Is k8s.io/apimachinery safe to use?

k8s.io/apimachinery has 3 known vulnerabilities on the latest version (v0.36.0). DepScope rates its health at 58/100 (high risk).

What is the latest version of k8s.io/apimachinery?

The latest version of k8s.io/apimachinery is v0.36.0, released 2026-04-22.

Yes. k8s.io/apimachinery has 3 known vulnerabilities. See depscope.dev/pkg/go/k8s.io/apimachinery for details.

No, k8s.io/apimachinery is actively maintained. Latest release: v0.36.0 (2026-04-22).

DepScope has no curated alternatives for k8s.io/apimachinery at this time.

k8s.io/apimachinery is licensed under Apache-2.0.

govv0.36.0

License Apache-2.0permissive624 versions0 deps

/ 100

Health

update required

k8s.io/[email protected] has vulnerabilities — update to latest

Update to >= 0.0.0-20190927203648-9ce6eca90e73 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

18/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 high1 medium

Advisories (3)

Severity	ID	Summary	Fixed in
medium	CVE-2020-8559	Privilege Escalation in Kubernetes	1.18.7
high	GO-2022-0965	Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing	0.0.0-20190927203648-9ce6eca90e73
unknown	GHSA-74fp-r6jw-h4mp	Unbounded recursion in JSON parsing in k8s.io/apimachinery	0.0.0-20190927203648-9ce6eca90e73

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/k8s.io/apimachinery

Last updated · 2026-04-22T18:20:11Z