Vulnerabilities in golang/crypto < 0.35.0 and golang/net < 0.38.0 #87

Open

opened

on May 12, 2025

Two of the golang packages used in this action contains vulnerabilities. Would really appreciate if these could be patched soon 🙏

uses: appleboy/lambda-action@v0.2.0

Critical severity vulnerabilities .. 🔥

Vulnerability	Package
GHSA-v778-237x-gjrc	pkg:golang/golang.org/x/crypto@v0.22.0

High severity vulnerabilities .. ⚠️

Vulnerability	Package
GHSA-hcg3-q754-cr77	pkg:golang/golang.org/x/crypto@v0.22.0

Medium severity vulnerabilities ..

Vulnerability	Package
GHSA-qxp5-gwg8-xv66	pkg:golang/golang.org/x/net@v0.24.0
GHSA-vvgc-356p-c3xw	pkg:golang/golang.org/x/net@v0.24.0

Metadata

Assignees

No one assigned

Labels

No labels

No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests