{"package":"github.com/milvus-io/milvus","ecosystem":"go","latest_version":"v1.1.1","description":"Milvus is a high-performance, cloud-native vector database built for scalable vector ANN search","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/milvus-io/milvus","repository":"https://github.com/milvus-io/milvus","downloads_weekly":43880,"health":{"score":40,"risk":"high","breakdown":{"maintenance":0,"popularity":10,"security":5,"maturity":12,"community":13},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":2,"high":0,"medium":0,"low":2,"details":[{"vuln_id":"BIT-milvus-2026-26190","severity":"critical","summary":"Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise","affected_versions":"<2.5.27|>=2.6.0,<2.6.10","fixed_version":"2.6.10","source":"osv","published_at":"2026-02-11T19:49:44Z"},{"vuln_id":"BIT-milvus-2025-64513","severity":"critical","summary":"Milvus Proxy has a Critical Authentication Bypass Vulnerability","affected_versions":">=0.10.4,<2.4.24|>=2.5.0,<2.5.21|>=2.6.0,<2.6.5|<0.10.3-0.20251107071934-6102f001a971","fixed_version":"0.10.3-0.20251107071934-6102f001a971","source":"osv","published_at":"2025-11-13T15:55:00Z"},{"vuln_id":"BIT-milvus-2025-64513","severity":"unknown","summary":"Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus","affected_versions":">=0.10.4,<0.10.3-0.20251107071934-6102f001a971","fixed_version":"0.10.3-0.20251107071934-6102f001a971","source":"osv","published_at":"2025-11-17T19:11:25Z"},{"vuln_id":"BIT-milvus-2026-26190","severity":"unknown","summary":"Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2026-02-17T18:09:06Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.1.1","total_count":22,"recent":["v0.5.2","v1.0.0","v0.8.0","v0.6.0","v0.10.5","v0.10.0","v0.5.3","v0.10.2","v0.5.0","v1.1.1","v0.10.3","v0.9.0","v0.5.1","v0.10.1","v0.11.0","v0.7.1","v0.9.1","v0.10.4","v0.10.6","v1.1.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":355,"first_published":null,"last_published":"2021-06-16T06:49:09Z","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":2,"bugs_severity":{"medium":1,"critical":1},"status_breakdown":{"open":1,"fixed":1},"link":"/api/bugs/go/github.com/milvus-io/milvus?version=v1.1.1","scope":"version","details":[{"title":"Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus","severity":"medium","status":"open","affected_version":null,"fixed_version":null,"url":"https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"},{"title":"Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise","severity":"critical","status":"fixed","affected_version":null,"fixed_version":"2.5.27","url":"https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"}]},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["2 critical vulnerabilities"],"use_version":"v1.1.1","version_hint":"Update to >= 0.10.3-0.20251107071934-6102f001a971 to fix known vulnerabilities","summary":"github.com/milvus-io/milvus has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":29,"active_contributors_12m":29,"primary_author_ratio":0.11,"owner_account_age_days":2509,"is_archived":false,"stars":43984,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}