depscope
Packages
IntegrateAPI DocsCuratorBenchmarkCoverage
Sign inGet API access

Related on DepScope

Known bugs
28 non-CVE bugs →
More
  • All Go packages →
  • Breaking changes index →
  • Bug index →
  • AI hallucination corpus →
depscope/go/golang.org/x/crypto

golang.org/x/crypto

govv0.50.0

License BSD-3-Clausepermissive50 versions0 deps
golang/crypto
37
/ 100
Health
update required

golang.org/x/[email protected] has vulnerabilities — update to latest

Update to >= 0.0.0-20220525230936-793ad666bf5e to fix known vulnerabilities

  • Moderate health score (37/100) — verify manually
  • 6 high severity vulnerabilities
Health breakdown0 – 100
25/25
maintenance
0/20
popularity
0/25
security
12/15
maturity
0/15
community
Vulnerabilities
18
6 high3 medium9 low
Advisories (18)
SeverityIDSummaryFixed in
highCVE-2020-29652golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability0.0.0-20201216223049-8b5274cf687f
mediumCVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin0.0.0-20231218163308-9d2ee975ef9f
highCVE-2022-27191golang.org/x/crypto/ssh Denial of service via crafted Signer0.0.0-20220314234659-1baeb1ce4c0b
highBIT-golang-2020-7919Helm uses crypto package vulnerable to panic from malformed X.509 certificate0.0.0-20200124225646-8b5121be2f68
highCVE-2020-9283Improper Verification of Cryptographic Signature in golang.org/x/crypto0.0.0-20200220183623-bac4c82f6975
highCVE-2021-43565x/crypto/ssh vulnerable to panic via malformed packets0.0.0-20211202192323-5770296d904e
mediumCVE-2019-11840golang.org/x/crypto/salsa20/salsa uses insufficiently random values0.0.0-20190320223903-b7391e95e576
mediumCVE-2019-11841Golang/x/crypto message forgery vulnerability0.0.0-20190424203555-c05e17bb3b2d
highCVE-2017-3204golang.org/x/crypto/ssh Man-in-the-Middle attack0.0.0-20170330155735-e4e2799dd7aa
unknownCVE-2020-9283Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh0.0.0-20200220183623-bac4c82f6975
unknownCVE-2017-3204Man-in-the-middle attack in golang.org/x/crypto/ssh0.0.0-20170330155735-e4e2799dd7aa
unknownCVE-2020-29652Panic on crafted authentication request message in golang.org/x/crypto/ssh0.0.0-20201216223049-8b5274cf687f
unknownCVE-2022-27191Denial of service via crafted Signer in golang.org/x/crypto/ssh0.0.0-20220314234659-1baeb1ce4c0b
unknownCVE-2019-11840Insufficiently random values in golang.org/x/crypto/salsa200.0.0-20190320223903-b7391e95e576
unknownBIT-golang-2020-7919Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte0.0.0-20200124225646-8b5121be2f68
unknownCVE-2021-43565Panic on malformed packets in golang.org/x/crypto/ssh0.0.0-20211202192323-5770296d904e
unknownCVE-2019-11841Misleading message verification in golang.org/x/crypto/openpgp/clearsign0.0.0-20190424203555-c05e17bb3b2d
unknownCVE-2022-30636Limited directory traversal vulnerability on Windows in golang.org/x/crypto0.0.0-20220525230936-793ad666bf5e
Threat intelligence
1 likely exploited (EPSS ≥ 0.5)
Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.
Maintainer trust
Active maintainers (3m)
5
Contributors (12m)
14
Primary author dominance
30%
GitHub stars
3,314

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/golang.org/x/crypto

Last updated · 2026-04-09T15:33:22Z

DepScope

Package intelligence for AI agents. 19 ecosystems.

Resources
API DocumentationHallucination BenchmarkFor EnterpriseSwagger / OpenAPIPopular PackagesCoverageAI Plugin SetupWatch the pitch (60s)
Legal
Legal hubPrivacy PolicyTerms of ServiceCookie PolicyAcceptable UseAttributionDPASub-processorsSecurityImprintContact中文
© 2026 Cuttalo srl — Italy · VAT IT03242390734Built for AI agents