$ go run golang.org/x/vuln/cmd/govulncheck@latest -scan=module -show=version -C ./cmd/cdc
go: golang.org/x/vuln@v1.2.0 requires go >= 1.25.0; switching to go1.25.9
Go: go1.25.9
Scanner: govulncheck@v1.2.0
DB: https://vuln.go.dev
DB updated: 2026-04-16 22:21:13 +0000 UTC
=== Module Results ===
Vulnerability #1: GO-2026-4762
Authorization bypass in gRPC-Go via missing leading slash in :path in
google.golang.org/grpc
More info: https://pkg.go.dev/vuln/GO-2026-4762
Module: google.golang.org/grpc
Found in: google.golang.org/grpc@v1.65.0
Fixed in: google.golang.org/grpc@v1.79.3
Vulnerability #2: GO-2026-4503
Invalid result or undefined behavior in filippo.io/edwards25519
More info: https://pkg.go.dev/vuln/GO-2026-4503
Module: filippo.io/edwards25519
Found in: filippo.io/edwards25519@v1.1.0
Fixed in: filippo.io/edwards25519@v1.1.1
Vulnerability #3: GO-2026-4441
Infinite parsing loop in golang.org/x/net
More info: https://pkg.go.dev/vuln/GO-2026-4441
Module: golang.org/x/net
Found in: golang.org/x/net@v0.43.0
Fixed in: golang.org/x/net@v0.45.0
Vulnerability #4: GO-2026-4440
Quadratic parsing complexity in golang.org/x/net/html
More info: https://pkg.go.dev/vuln/GO-2026-4440
Module: golang.org/x/net
Found in: golang.org/x/net@v0.43.0
Fixed in: golang.org/x/net@v0.45.0
Vulnerability #5: GO-2026-4394
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH
Hijacking in go.opentelemetry.io/otel/sdk
More info: https://pkg.go.dev/vuln/GO-2026-4394
Module: go.opentelemetry.io/otel/sdk
Found in: go.opentelemetry.io/otel/sdk@v1.24.0
Fixed in: go.opentelemetry.io/otel/sdk@v1.40.0
Vulnerability #6: GO-2025-4135
Malformed constraint may cause denial of service in
golang.org/x/crypto/ssh/agent
More info: https://pkg.go.dev/vuln/GO-2025-4135
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.41.0
Fixed in: golang.org/x/crypto@v0.45.0
Vulnerability #7: GO-2025-4134
Unbounded memory consumption in golang.org/x/crypto/ssh
More info: https://pkg.go.dev/vuln/GO-2025-4134
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.41.0
Fixed in: golang.org/x/crypto@v0.45.0
Vulnerability #8: GO-2025-4123
Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high
compression ratio in github.com/dvsekhvalnov/jose2go
More info: https://pkg.go.dev/vuln/GO-2025-4123
Module: github.com/dvsekhvalnov/jose2go
Found in: github.com/dvsekhvalnov/jose2go@v1.6.0
Fixed in: github.com/dvsekhvalnov/jose2go@v1.7.0
Vulnerability #9: GO-2025-4116
Potential denial of service in golang.org/x/crypto/ssh/agent
More info: https://pkg.go.dev/vuln/GO-2025-4116
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.41.0
Fixed in: golang.org/x/crypto@v0.43.0
Vulnerability #10: GO-2024-3284
PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb
More info: https://pkg.go.dev/vuln/GO-2024-3284
Module: github.com/pingcap/tidb
Found in: github.com/pingcap/tidb@v1.1.0-beta.0.20251121075944-8f2630e53d5d
Fixed in: N/A
Vulnerability #11: GO-2022-0646
CBC padding oracle issue in AWS S3 Crypto SDK for golang in
github.com/aws/aws-sdk-go
More info: https://pkg.go.dev/vuln/GO-2022-0646
Module: github.com/aws/aws-sdk-go
Found in: github.com/aws/aws-sdk-go@v1.55.5
Fixed in: N/A
Vulnerability #12: GO-2022-0635
In-band key negotiation issue in AWS S3 Crypto SDK for golang in
github.com/aws/aws-sdk-go
More info: https://pkg.go.dev/vuln/GO-2022-0635
Module: github.com/aws/aws-sdk-go
Found in: github.com/aws/aws-sdk-go@v1.55.5
Fixed in: N/A
Your code may be affected by 12 vulnerabilities.
