Is kubevirt.io/kubevirt safe to use?

kubevirt.io/kubevirt has 4 known vulnerabilities on the latest version (v1.8.2). DepScope rates its health at 65/100 (moderate risk).

What is the latest version of kubevirt.io/kubevirt?

The latest version of kubevirt.io/kubevirt is v1.8.2, released 2026-04-20.

Does kubevirt.io/kubevirt have known vulnerabilities?

Yes. kubevirt.io/kubevirt has 4 known vulnerabilities. See depscope.dev/pkg/go/kubevirt.io/kubevirt for details.

Is kubevirt.io/kubevirt deprecated?

No, kubevirt.io/kubevirt is actively maintained. Latest release: v1.8.2 (2026-04-20).

What are alternatives to kubevirt.io/kubevirt?

DepScope has no curated alternatives for kubevirt.io/kubevirt at this time.

What license does kubevirt.io/kubevirt use?

kubevirt.io/kubevirt is licensed under Apache-2.0.

kubevirt.io/kubevirt

govv1.8.2

License Apache-2.0permissive331 versions0 deps

/ 100

Health

use with caution

kubevirt.io/[email protected] low health (65/100) — consider alternatives

Update to >= 1.6.0-beta.0.0.20250801202148-3ce9f41c54d0 to fix known vulnerabilities

Moderate health score (65/100) — verify manually

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

0/15

community

Vulnerabilities

4 low

Advisories (4)

Severity	ID	Summary	Fixed in
unknown	CVE-2024-31420	KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt	—
unknown	CVE-2024-33394	kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt	—
unknown	CVE-2025-64437	KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes in kubevirt.io/kubevirt	1.6.0-beta.0.0.20250801202148-3ce9f41c54d0
unknown	CVE-2025-14525	KubeVirt Guest Agent DoS via Excessive Network Interface Reports in kubevirt.io/kubevirt	—

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/kubevirt.io/kubevirt

Last updated · 2026-04-20T08:35:48Z

kubevirt.io/kubevirt

govv1.8.2

License Apache-2.0permissive331 versions0 deps

/ 100

Health

use with caution

kubevirt.io/[email protected] low health (65/100) — consider alternatives

Update to >= 1.6.0-beta.0.0.20250801202148-3ce9f41c54d0 to fix known vulnerabilities

Moderate health score (65/100) — verify manually

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

0/15

community

Vulnerabilities

4 low

Advisories (4)

Severity	ID	Summary	Fixed in
unknown	CVE-2024-31420	KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt	—
unknown	CVE-2024-33394	kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt	—
unknown	CVE-2025-64437	KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes in kubevirt.io/kubevirt	1.6.0-beta.0.0.20250801202148-3ce9f41c54d0
unknown	CVE-2025-14525	KubeVirt Guest Agent DoS via Excessive Network Interface Reports in kubevirt.io/kubevirt	—

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/kubevirt.io/kubevirt

Last updated · 2026-04-20T08:35:48Z