-44905","severity":"unknown","summary":"SQL injection vulnerability via the component /types/append_value.go in github.com/go-pg/pg","affected_versions":"<10.15.0","fixed_version":"10.15.0","source":"osv","published_at":"2025-07-21T15:05:07Z","in_kev":false,"epss_prob":0.00199,"epss_percentile":0.41752,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v9.2.1","total_count":31,"recent":["v9.0.3","v9.0.0-beta.1","v9.1.4","v9.1.6","v9.0.0-beta.10","v9.0.0-beta.12","v9.0.4","v9.1.3","v9.0.0","v9.1.0","v9.0.0-beta.4","v9.0.0-beta.9","v9.0.0-beta.11","v9.0.0-beta.5","v9.0.0-beta.6","v9.0.0-beta.3","v9.0.0-beta.14","v9.0.0-beta.8","v9.1.5","v9.0.0-beta.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":74,"first_published":null,"last_published":"2021-04-22T14:56:56Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v9.2.1","version_hint":"Update to >= 10.15.0 to fix known vulnerabilities","summary":"github.com/go-pg/pg/v9@v9.2.1 is safe to use (health: 46/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":1832,"avg_days_between_releases":null,"release_velocity":"stale"}}