{"package":"github.com/sagernet/sing-box","ecosystem":"go","latest_version":"v1.13.11","description":"The universal proxy platform","license":"GPL-3.0-or-later","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://pkg.go.dev/github.com/sagernet/sing-box","repository":"https://github.com/sagernet/sing-box","downloads_weekly":32966,"health":{"score":70,"risk":"moderate","breakdown":{"maintenance":25,"popularity":10,"security":15,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2023-43644","severity":"critical","summary":"sing-box vulnerable to improper authentication in the SOCKS inbound","affected_versions":"<1.4.5|>=1.5.0-beta.1,<1.5.0-rc.5|<0.2.12-0.20230925092853-5b05b5c147d9","fixed_version":"0.2.12-0.20230925092853-5b05b5c147d9","source":"osv","published_at":"2023-09-26T19:35:39Z","in_kev":false,"epss_prob":0.00174,"epss_percentile":0.38508,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.13.11","total_count":524,"recent":["v1.13.0-beta.4","v1.11.0-beta.10","v1.8.0-alpha.8","v1.12.0-beta.26","v1.12.0-beta.9","v1.12.0-alpha.15","v1.6.0-alpha.4","v1.12.0-beta.11","v1.13.0-alpha.32","v1.7.6","v1.12.7","v1.12.24","v1.8.0-alpha.11","v1.11.0-alpha.6","v1.7.0-alpha.1","v1.8.0-beta.7","v1.11.0-rc.1","v1.14.0-alpha.12","v1.11.0-alpha.17","v1.5.0-rc.4"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":101,"first_published":null,"last_published":"2026-04-22T23:30:34Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":1,"bugs_severity":{"critical":1},"status_breakdown":{"fixed":1},"link":"/api/bugs/go/github.com/sagernet/sing-box?version=v1.13.11","scope":"version","details":[{"title":"sing-box vulnerable to improper authentication in the SOCKS inbound","severity":"critical","status":"fixed","affected_version":null,"fixed_version":"1.4.5","url":"https://github.com/SagerNet/sing-box/security/advisories/GHSA-r5hm-mp3j-285g"}]},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"v1.13.11","version_hint":"Update to >= 0.2.12-0.20230925092853-5b05b5c147d9 to fix known vulnerabilities","summary":"github.com/sagernet/sing-box has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":6,"avg_days_between_releases":null,"release_velocity":"active"}}