Is k8s.io/client-go safe to use?

k8s.io/client-go has 2 known vulnerabilities on the latest version (v0.36.0). DepScope rates its health at 61/100 (moderate risk).

What is the latest version of k8s.io/client-go?

The latest version of k8s.io/client-go is v0.36.0, released 2026-04-22.

Does k8s.io/client-go have known vulnerabilities?

Yes. k8s.io/client-go has 2 known vulnerabilities. See depscope.dev/pkg/go/k8s.io/client-go for details.

Is k8s.io/client-go deprecated?

No, k8s.io/client-go is actively maintained. Latest release: v0.36.0 (2026-04-22).

What are alternatives to k8s.io/client-go?

DepScope has no curated alternatives for k8s.io/client-go at this time.

What license does k8s.io/client-go use?

k8s.io/client-go is licensed under Apache-2.0.

k8s.io/client-go

govv0.36.0

License Apache-2.0permissive643 versions0 deps

/ 100

Health

use with caution

k8s.io/[email protected] low health (61/100) — consider alternatives

Update to >= 1.16.0-beta.1 to fix known vulnerabilities

Moderate health score (61/100) — verify manually

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

21/25

security

15/15

maturity

0/15

community

Vulnerabilities

2 medium

Advisories (2)

Severity	ID	Summary	Fixed in
medium	CVE-2020-8565	Kubernetes client-go vulnerable to Sensitive Information Leak via Log File	1.20.0-alpha.2
medium	CVE-2019-11250	Kubernetes client-go library logs may disclose credentials to unauthorized users	1.16.0-beta.1

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/k8s.io/client-go

Last updated · 2026-04-22T18:35:58Z