{"package":"github.com/weaveworks/weave","ecosystem":"go","latest_version":"v1.9.8","description":"Simple, resilient multi-host containers networking and more.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/weaveworks/weave","repository":"https://github.com/weaveworks/weave","downloads_weekly":6618,"health":{"score":44,"risk":"high","breakdown":{"maintenance":0,"popularity":6,"security":23,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2020-11091","severity":"medium","summary":"Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements","affected_versions":"<2.6.3","fixed_version":"2.6.3","source":"osv","published_at":"2021-05-27T19:00:08Z","in_kev":false,"epss_prob":0.00166,"epss_percentile":0.3745,"threat_tier":"theoretical"},{"vuln_id":"CVE-2020-11091","severity":"unknown","summary":"Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave","affected_versions":"<2.6.3+incompatible","fixed_version":"2.6.3+incompatible","source":"osv","published_at":"2024-08-21T15:28:59Z","in_kev":false,"epss_prob":0.00166,"epss_percentile":0.3745,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.9.8","total_count":70,"recent":["v1.2.1","v1.9.3","v0.11.0","v0.11.2","v2.6.3+incompatible","v1.4.0","v1.2.0","v2.0.5+incompatible","v1.6.1","v2.1.3+incompatible","v0.11.1","v1.9.2","v1.9.5","v1.8.1","v2.0.3+incompatible","v1.6.2","v1.0.1","v1.1.0","v2.6.2+incompatible","v2.2.1+incompatible"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":106,"first_published":null,"last_published":"2017-06-15T17:05:11Z","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v1.9.8","version_hint":"Update to >= 2.6.3+incompatible to fix known vulnerabilities","summary":"github.com/weaveworks/weave@v1.9.8 is safe to use (health: 44/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1027,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}