{"package":"golang.org/x/net","ecosystem":"go","latest_version":"v0.53.0","description":"","license":"BSD-3-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/golang.org/x/net","repository":"https://github.com/golang/net","downloads_weekly":0,"health":{"score":40,"risk":"high","breakdown":{"maintenance":25,"popularity":0,"security":0,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":24,"critical":0,"high":11,"medium":2,"low":11,"details":[{"vuln_id":"CVE-2018-17142","severity":"high","summary":"golang.org/x/net/html NULL Pointer Dereference vulnerability","affected_versions":"<0.0.0-20180925071336-cf3bd585ca2a","fixed_version":"0.0.0-20180925071336-cf3bd585ca2a","source":"osv","published_at":"2022-05-13T01:19:23Z","in_kev":false,"epss_prob":0.00652,"epss_percentile":0.70978,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-9512","severity":"high","summary":"golang.org/x/net/http vulnerable to a reset flood","affected_versions":"<0.0.0-20190813141303-74dc4d7220e7","fixed_version":"0.0.0-20190813141303-74dc4d7220e7","source":"osv","published_at":"2022-05-24T16:53:19Z","in_kev":false,"epss_prob":0.51232,"epss_percentile":0.97894,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2018-17847","severity":"high","summary":"golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer","affected_versions":"<0.0.0-20190125002852-4b62a64f59f7","fixed_version":"0.0.0-20190125002852-4b62a64f59f7","source":"osv","published_at":"2022-05-13T01:19:29Z","in_kev":false,"epss_prob":0.00693,"epss_percentile":0.71937,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-17075","severity":"high","summary":"golang.org/x/net/html NULL Pointer Dereference vulnerability","affected_versions":"<0.0.0-20180816102801-aaf60122140d","fixed_version":"0.0.0-20180816102801-aaf60122140d","source":"osv","published_at":"2022-05-13T01:19:22Z","in_kev":false,"epss_prob":0.0075,"epss_percentile":0.73251,"threat_tier":"theoretical"},{"vuln_id":"BIT-golang-2022-27664","severity":"high","summary":"golang.org/x/net/http2 Denial of Service vulnerability","affected_versions":"<0.0.0-20220906165146-f3363e06e74c|<0.0.0-20220906165146-f3363e06e74c","fixed_version":"0.0.0-20220906165146-f3363e06e74c","source":"osv","published_at":"2022-09-07T00:01:51Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-golang-2021-33194","severity":"high","summary":"golang.org/x/net/html Infinite Loop vulnerability","affected_versions":"<0.0.0-20210520170846-37e1c6afe023","fixed_version":"0.0.0-20210520170846-37e1c6afe023","source":"osv","published_at":"2022-05-24T19:03:21Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2018-17143","severity":"high","summary":"golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer","affected_versions":"<0.0.0-20180921000356-2f5d2388922f","fixed_version":"0.0.0-20180921000356-2f5d2388922f","source":"osv","published_at":"2022-05-13T01:19:23Z","in_kev":false,"epss_prob":0.00609,"epss_percentile":0.69805,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-41721","severity":"high","summary":"golang.org/x/net/http2/h2c vulnerable to request smuggling attack","affected_versions":">=0.0.0-20220524220425-1d687d428aca,<0.1.1-0.20221104162952-702349b0e862","fixed_version":"0.1.1-0.20221104162952-702349b0e862","source":"osv","published_at":"2023-01-14T00:30:23Z","in_kev":false,"epss_prob":0.00074,"epss_percentile":0.22249,"threat_tier":"theoretical"},{"vuln_id":"BIT-golang-2021-31525","severity":"medium","summary":"golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion","affected_versions":"<0.0.0-20210428140749-89ef3d95e781","fixed_version":"0.0.0-20210428140749-89ef3d95e781","source":"osv","published_at":"2022-05-24T19:03:29Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2019-9512","severity":"high","summary":"golang.org/x/net/http vulnerable to ping floods","affected_versions":"<0.0.0-20190813141303-74dc4d7220e7","fixed_version":"0.0.0-20190813141303-74dc4d7220e7","source":"osv","published_at":"2022-05-24T16:53:17Z","in_kev":false,"epss_prob":0.51232,"epss_percentile":0.97894,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2018-17847","severity":"high","summary":"golang.org/x/net/html Improper Validation of Array Index vulnerability","affected_versions":"<0.0.0-20190125002852-4b62a64f59f7","fixed_version":"0.0.0-20190125002852-4b62a64f59f7","source":"osv","published_at":"2022-05-13T01:26:08Z","in_kev":false,"epss_prob":0.00693,"epss_percentile":0.71937,"threat_tier":"theoretical"},{"vuln_id":"BIT-apisix-2023-44487","severity":"medium","summary":"HTTP/2 Stream Cancellation Attack","affected_versions":"<1.28.0|<0.17.0|>=11.0.0-M1,<11.0.0-M12|>=10.0.0,<10.1.14|>=9.0.0,<9.0.81|>=8.5.0,<8.5.94|>=11.0.0-M1,<11.0.0-M12|>=10.0.0,<10.1.14|>=9.0.0,<9.0.81|>=8.5.0,<8.5.94|>=9.3.0,<9.4.53|>=10.0.0,<10.0.17|>=11.0.0,<11.0.17|>=9.3.0,<9.4.53|>=10.0.0,<10.0.17|>=11.0.0,<11.0.17|>=12.0.0,<12.0.2|>=12.0.0,<12.0.2|<10.5.3|<10.5.3|<10.5.3|<=10.1.15|=11.0.0-M1|=11.0.0-M10|=11.0.0-M11|=11.0.0-M3|=11.0.0-M4|=11.0.0-M5|=11.0.0-M6|=11.0.0-M7|=11.0.0-M9|=10.0.0|=10.0.10|=10.0.11|=10.0.12|=10.0.13|=10.0.14|=10.0.16|=10.0.17|=10.0.18|=10.0.2|=10.0.20|=10.0.21|=10.0.22|=10.0.23|=10.0.26|=10.0.27|=10.0.4|=10.0.5|=10.0.6|=10.0.7|=10.0.8|=10.1.0|=10.1.0-M1|=10.1.0-M10|=10.1.0-M11|=10.1.0-M12|=10.1.0-M14|=10.1.0-M15|=10.1.0-M16|=10.1.0-M17|=10.1.0-M2|=10.1.0-M4|=10.1.0-M5|=10.1.0-M6|=10.1.0-M7|=10.1.0-M8|=10.1.1|=10.1.10|=10.1.11|=10.1.12|=10.1.13|=10.1.2|=10.1.4|=10.1.5|=10.1.6|=10.1.7|=10.1.8|=10.1.9|=9.0.1|=9.0.10|=9.0.11|=9.0.12|=9.0.13|=9.0.14|=9.0.16|=9.0.17|=9.0.19|=9.0.2|=9.0.20|=9.0.21|=9.0.22|=9.0.24|=9.0.26|=9.0.27|=9.0.29|=9.0.30|=9.0.31|=9.0.33|=9.0.34|=9.0.35|=9.0.36|=9.0.37|=9.0.38|=9.0.39|=9.0.4|=9.0.40|=9.0.41|=9.0.43|=9.0.44|=9.0.45|=9.0.46|=9.0.48|=9.0.5|=9.0.50|=9.0.52|=9.0.53|=9.0.54|=9.0.55|=9.0.56|=9.0.58|=9.0.59|=9.0.6|=9.0.60|=9.0.62|=9.0.63|=9.0.64|=9.0.65|=9.0.67|=9.0.68|=9.0.69|=9.0.7|=9.0.70|=9.0.71|=9.0.72|=9.0.73|=9.0.74|=9.0.75|=9.0.76|=9.0.78|=9.0.79|=9.0.8|=9.0.80|=8.5.0|=8.5.11|=8.5.12|=8.5.13|=8.5.14|=8.5.15|=8.5.16|=8.5.19|=8.5.2|=8.5.20|=8.5.21|=8.5.23|=8.5.24|=8.5.27|=8.5.28|=8.5.29|=8.5.3|=8.5.30|=8.5.31|=8.5.32|=8.5.33|=8.5.34|=8.5.35|=8.5.37|=8.5.38|=8.5.39|=8.5.4|=8.5.40|=8.5.41|=8.5.42|=8.5.43|=8.5.45|=8.5.46|=8.5.47|=8.5.49|=8.5.5|=8.5.50|=8.5.51|=8.5.53|=8.5.54|=8.5.55|=8.5.56|=8.5.57|=8.5.58|=8.5.59|=8.5.6|=8.5.60|=8.5.61|=8.5.63|=8.5.64|=8.5.65|=8.5.66|=8.5.68|=8.5.69|=8.5.70|=8.5.71|=8.5.72|=8.5.73|=8.5.75|=8.5.76|=8.5.77|=8.5.78|=8.5.79|=8.5.8|=8.5.81|=8.5.82|=8.5.83|=8.5.84|=8.5.85|=8.5.86|=8.5.87|=8.5.88|=8.5.89|=8.5.9|=8.5.90|=8.5.91|=8.5.92|=8.5.93|=11.0.0-M1|=11.0.0-M10|=11.0.0-M11|=11.0.0-M3|=11.0.0-M4|=11.0.0-M5|=11.0.0-M6|=11.0.0-M7|=11.0.0-M9|=10.0.0|=10.0.10|=10.0.11|=10.0.12|=10.0.13|=10.0.14|=10.0.16|=10.0.17|=10.0.18|=10.0.2|=10.0.20|=10.0.21|=10.0.22|=10.0.23|=10.0.26|=10.0.27|=10.0.4|=10.0.5|=10.0.6|=10.0.7|=10.0.8|=10.1.0|=10.1.0-M1|=10.1.0-M10|=10.1.0-M11|=10.1.0-M12|=10.1.0-M14|=10.1.0-M15|=10.1.0-M16|=10.1.0-M17|=10.1.0-M2|=10.1.0-M4|=10.1.0-M5|=10.1.0-M6|=10.1.0-M7|=10.1.0-M8|=10.1.1|=10.1.10|=10.1.11|=10.1.12|=10.1.13|=10.1.2|=10.1.4|=10.1.5|=10.1.6|=10.1.7|=10.1.8|=10.1.9|=9.0.1|=9.0.10|=9.0.11|=9.0.12|=9.0.13|=9.0.14|=9.0.16|=9.0.17|=9.0.19|=9.0.2|=9.0.20|=9.0.21|=9.0.22|=9.0.24|=9.0.26|=9.0.27|=9.0.29|=9.0.30|=9.0.31|=9.0.33|=9.0.34|=9.0.35|=9.0.36|=9.0.37|=9.0.38|=9.0.39|=9.0.4|=9.0.40|=9.0.41|=9.0.43|=9.0.44|=9.0.45|=9.0.46|=9.0.48|=9.0.5|=9.0.50|=9.0.52|=9.0.53|=9.0.54|=9.0.55|=9.0.56|=9.0.58|=9.0.59|=9.0.6|=9.0.60|=9.0.62|=9.0.63|=9.0.64|=9.0.65|=9.0.67|=9.0.68|=9.0.69|=9.0.7|=9.0.70|=9.0.71|=9.0.72|=9.0.73|=9.0.74|=9.0.75|=9.0.76|=9.0.78|=9.0.79|=9.0.8|=9.0.80|=8.5.0|=8.5.11|=8.5.12|=8.5.13|=8.5.14|=8.5.15|=8.5.16|=8.5.19|=8.5.2|=8.5.20|=8.5.21|=8.5.23|=8.5.24|=8.5.27|=8.5.28|=8.5.29|=8.5.3|=8.5.30|=8.5.31|=8.5.32|=8.5.33|=8.5.34|=8.5.35|=8.5.37|=8.5.38|=8.5.39|=8.5.4|=8.5.40|=8.5.41|=8.5.42|=8.5.43|=8.5.45|=8.5.46|=8.5.47|=8.5.49|=8.5.5|=8.5.50|=8.5.51|=8.5.53|=8.5.54|=8.5.55|=8.5.56|=8.5.57|=8.5.58|=8.5.59|=8.5.6|=8.5.60|=8.5.61|=8.5.63|=8.5.64|=8.5.65|=8.5.66|=8.5.68|=8.5.69|=8.5.70|=8.5.71|=8.5.72|=8.5.73|=8.5.75|=8.5.76|=8.5.77|=8.5.78|=8.5.79|=8.5.8|=8.5.81|=8.5.82|=8.5.83|=8.5.84|=8.5.85|=8.5.86|=8.5.87|=8.5.88|=8.5.89|=8.5.9|=8.5.90|=8.5.91|=8.5.92|=8.5.93|=9.3.0.v20150612|=9.3.1.v20150714|=9.3.10.M0|=9.3.10.v20160621|=9.3.11.M0|=9.3.11.v20160721|=9.3.12.v20160915|=9.3.13.M0|=9.3.13.v20161014|=9.3.14.v20161028|=9.3.15.v20161220|=9.3.16.v20170120|=9.3.17.RC0|=9.3.17.v20170317|=9.3.18.v20170406|=9.3.19.v20170502|=9.3.2.v20150730|=9.3.20.v20170531|=9.3.21.M0|=9.3.21.RC0|=9.3.21.v20170918|=9.3.22.v20171030|=9.3.23.v20180228|=9.3.24.v20180605|=9.3.25.v20180904|=9.3.26.v20190403|=9.3.27.v20190418|=9.3.28.v20191105|=9.3.29.v20201019|=9.3.3.v20150827|=9.3.30.v20211001|=9.3.4.RC0|=9.3.4.RC1|=9.3.4.v20151007|=9.3.5.v20151012|=9.3.6.v20151106|=9.3.7.RC0|=9.3.7.RC1|=9.3.7.v20160115|=9.3.8.RC0|=9.3.8.v20160314|=9.3.9.M0|=9.3.9.M1|=9.3.9.v20160517|=9.4.0.M0|=9.4.0.M1|=9.4.0.RC0|=9.4.0.RC1|=9.4.0.RC2|=9.4.0.RC3|=9.4.0.v20161208|=9.4.0.v20180619|=9.4.1.v20170120|=9.4.1.v20180619|=9.4.10.RC0|=9.4.10.RC1|=9.4.10.v20180503|=9.4.11.v20180605|=9.4.12.RC0|=9.4.12.RC1|=9.4.12.RC2|=9.4.12.v20180830|=9.4.13.v20181111|=9.4.14.v20181114|=9.4.15.v20190215|=9.4.16.v20190411|=9.4.17.v20190418|=9.4.18.v20190429|=9.4.19.v20190610|=9.4.2.v20170220|=9.4.2.v20180619|=9.4.20.v20190813|=9.4.21.v20190926|=9.4.22.v20191022|=9.4.23.v20191118|=9.4.24.v20191120|=9.4.25.v20191220|=9.4.26.v20200117|=9.4.27.v20200227|=9.4.28.v20200408|=9.4.29.v20200521|=9.4.3.v20170317|=9.4.3.v20180619|=9.4.30.v20200611|=9.4.31.v20200723|=9.4.32.v20200930|=9.4.33.v20201020|=9.4.34.v20201102|=9.4.35.v20201120|=9.4.36.v20210114|=9.4.37.v20210219|=9.4.38.v20210224|=9.4.39.v20210325|=9.4.4.v20170414|=9.4.4.v20180619|=9.4.40.v20210413|=9.4.41.v20210516|=9.4.42.v20210604|=9.4.43.v20210629|=9.4.44.v20210927|=9.4.45.v20220203|=9.4.46.v20220331|=9.4.47.v20220610|=9.4.48.v20220622|=9.4.49.v20220914|=9.4.5.v20170502|=9.4.5.v20180619|=9.4.50.v20221201|=9.4.51.v20230217|=9.4.52.v20230823|=9.4.6.v20170531|=9.4.6.v20180619|=9.4.7.RC0|=9.4.7.v20170914|=9.4.7.v20180619|=9.4.8.v20171121|=9.4.8.v20180619|=9.4.9.v20180320|=10.0.0|=10.0.1|=10.0.10|=10.0.11|=10.0.12|=10.0.13|=10.0.14|=10.0.15|=10.0.16|=10.0.2|=10.0.3|=10.0.4|=10.0.5|=10.0.6|=10.0.7|=10.0.8|=10.0.9|=11.0.0|=11.0.1|=11.0.10|=11.0.11|=11.0.12|=11.0.13|=11.0.14|=11.0.15|=11.0.16|=11.0.2|=11.0.3|=11.0.4|=11.0.5|=11.0.6|=11.0.7|=11.0.8|=11.0.9|=9.3.0.v20150612|=9.3.1.v20150714|=9.3.10.M0|=9.3.10.v20160621|=9.3.11.M0|=9.3.11.v20160721|=9.3.12.v20160915|=9.3.13.M0|=9.3.13.v20161014|=9.3.14.v20161028|=9.3.15.v20161220|=9.3.16.v20170120|=9.3.17.RC0|=9.3.17.v20170317|=9.3.18.v20170406|=9.3.19.v20170502|=9.3.2.v20150730|=9.3.20.v20170531|=9.3.21.M0|=9.3.21.RC0|=9.3.21.v20170918|=9.3.22.v20171030|=9.3.23.v20180228|=9.3.24.v20180605|=9.3.25.v20180904|=9.3.26.v20190403|=9.3.27.v20190418|=9.3.28.v20191105|=9.3.29.v20201019|=9.3.3.v20150827|=9.3.30.v20211001|=9.3.4.RC0|=9.3.4.RC1|=9.3.4.v20151007|=9.3.5.v20151012|=9.3.6.v20151106|=9.3.7.RC0|=9.3.7.RC1|=9.3.7.v20160115|=9.3.8.RC0|=9.3.8.v20160314|=9.3.9.M0|=9.3.9.M1|=9.3.9.v20160517|=9.4.0.M0|=9.4.0.M1|=9.4.0.RC0|=9.4.0.RC1|=9.4.0.RC2|=9.4.0.RC3|=9.4.0.v20161208|=9.4.0.v20180619|=9.4.1.v20170120|=9.4.1.v20180619|=9.4.10.RC0|=9.4.10.RC1|=9.4.10.v20180503|=9.4.11.v20180605|=9.4.12.RC0|=9.4.12.RC1|=9.4.12.RC2|=9.4.12.v20180830|=9.4.13.v20181111|=9.4.14.v20181114|=9.4.15.v20190215|=9.4.16.v20190411|=9.4.17.v20190418|=9.4.18.v20190429|=9.4.19.v20190610|=9.4.2.v20170220|=9.4.2.v20180619|=9.4.20.v20190813|=9.4.21.v20190926|=9.4.22.v20191022|=9.4.23.v20191118|=9.4.24.v20191120|=9.4.25.v20191220|=9.4.26.v20200117|=9.4.27.v20200227|=9.4.28.v20200408|=9.4.29.v20200521|=9.4.3.v20170317|=9.4.3.v20180619|=9.4.30.v20200611|=9.4.31.v20200723|=9.4.32.v20200930|=9.4.33.v20201020|=9.4.34.v20201102|=9.4.35.v20201120|=9.4.36.v20210114|=9.4.37.v20210219|=9.4.38.v20210224|=9.4.39.v20210325|=9.4.4.v20170414|=9.4.4.v20180619|=9.4.40.v20210413|=9.4.41.v20210516|=9.4.42.v20210604|=9.4.43.v20210629|=9.4.44.v20210927|=9.4.45.v20220203|=9.4.46.v20220331|=9.4.47.v20220610|=9.4.48.v20220622|=9.4.49.v20220914|=9.4.5.v20170502|=9.4.5.v20180619|=9.4.50.v20221201|=9.4.51.v20230217|=9.4.52.v20230823|=9.4.6.v20170531|=9.4.6.v20180619|=9.4.7.RC0|=9.4.7.v20170914|=9.4.7.v20180619|=9.4.8.v20171121|=9.4.8.v20180619|=9.4.9.v20180320|=10.0.0|=10.0.1|=10.0.10|=10.0.11|=10.0.12|=10.0.13|=10.0.14|=10.0.15|=10.0.16|=10.0.2|=10.0.3|=10.0.4|=10.0.5|=10.0.6|=10.0.7|=10.0.8|=10.0.9|=11.0.0|=11.0.1|=11.0.10|=11.0.11|=11.0.12|=11.0.13|=11.0.14|=11.0.15|=11.0.16|=11.0.2|=11.0.3|=11.0.4|=11.0.5|=11.0.6|=11.0.7|=11.0.8|=11.0.9|=12.0.0|=12.0.1|=12.0.0|=12.0.1|=3.0.0-RC1|=10.1.10|=10.1.11|=10.1.12|=10.1.13|=10.1.14|=10.1.15|=10.1.8|=10.1.9|=10.2.0|=10.2.0-M1|=10.2.0-RC1|=10.2.0-RC2|=10.2.1|=10.2.10|=10.2.2|=10.2.3|=10.2.4|=10.2.5|=10.2.5-M1|=10.2.5-M2|=10.2.6|=10.2.7|=10.2.8|=10.2.9|=10.4.0|=10.4.0-M1|=10.4.0-M2|=10.5.0|=10.5.0-M1|=10.5.1|=10.5.2|=10.0.0|=10.0.0-RC2|=10.0.1|=10.0.10|=10.0.11|=10.0.12|=10.0.13|=10.0.14|=10.0.15|=10.0.2|=10.0.3|=10.0.4|=10.0.5|=10.0.6|=10.0.6+7-e2ba6752|=10.0.7|=10.0.8|=10.0.9|=10.1.0|=10.1.0-RC1|=10.1.0-RC2|=10.1.1|=10.1.10|=10.1.11|=10.1.12|=10.1.13|=10.1.14|=10.1.15|=10.1.2|=10.1.3|=10.1.4|=10.1.5|=10.1.6|=10.1.7|=10.1.8|=10.1.9|=10.2.0|=10.2.0-M1|=10.2.0-RC1|=10.2.0-RC2|=10.2.1|=10.2.10|=10.2.2|=10.2.3|=10.2.4|=10.2.5|=10.2.5-M1|=10.2.5-M2|=10.2.6|=10.2.7|=10.2.8|=10.2.9|=10.4.0|=10.4.0-M1|=10.4.0-M2|=10.5.0|=10.5.0-M1|=10.5.1|=10.5.2|=10.0.0|=10.0.0-RC2|=10.0.1|=10.0.10|=10.0.11|=10.0.12|=10.0.13|=10.0.14|=10.0.15|=10.0.2|=10.0.3|=10.0.4|=10.0.5|=10.0.6|=10.0.6+7-e2ba6752|=10.0.7|=10.0.8|=10.0.9|=10.1.0|=10.1.0-RC1|=10.1.0-RC2|=10.1.1|=10.1.10|=10.1.11|=10.1.12|=10.1.13|=10.1.14|=10.1.15|=10.1.2|=10.1.3|=10.1.4|=10.1.5|=10.1.6|=10.1.7|=10.1.8|=10.1.9|=2.4-ARTERY-M1|=2.4-ARTERY-M2|=2.4-ARTERY-M3|=2.4-ARTERY-M4|=2.4.10|=2.4.11|=2.4.11.1|=2.4.11.2|=2.4.2|=2.4.2-RC1|=2.4.2-RC2|=2.4.2-RC3|=2.4.3|=2.4.4|=2.4.5|=2.4.6|=2.4.7|=2.4.8|=2.4.9|=2.4.9-RC1|=2.4.9-RC2|=3.0.0-RC1","fixed_version":"10.5.3","source":"osv","published_at":"2023-10-10T21:28:24Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2018-17846","severity":"high","summary":"x/net/html Vulnerable to DoS During HTML Parsing","affected_versions":"<0.0.0-20190125091013-d26f9f9a57f3","fixed_version":"0.0.0-20190125091013-d26f9f9a57f3","source":"osv","published_at":"2023-09-25T17:33:10Z","in_kev":false,"epss_prob":0.0065,"epss_percentile":0.70929,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-17846","severity":"unknown","summary":"Infinite loop due to improper handling of \"select\" tags in golang.org/x/net/html","affected_versions":"<0.0.0-20190125091013-d26f9f9a57f3","fixed_version":"0.0.0-20190125091013-d26f9f9a57f3","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.0065,"epss_percentile":0.70929,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-17075","severity":"unknown","summary":"Panic when parsing malformed HTML in golang.org/x/net/html","affected_versions":"<0.0.0-20180816102801-aaf60122140d","fixed_version":"0.0.0-20180816102801-aaf60122140d","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.0075,"epss_percentile":0.73251,"threat_tier":"theoretical"},{"vuln_id":"BIT-golang-2021-33194","severity":"unknown","summary":"Infinite loop when parsing inputs in golang.org/x/net/html","affected_versions":"<0.0.0-20210520170846-37e1c6afe023","fixed_version":"0.0.0-20210520170846-37e1c6afe023","source":"osv","published_at":"2022-02-17T17:33:43Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2018-17142","severity":"unknown","summary":"Incorrect parsing of nested templates in golang.org/x/net/html","affected_versions":"<0.0.0-20180925071336-cf3bd585ca2a","fixed_version":"0.0.0-20180925071336-cf3bd585ca2a","source":"osv","published_at":"2022-07-01T20:11:34Z","in_kev":false,"epss_prob":0.00652,"epss_percentile":0.70978,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-17143","severity":"unknown","summary":"Panic on unconsidered isindex and template combination in golang.org/x/net/html","affected_versions":"<0.0.0-20180921000356-2f5d2388922f","fixed_version":"0.0.0-20180921000356-2f5d2388922f","source":"osv","published_at":"2022-07-06T18:14:54Z","in_kev":false,"epss_prob":0.00609,"epss_percentile":0.69805,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-17847","severity":"unknown","summary":"Panic when parsing certain inputs in golang.org/x/net/html","affected_versions":"<0.0.0-20190125002852-4b62a64f59f7","fixed_version":"0.0.0-20190125002852-4b62a64f59f7","source":"osv","published_at":"2022-07-01T20:15:19Z","in_kev":false,"epss_prob":0.00693,"epss_percentile":0.71937,"threat_tier":"theoretical"},{"vuln_id":"BIT-golang-2021-31525","severity":"unknown","summary":"Panic due to large headers in net/http and golang.org/x/net/http/httpguts","affected_versions":">=1.16.0-0,<1.16.4|<0.0.0-20210428140749-89ef3d95e781","fixed_version":"0.0.0-20210428140749-89ef3d95e781","source":"osv","published_at":"2022-07-15T23:04:18Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-golang-2021-44716","severity":"unknown","summary":"Unbounded memory growth in net/http and golang.org/x/net/http2","affected_versions":">=1.17.0-0,<1.17.5|<0.0.0-20211209124913-491a49abca63","fixed_version":"0.0.0-20211209124913-491a49abca63","source":"osv","published_at":"2022-07-15T23:08:33Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2019-9512","severity":"unknown","summary":"Reset flood in net/http and golang.org/x/net/http","affected_versions":">=1.12.0-0,<1.12.8|<0.0.0-20190813141303-74dc4d7220e7","fixed_version":"0.0.0-20190813141303-74dc4d7220e7","source":"osv","published_at":"2022-08-01T22:20:53Z","in_kev":false,"epss_prob":0.51232,"epss_percentile":0.97894,"threat_tier":"likely_exploited"},{"vuln_id":"BIT-golang-2022-27664","severity":"unknown","summary":"Denial of service in net/http and golang.org/x/net/http2","affected_versions":">=1.19.0-0,<1.19.1|<0.0.0-20220906165146-f3363e06e74c","fixed_version":"0.0.0-20220906165146-f3363e06e74c","source":"osv","published_at":"2022-09-12T20:23:06Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2022-41721","severity":"unknown","summary":"Request smuggling due to improper request handling in golang.org/x/net/http2/h2c","affected_versions":">=0.0.0-20220524220425-1d687d428aca,<0.1.1-0.20221104162952-702349b0e862","fixed_version":"0.1.1-0.20221104162952-702349b0e862","source":"osv","published_at":"2023-01-13T22:39:40Z","in_kev":false,"epss_prob":0.00074,"epss_percentile":0.22249,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":3},"versions":{"latest":"v0.53.0","total_count":53,"recent":["v0.49.0","v0.14.0","v0.44.0","v0.11.0","v0.1.0","v0.48.0","v0.31.0","v0.32.0","v0.28.0","v0.35.0","v0.13.0","v0.17.0","v0.51.0","v0.46.0","v0.29.0","v0.30.0","v0.39.0","v0.38.0","v0.2.0","v0.16.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-09T19:17:33Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":30,"bugs_severity":{"high":12,"medium":18},"status_breakdown":{"fixed":30},"link":"/api/bugs/go/golang.org/x/net?version=v0.53.0","scope":"version","details":[{"title":"golang.org/x/net vulnerable to Uncontrolled Resource Consumption","severity":"high","status":"fixed","affected_version":null,"fixed_version":"0.7.0","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41723"},{"title":"x/net/html Vulnerable to DoS During HTML Parsing","severity":"high","status":"fixed","affected_version":null,"fixed_version":"0.0.0-20190125091013-d26f9f9a57f3","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17846"},{"title":"golang.org/x/net/html Improper Validation of Array Index vulnerability","severity":"high","status":"fixed","affected_version":null,"fixed_version":"0.0.0-20190125002852-4b62a64f59f7","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17848"},{"title":"golang.org/x/net/http vulnerable to ping floods","severity":"high","status":"fixed","affected_version":null,"fixed_version":"0.0.0-20190813141303-74dc4d7220e7","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9512"},{"title":"golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer","severity":"high","status":"fixed","affected_version":null,"fixed_version":"0.0.0-20180921000356-2f5d2388922f","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17143"}]},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Moderate health score (40/100) — verify manually","11 high severity vulnerabilities"],"use_version":"v0.53.0","version_hint":"Update to >= 0.1.1-0.20221104162952-702349b0e862 to fix known vulnerabilities","summary":"golang.org/x/net@v0.53.0 has vulnerabilities — update to latest"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/go/golang.org%2Fx%2Fnet","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/go/golang.org%2Fx%2Fnet","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/go/golang.org%2Fx%2Fnet","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 55 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"miss","_response_ms":1587,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":11,"active_contributors_12m":15,"primary_author_ratio":0.53,"owner_account_age_days":4737,"is_archived":false,"stars":2994,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"Xamarin.AndroidX.Annotation.Experimental","occurrences":7}],"version_history_summary":{"total_versions":21,"first_release_age_days":null,"last_release_days_ago":23,"avg_days_between_releases":null,"release_velocity":"active"}}