Is github.com/go-acme/lego/v3 safe to use?

github.com/go-acme/lego/v3 has 2 known vulnerabilities on the latest version (v3.9.0). DepScope rates its health at 40/100 (high risk).

What is the latest version of github.com/go-acme/lego/v3?

The latest version of github.com/go-acme/lego/v3 is v3.9.0, released 2020-09-01.

Does github.com/go-acme/lego/v3 have known vulnerabilities?

Yes. github.com/go-acme/lego/v3 has 2 known vulnerabilities. See depscope.dev/pkg/go/github.com/go-acme/lego/v3 for details.

Is github.com/go-acme/lego/v3 deprecated?

No, github.com/go-acme/lego/v3 is actively maintained. Latest release: v3.9.0 (2020-09-01).

What are alternatives to github.com/go-acme/lego/v3?

DepScope has no curated alternatives for github.com/go-acme/lego/v3 at this time.

What license does github.com/go-acme/lego/v3 use?

github.com/go-acme/lego/v3 is licensed under MIT.

github.com/go-acme/lego/v3

govv3.9.0

Let's Encrypt/ACME client and library written in Go

License MITpermissive13 versions441 maintainers0 deps9,496 weekly dl

go-acme/lego/v3

/ 100

Health

update required

github.com/go-acme/lego/[email protected] has vulnerabilities — update to latest

Update to >= 4.34.0 to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

6/20

popularity

20/25

security

9/15

maturity

5/15

community

Vulnerabilities

1 high1 low

Advisories (2)

Severity	ID	Summary	Fixed in
low	CVE-2025-54799	github.com/go-acme/lego/v4/acme/api does not enforce HTTPS	4.25.2
high	CVE-2026-40611	ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider	4.34.0

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/go-acme/lego/v3

Last updated · 2020-09-01T12:50:59Z