{"package":"github.com/lxc/lxd","ecosystem":"go","latest_version":"v0.7.0","description":"Powerful system container and virtual machine manager ","license":"","license_risk":"unknown","commercial_use_notes":"No license declared in registry metadata — verify manually before commercial use.","homepage":"https://pkg.go.dev/github.com/lxc/lxd","repository":"https://github.com/lxc/lxd","downloads_weekly":5270,"health":{"score":32,"risk":"critical","breakdown":{"maintenance":0,"popularity":6,"security":15,"maturity":6,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":0,"high":2,"medium":0,"low":2,"details":[{"vuln_id":"CVE-2015-1340","severity":"high","summary":"LXD vulnerable to Race Condition","affected_versions":"<0.0.0-20151004155856-19c6961cc101","fixed_version":"0.0.0-20151004155856-19c6961cc101","source":"osv","published_at":"2022-05-24T16:44:07Z","in_kev":false,"epss_prob":0.00327,"epss_percentile":0.55565,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-54287","severity":"high","summary":"Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns","affected_versions":">=4.0.0,<5.21.4|>=6.0.0,<6.5.0|>=0.0.0-20200331193331-03aab09f5b5c,<0.0.0-20250827065555-0494f5d47e41","fixed_version":"0.0.0-20250827065555-0494f5d47e41","source":"osv","published_at":"2025-10-02T21:21:33Z","in_kev":false,"epss_prob":0.0007,"epss_percentile":0.21258,"threat_tier":"theoretical"},{"vuln_id":"CVE-2015-1340","severity":"unknown","summary":"Race condition in github.com/lxc/lxd","affected_versions":"<0.0.0-20151004155856-19c6961cc101","fixed_version":"0.0.0-20151004155856-19c6961cc101","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.00327,"epss_percentile":0.55565,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-54287","severity":"unknown","summary":"Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2025-11-05T18:41:15Z","in_kev":false,"epss_prob":0.0007,"epss_percentile":0.21258,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.7.0","total_count":8,"recent":["v0.7.0","v0.3.0","v0.6.0","v0.5.0","v0.4.0","v0.5.1","v0.1.0","v0.2.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":580,"first_published":null,"last_published":"2024-03-26T01:06:36Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (32/100)","2 high severity vulnerabilities"],"use_version":"v0.7.0","version_hint":"Update to >= 0.0.0-20151004155856-19c6961cc101 to fix known vulnerabilities","summary":"github.com/lxc/lxd@v0.7.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":930,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":8,"first_release_age_days":937,"last_release_days_ago":766,"avg_days_between_releases":134,"release_velocity":"stale"}}