Is github.com/go-pg/pg safe to use?

github.com/go-pg/pg has 2 known vulnerabilities on the latest version (v8.0.7+incompatible). DepScope rates its health at 54/100 (high risk).

What is the latest version of github.com/go-pg/pg?

The latest version of github.com/go-pg/pg is v8.0.7+incompatible, released 2020-06-18.

Yes. github.com/go-pg/pg has 2 known vulnerabilities. See depscope.dev/pkg/go/github.com/go-pg/pg for details.

No, github.com/go-pg/pg is actively maintained. Latest release: v8.0.7+incompatible (2020-06-18).

DepScope has no curated alternatives for github.com/go-pg/pg at this time.

github.com/go-pg/pg is licensed under BSD-2-Clause.

govv8.0.7+incompatible

Golang ORM with focus on PostgreSQL features and performance

License BSD-2-Clausepermissive267 versions74 maintainers0 deps5,783 weekly dl

/ 100

Health

safe to use

github.com/go-pg/[email protected]+incompatible is safe to use (health: 54/100)

Update to >= 10.15.0 to fix known vulnerabilities

Health breakdown0 – 100

0/25

maintenance

6/20

popularity

23/25

security

15/15

maturity

10/15

community

Vulnerabilities

1 medium1 low

Advisories (2)

Severity	ID	Summary	Fixed in
medium	CVE-2024-44905	go-pg SQL injection vulnerability via the component /types/append_value.go	10.15.0
unknown	CVE-2024-44905	SQL injection vulnerability via the component /types/append_value.go in github.com/go-pg/pg	10.15.0

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/go-pg/pg

Last updated · 2020-06-18T07:30:38Z