Go module
github.com/yunify/qingcloud-csi
history
arrow_drop_downv1.3.0
Newer version availablewarning
Warning
We found errors while resolving dependencies that may result in an incomplete or inaccurate dependency graph.
Show details
- could not find module for package import: github.com/yunify/qingcloud-sdk-go/client
- could not find module for package import: github.com/yunify/qingcloud-sdk-go/config
- could not find module for package import: github.com/yunify/qingcloud-sdk-go/service
Security Advisories
58
In the dependencies
Similar advisories
golang.org/x/net/http vulnerable to ping floods
7.5 HIGH·GHSA-hgr8-6h9x-f7q9
golang.org/x/net/http vulnerable to a reset flood
7.5 HIGH·GHSA-39qc-96h7-956f
Similar advisories
HTTP/2 Stream Cancellation Attack
5.3 MODERATE·GHSA-qppj-fm5r-hxr3
gRPC-Go HTTP/2 Rapid Reset vulnerability
7.5 HIGH·GHSA-m425-mq94-257g
Similar advisories
Improper Verification of Cryptographic Signature in golang.org/x/crypto
7.5 HIGH·GHSA-ffhg-7mh4-33c4
Similar advisories
golang.org/x/text Infinite loop
7.5 MODERATE·GHSA-5rcv-m4m3-hfh7
Similar advisories
Excessive Platform Resource Consumption within a Loop in Kubernetes
6.5 MODERATE·GHSA-wxc4-f4m6-wwqv
Similar advisories
Improper Input Validation in GoGo Protobuf
8.6 HIGH·GHSA-c3h9-896r-86jm
Similar advisories
YAML Go package vulnerable to denial of service
5.5 MODERATE·GHSA-r88r-gmrh-7j83
Similar advisories
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
4.7 MODERATE·GHSA-8cfg-vx93-jvxw
Similar advisories
Kubernetes client-go library logs may disclose credentials to unauthorized users
6.5 MODERATE·GHSA-jmrx-5g74-6v2f
Similar advisories
Kubernetes Sensitive Information leak via Log File
4.7 MODERATE·GHSA-8mjg-8c8g-6h85
Similar advisories
golang.org/x/text/language Out-of-bounds Read vulnerability
7.5 HIGH·GHSA-ppp9-7jff-5vj2
Similar advisories
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
7.5 HIGH·GHSA-3vm4-22fp-5rfm
Similar advisories
golang.org/x/net/html Infinite Loop vulnerability
7.5 HIGH·GHSA-83g2-8m93-v3w7
Similar advisories
golang.org/x/crypto/ssh Denial of service via crafted Signer
7.5 HIGH·GHSA-8c26-wmh5-6g9v
Similar advisories
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
7.5 HIGH·GHSA-cjjc-xp8v-855w
Similar advisories
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
5.9 MODERATE·GHSA-h86h-8ppg-mxmh
Similar advisories
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
5.3 MODERATE·GHSA-p782-xgp4-8hr8
Similar advisories
XML Entity Expansion and Improper Input Validation in Kubernetes API server
7.5 HIGH·GHSA-pmqp-h87c-mr78
Similar advisories
Improper Authentication in Kubernetes
8.8 HIGH·GHSA-wqv3-8cm6-h6wg
Similar advisories
Server Side Request Forgery (SSRF) in Kubernetes
6.3 MODERATE·GHSA-x6mj-w4jf-jmgw
Similar advisories
Access Restriction Bypass in kube-apiserver
6.5 MODERATE·GHSA-g42g-737j-qx6j
Similar advisories
Files or Directories Accessible to External Parties in kubernetes
8.1 HIGH·GHSA-f5f7-6478-qm6p
Similar advisories
yaml package for Go can consume excessive amounts of CPU or memory
7.5 HIGH·GHSA-6q6q-88xp-6f2r
Similar advisories
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
7.5 HIGH·GHSA-74fp-r6jw-h4mp
Similar advisories
x/crypto/ssh vulnerable to panic via malformed packets
7.5 HIGH·GHSA-gwc9-m7rh-j2ww
Similar advisories
golang.org/x/net/http2 Denial of Service vulnerability
7.5 HIGH·GHSA-69cg-p879-7622
Similar advisories
kubectl ANSI escape characters not filtered
3 LOW·GHSA-f9jg-8p32-2f55
Similar advisories
golang.org/x/text/language Denial of service via crafted Accept-Language header
7.5 HIGH·GHSA-69ch-w2m2-3vjp
Similar advisories
golang.org/x/net/http2 vulnerable to possible excessive memory growth
5.3 MODERATE·GHSA-xrjj-mj9h-534m
Similar advisories
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
7.5 HIGH·GHSA-vvpx-j8f3-3w6h
Similar advisories
Kubelet vulnerable to bypass of seccomp profile enforcement
4.4 MODERATE·GHSA-xc8m-28vv-4pjc
Similar advisories
kube-apiserver vulnerable to policy bypass
6.5 MODERATE·GHSA-qc2g-gmh6-95p4
Similar advisories
Kubernetes mountable secrets policy bypass
6.5 MODERATE·GHSA-cgcv-5272-97pr
Similar advisories
Improper rendering of text nodes in golang.org/x/net/html
6.1 MODERATE·GHSA-2wrh-6pvc-2jm9
Similar advisories
HTTP/2 rapid reset can cause excessive work in net/http
7.5 HIGH·GHSA-4374-p667-p6c8
Similar advisories
Kube-proxy may unintentionally forward traffic
5.8 MODERATE·GHSA-35c7-w35f-xwgh
Similar advisories
Kubernetes Improper Input Validation vulnerability
8.8 HIGH·GHSA-hq6q-c2x6-hmch
Similar advisories
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
5.9 MODERATE·GHSA-45x7-px36-x8w8
Similar advisories
net/http, x/net/http2: close connections when receiving too many headers
5.3 MODERATE·GHSA-4v7x-pqxf-cx7m
Similar advisories
Similar advisories
Privilege Escalation in Kubernetes
6.8 MODERATE·GHSA-33c5-9fx5-fvjm
Similar advisories
Kubernetes sets incorrect permissions on Windows containers logs
6.1 HIGH·GHSA-82m2-cv7p-4m75
Similar advisories
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
7.7 HIGH·GHSA-h7wq-jj8r-qm7p
Similar advisories
Kubernetes kubelet arbitrary command execution
8.1 HIGH·GHSA-27wf-5967-98gx
Similar advisories
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
9.1 CRITICAL·GHSA-v778-237x-gjrc
Similar advisories
Non-linear parsing of case-insensitive content in golang.org/x/net/html
HIGH·GHSA-w32m-9786-jp63
Confused Deputy in Kubernetes
4.1 MODERATE·GHSA-74j8-88mm-7496
Unverified Ownership in Kubernetes
5 MODERATE·GHSA-j9wf-vvm6-4r9w
Potential proxy IP restriction bypass in Kubernetes
3.1 LOW·GHSA-qh36-44jv-c8xj
Confused Deputy in Kubernetes
3.1 LOW·GHSA-vw47-mr44-3jf9
Dependents
This package has no known dependents.
Package metadata as of .
Links
- Origin
- Repo
Projects
yunify/qingcloud-csi
GitHub
Kubernetes volume plugin based on CSI specification which support block storage of qingcloud
call_split 23 forks
star 38 stars
OpenSSF scorecard
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
View information about checks and how to fix failures.
Score
3/10
Scorecard as of .
Maintained
0/10
Determines if the project is "actively maintained".
Reasoning
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review
5/10
Determines if the project requires human code review before pull requests (aka merge requests) are merged.
Reasoning
Found 8/14 approved changesets -- score normalized to 5
Dangerous-Workflow
10/10
Determines if the project's GitHub Action workflows avoid dangerous patterns.
Reasoning
no dangerous workflow patterns detected
Token-Permissions
0/10
Determines if the project's workflows follow the principle of least privilege.
Reasoning
detected GitHub workflow tokens with excessive permissions
CII-Best-Practices
0/10
Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
Reasoning
no effort to earn an OpenSSF best practices badge detected
Security-Policy
0/10
Determines if the project has published a security policy.
Reasoning
security policy file not detected
License
10/10
Determines if the project has defined a license.
Reasoning
license file detected
Fuzzing
0/10
Determines if the project uses fuzzing.
Reasoning
project is not fuzzed
Binary-Artifacts
10/10
Determines if the project has generated executable (binary) artifacts in the source repository.
Reasoning
no binaries found in the repo
Branch-Protection
0/10
Determines if the default and release branches are protected with GitHub's branch protection settings.
Reasoning
branch protection not enabled on development/release branches
Pinned-Dependencies
0/10
Determines if the project has declared and pinned the dependencies of its build process.
Reasoning
dependency not pinned by hash detected -- score normalized to 0
SAST
0/10
Determines if the project uses static code analysis.
Reasoning
SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities
0/10
Determines if the project has open, known unfixed vulnerabilities.
Reasoning
47 existing vulnerabilities detected
Project metadata as of .