Is cowlib safe to use?

cowlib has 5 known vulnerabilities on the latest version (2.17.1). DepScope rates its health at 42/100 (high risk).

What is the latest version of cowlib?

The latest version of cowlib is 2.17.1, released 2026-06-11.

Does cowlib have known vulnerabilities?

Yes. cowlib has 5 known vulnerabilities. See depscope.dev/pkg/hex/cowlib for details.

What are alternatives to cowlib?

DepScope has no curated alternatives for cowlib at this time.

cowlib

hexv2.17.1deprecated

Support library for manipulating Web protocols.

License ISCpermissive35 versions3 maintainers0 deps316,180 weekly dl

ninenines/cowlib

/ 100

Health

find alternative

cowlib is deprecated — find an alternative

Update to >= a4b8039ce8c93ab00867ef6b7e888822c09f4369 to fix known vulnerabilities

Moderate health score (42/100) — verify manually
2 high severity vulnerabilities
Package is deprecated

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

11/25

security

15/15

maturity

7/15

community

Vulnerabilities

2 high2 medium1 low

Advisories (5)

Severity	ID	Summary	Fixed in
medium	CVE-2026-43966	HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2	—
medium	CVE-2026-43968	CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1	6165fc40efa159ba1cceee7e7981e790acba5d9c
low	CVE-2026-43969	Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1	—
high	CVE-2026-43970	Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame	16aad3fb9f81f5cda4d1706ff0c54237c619c282
high	CVE-2026-7790	Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS	a4b8039ce8c93ab00867ef6b7e888822c09f4369

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

1

Primary author dominance

100%

GitHub stars

292

single active maintainer 3msingle author dominance

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/hex/cowlib

First published · 2014-08-01T16:06:22.000000Z

Last updated · 2026-06-11T07:48:06.521873Z

Severity

Summary

Fixed in

medium

CVE-2026-43966

HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

—

medium

CVE-2026-43968

CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

6165fc40efa159ba1cceee7e7981e790acba5d9c

low

CVE-2026-43969

Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

—

high

CVE-2026-43970

Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

16aad3fb9f81f5cda4d1706ff0c54237c619c282

high

CVE-2026-7790

Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

a4b8039ce8c93ab00867ef6b7e888822c09f4369