Is github.com/dagu-org/dagu safe to use?

github.com/dagu-org/dagu has 7 known vulnerabilities on the latest version (v1.30.3). DepScope rates its health at 41/100 (high risk).

What is the latest version of github.com/dagu-org/dagu?

The latest version of github.com/dagu-org/dagu is v1.30.3, released 2026-01-04.

Does github.com/dagu-org/dagu have known vulnerabilities?

Yes. github.com/dagu-org/dagu has 7 known vulnerabilities. See depscope.dev/pkg/go/github.com/dagu-org/dagu for details.

Is github.com/dagu-org/dagu deprecated?

No, github.com/dagu-org/dagu is actively maintained. Latest release: v1.30.3 (2026-01-04).

What are alternatives to github.com/dagu-org/dagu?

DepScope has no curated alternatives for github.com/dagu-org/dagu at this time.

What license does github.com/dagu-org/dagu use?

github.com/dagu-org/dagu is licensed under GPL-3.0.

github.com/dagu-org/dagu

govv1.30.3

Self-hosted workflow engine for scripts, cron jobs, containers, and ops automation. YAML workflows, retries, logs, approvals, and optional distributed workers.

License GPL-3.0strong copyleft219 versions73 maintainers0 deps3,324 weekly dl

dagu-org/dagu

/ 100

Health

do not use

github.com/dagu-org/dagu has critical vulnerabilities — do not use

Update to >= 1.30.4-0.20260319093346-7d07fda8f9de to fix known vulnerabilities

1 high severity vulnerabilities
2 critical vulnerabilities

Health breakdown0 – 100

15/25

maintenance

6/20

popularity

0/25

security

15/15

maturity

5/15

community

Vulnerabilities

2 critical1 high4 low

Advisories (7)

Severity	ID	Summary	Fixed in
critical	GO-2026-4527	Dagu affected by unauthenticated RCE via inline DAG spec in default configuration	—
critical	CVE-2026-31886	Dagu: Path Traversal via `dagRunId` in Inline DAG Execution	—
high	CVE-2026-33344	Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG	1.30.4-0.20260319093346-7d07fda8f9de
unknown	GHSA-6qr9-g2xw-cw92	Dagu affected by unauthenticated RCE via inline DAG spec in default configuration in github.com/dagu-org/dagu	—
unknown	CVE-2026-27598	Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory in github.com/dagu-org/dagu	—
unknown	CVE-2026-31886	Dagu: Path Traversal via `dagRunId` in Inline DAG Execution in github.com/dagu-org/dagu	—
unknown	CVE-2026-33344	Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG in github.com/dagu-org/dagu	1.30.4-0.20260319093346-7d07fda8f9de

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/dagu-org/dagu

Last updated · 2026-01-04T11:22:59Z