{"package":"github.com/openshift/osin","ecosystem":"go","latest_version":"v1.0.1","description":"Golang OAuth2 server library","license":"BSD-3-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/openshift/osin","repository":"https://github.com/openshift/osin","downloads_weekly":1934,"health":{"score":37,"risk":"critical","breakdown":{"maintenance":0,"popularity":6,"security":23,"maturity":3,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2021-4294","severity":"medium","summary":"OpenShift OSIN vulnerable to Observable Timing Discrepancy","affected_versions":"<1.0.2-0.20210113124101-8612686d6dda","fixed_version":"1.0.2-0.20210113124101-8612686d6dda","source":"osv","published_at":"2022-12-28T18:30:20Z","in_kev":false,"epss_prob":0.00215,"epss_percentile":0.43871,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-4294","severity":"unknown","summary":"Timing attack in github.com/openshift/osin","affected_versions":"<1.0.2-0.20210113124101-8612686d6dda","fixed_version":"1.0.2-0.20210113124101-8612686d6dda","source":"osv","published_at":"2023-01-03T22:25:20Z","in_kev":false,"epss_prob":0.00215,"epss_percentile":0.43871,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.0.1","total_count":2,"recent":["v1.0.0","v1.0.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":56,"first_published":null,"last_published":"2018-07-18T11:23:22Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"use_with_caution","issues":["Low health score (37/100)"],"use_version":"v1.0.1","version_hint":"Update to >= 1.0.2-0.20210113124101-8612686d6dda to fix known vulnerabilities","summary":"github.com/openshift/osin@v1.0.1 low health (37/100) — consider alternatives"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":787,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":2,"first_release_age_days":3054,"last_release_days_ago":2844,"avg_days_between_releases":3054,"release_velocity":"stale"}}