Is go.etcd.io/etcd/v3 safe to use?

go.etcd.io/etcd/v3 has 4 known vulnerabilities on the latest version (v3.6.11). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of go.etcd.io/etcd/v3?

The latest version of go.etcd.io/etcd/v3 is v3.6.11, released 2026-05-01.

Does go.etcd.io/etcd/v3 have known vulnerabilities?

Yes. go.etcd.io/etcd/v3 has 4 known vulnerabilities. See depscope.dev/pkg/go/go.etcd.io/etcd/v3 for details.

Is go.etcd.io/etcd/v3 deprecated?

No, go.etcd.io/etcd/v3 is actively maintained. Latest release: v3.6.11 (2026-05-01).

What are alternatives to go.etcd.io/etcd/v3?

DepScope has no curated alternatives for go.etcd.io/etcd/v3 at this time.

What license does go.etcd.io/etcd/v3 use?

go.etcd.io/etcd/v3 is licensed under Apache-2.0.

go.etcd.io/etcd/v3

govv3.6.11

License Apache-2.0permissive222 versions0 deps

/ 100

Health

update required

go.etcd.io/etcd/[email protected] has vulnerabilities — update to latest

Update to >= 0.5.0-alpha.5.0.20190108173120-83c051b701d3 to fix known vulnerabilities

Moderate health score (60/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

20/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 high3 low

Advisories (4)

Severity	ID	Summary	Fixed in
high	CVE-2018-16886	go.etcd.io/etcd Authentication Bypass	0.5.0-alpha.5.0.20190108173120-83c051b701d3
unknown	GHSA-j86v-2vjr-fg8f	Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd	—
unknown	GHSA-pm3m-32r3-7mfh	Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd	—
unknown	GHSA-vjg6-93fv-qv64	Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd	—

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/go.etcd.io/etcd/v3

Last updated · 2026-05-01T18:50:30Z