Question 1

Is github.com/k3s-io/k3s safe to use?

Accepted Answer

github.com/k3s-io/k3s has 2 known vulnerabilities on the latest version (v1.0.1). DepScope rates its health at 58/100 (high risk).

Question 2

What is the latest version of github.com/k3s-io/k3s?

Accepted Answer

The latest version of github.com/k3s-io/k3s is v1.0.1, released 2019-12-18.

Question 3

Does github.com/k3s-io/k3s have known vulnerabilities?

Accepted Answer

Yes. github.com/k3s-io/k3s has 2 known vulnerabilities. See depscope.dev/pkg/go/github.com/k3s-io/k3s for details.

Question 4

Is github.com/k3s-io/k3s deprecated?

Accepted Answer

No, github.com/k3s-io/k3s is actively maintained. Latest release: v1.0.1 (2019-12-18).

Question 5

What are alternatives to github.com/k3s-io/k3s?

Accepted Answer

DepScope has no curated alternatives for github.com/k3s-io/k3s at this time.

Question 6

What license does github.com/k3s-io/k3s use?

Accepted Answer

License information for github.com/k3s-io/k3s is not declared in the registry metadata.

Severity	ID	Summary	Fixed in
high	CVE-2023-32187	K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack	1.28.1
unknown	CVE-2025-46599	CNCF K3s Kubernetes kubelet configuration exposes credentials in github.com/k3s-io/k3s	—

github.com/k3s-io/k3s