{"package":"github.com/openziti/zrok","ecosystem":"go","latest_version":"v1.1.11","description":"Secure internet sharing made simple.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/openziti/zrok","repository":"https://github.com/openziti/zrok","downloads_weekly":4370,"health":{"score":67,"risk":"moderate","breakdown":{"maintenance":20,"popularity":6,"security":16,"maturity":15,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":1,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2026-40304","severity":"medium","summary":"zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records","affected_versions":"<=1.1.11|<2.0.1","fixed_version":"2.0.1","source":"osv","published_at":"2026-04-16T21:09:23Z","in_kev":false,"epss_prob":0.00013,"epss_percentile":0.02354,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-40302","severity":"medium","summary":"zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering","affected_versions":"<=1.1.11|<2.0.1","fixed_version":"2.0.1","source":"osv","published_at":"2026-04-16T21:08:55Z","in_kev":false,"epss_prob":0.00011,"epss_percentile":0.01323,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-40303","severity":"high","summary":"zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing","affected_versions":"<=1.1.11|<2.0.1","fixed_version":"2.0.1","source":"osv","published_at":"2026-04-16T21:09:08Z","in_kev":false,"epss_prob":0.00029,"epss_percentile":0.0825,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.1.11","total_count":124,"recent":["v0.4.0-rc7","v0.3.0-rc4","v0.2.18","v0.4.17","v1.0.0-rc3","v1.0.1","v0.3.0-rc2","v0.4.11","v1.1.0","v1.0.7","v1.0.0-rc2","v1.1.7","v0.2.7","v0.4.22","v0.2.0","v0.2.16","v0.4.2","v0.3.2","v0.4.8","v0.4.0-rc10"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":36,"first_published":null,"last_published":"2026-02-03T16:51:36Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":4375,"forks":195,"open_issues":118,"is_archived":false,"pushed_at":"2026-04-30T18:28:43Z","subscribers_count":29},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"v1.1.11","version_hint":"Update to >= 2.0.1 to fix known vulnerabilities","summary":"github.com/openziti/zrok@v1.1.11 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":2166,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":21,"first_release_age_days":1275,"last_release_days_ago":86,"avg_days_between_releases":64,"release_velocity":"active"}}