Go module

google.golang.org/grpc

v1.30.0-dev.1.0.20200604175613-ad51f572fd27

Newer version available

Security Advisories

19

In this package

Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc

GO-2023-2153

Similar advisories

HTTP/2 Stream Cancellation Attack

5.3 MODERATE·GHSA-qppj-fm5r-hxr3

gRPC-Go HTTP/2 Rapid Reset vulnerability

7.5 HIGH·GHSA-m425-mq94-257g

In the dependencies

Reset flood in net/http and golang.org/x/net/http

GO-2022-0536

Similar advisories

golang.org/x/net/http vulnerable to ping floods

7.5 HIGH·GHSA-hgr8-6h9x-f7q9

golang.org/x/net/http vulnerable to a reset flood

7.5 HIGH·GHSA-39qc-96h7-956f

Infinite loop when decoding some inputs in golang.org/x/text

GO-2020-0015

Similar advisories

golang.org/x/text Infinite loop

7.5 MODERATE·GHSA-5rcv-m4m3-hfh7

Out-of-bounds read in golang.org/x/text/language

GO-2021-0113

Similar advisories

golang.org/x/text/language Out-of-bounds Read vulnerability

7.5 HIGH·GHSA-ppp9-7jff-5vj2

Infinite loop when parsing inputs in golang.org/x/net/html

GO-2021-0238

Similar advisories

golang.org/x/net/html Infinite Loop vulnerability

7.5 HIGH·GHSA-83g2-8m93-v3w7

Panic due to large headers in net/http and golang.org/x/net/http/httpguts

GO-2022-0236

Similar advisories

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

5.9 MODERATE·GHSA-h86h-8ppg-mxmh

Incorrect privilege reporting in syscall and golang.org/x/sys/unix

GO-2022-0493

Similar advisories

golang.org/x/sys/unix has Incorrect privilege reporting in syscall

5.3 MODERATE·GHSA-p782-xgp4-8hr8

Denial of service in net/http and golang.org/x/net/http2

GO-2022-0969

Similar advisories

golang.org/x/net/http2 Denial of Service vulnerability

7.5 HIGH·GHSA-69cg-p879-7622

Denial of service via crafted Accept-Language header in golang.org/x/text/language

GO-2022-1059

Similar advisories

golang.org/x/text/language Denial of service via crafted Accept-Language header

7.5 HIGH·GHSA-69ch-w2m2-3vjp

Excessive memory growth in net/http and golang.org/x/net/http2

GO-2022-1144

Similar advisories

golang.org/x/net/http2 vulnerable to possible excessive memory growth

5.3 MODERATE·GHSA-xrjj-mj9h-534m

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1571

Similar advisories

golang.org/x/net vulnerable to Uncontrolled Resource Consumption

7.5 HIGH·GHSA-vvpx-j8f3-3w6h

Improper rendering of text nodes in golang.org/x/net/html

GO-2023-1988

Similar advisories

Improper rendering of text nodes in golang.org/x/net/html

6.1 MODERATE·GHSA-2wrh-6pvc-2jm9

HTTP/2 rapid reset can cause excessive work in net/http

GO-2023-2102

Similar advisories

HTTP/2 rapid reset can cause excessive work in net/http

7.5 HIGH·GHSA-4374-p667-p6c8

HTTP/2 CONTINUATION flood in net/http

GO-2024-2687

Similar advisories

net/http, x/net/http2: close connections when receiving too many headers

5.3 MODERATE·GHSA-4v7x-pqxf-cx7m

Vulnerability when creating log files in github.com/golang/glog

GO-2025-3372

Similar advisories

Insecure Temporary File usage in github.com/golang/glog

7.1 MODERATE·GHSA-6wxm-mpqj-6jpf

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3503

Similar advisories

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

4.4 MODERATE·GHSA-qxp5-gwg8-xv66

HTTP/2 Stream Cancellation Attack

5.3 MODERATE·GHSA-qppj-fm5r-hxr3

Unbounded memory growth in net/http and golang.org/x/net/http2

GO-2022-0288

Non-linear parsing of case-insensitive content in golang.org/x/net/html

GO-2024-3333

Unexpected memory consumption during token parsing in golang.org/x/oauth2

GO-2025-3488

Licenses

2

Learn more about license information.

Licenses

Apache-2.0

Dependency licenses

Dependencies

14

View all dependencies

Dependents

This package has no known dependents.

Analysis

Capabilities

Learn more about capability analysis results.

Direct12
Indirect10

View all capabilities

Package metadata as of March 9, 2025.

Published

June 4, 2020

Links

Origin: https://pkg.go.dev/google.golang.org/grpc@v1.30.0-dev.1.0.20200604175613-ad51f572fd27
Repo: https://github.com/grpc/grpc-go

Projects

grpc/grpc-go

GitHub

The Go language implementation of gRPC. HTTP/2 based RPC

4k forks

22k stars

OpenSSF scorecard

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

View information about checks and how to fix failures.

Score

8.3/10

Scorecard as of March 24, 2025.

Code-Review

10/10

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

Reasoning

all changesets reviewed

Maintained

10/10

Determines if the project is "actively maintained".

Reasoning

30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10

Security-Policy

9/10

Determines if the project has published a security policy.

Reasoning

security policy file detected

Dangerous-Workflow

10/10

Determines if the project's GitHub Action workflows avoid dangerous patterns.

Reasoning

no dangerous workflow patterns detected

CII-Best-Practices

0/10

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

Reasoning

no effort to earn an OpenSSF best practices badge detected

Token-Permissions

10/10

Determines if the project's workflows follow the principle of least privilege.

Reasoning

GitHub workflow tokens follow principle of least privilege

License

10/10

Determines if the project has defined a license.

Reasoning

license file detected

Binary-Artifacts

10/10

Determines if the project has generated executable (binary) artifacts in the source repository.

Reasoning

no binaries found in the repo

Fuzzing

10/10

Determines if the project uses fuzzing.

Reasoning

project is fuzzed

Pinned-Dependencies

0/10

Determines if the project has declared and pinned the dependencies of its build process.

Reasoning

dependency not pinned by hash detected -- score normalized to 0

SAST

7/10

Determines if the project uses static code analysis.

Reasoning

SAST tool detected but not run on all commits

Vulnerabilities

6/10

Determines if the project has open, known unfixed vulnerabilities.

Reasoning

4 existing vulnerabilities detected

Project metadata as of March 29, 2025.

This site uses cookies from Google to deliver its services and to analyze traffic.

Pinned-Dependencies

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/codeql-analysis.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/codeql-analysis.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/codeql-analysis.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/coverage.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/coverage.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/coverage.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/deps.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/deps.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/lock.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/release.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/release.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/release.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/stale.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin

Warn: containerImage not pinned by hash: examples/features/csm_observability/client/Dockerfile:18

Warn: containerImage not pinned by hash: examples/features/csm_observability/client/Dockerfile:30: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Warn: containerImage not pinned by hash: examples/features/csm_observability/server/Dockerfile:19

Warn: containerImage not pinned by hash: examples/features/csm_observability/server/Dockerfile:29: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Warn: containerImage not pinned by hash: interop/observability/Dockerfile:20

Warn: containerImage not pinned by hash: interop/observability/Dockerfile:39: pin your Docker image by updating golang:1.23-bullseye to golang:1.23-bullseye@sha256:15c182db16ffc2d7abc4db2b09f468129b9adec2f7c2ddaa0c909d8cb06f13b5

Warn: containerImage not pinned by hash: interop/xds/client/Dockerfile:19

Warn: containerImage not pinned by hash: interop/xds/client/Dockerfile:32: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Warn: containerImage not pinned by hash: interop/xds/server/Dockerfile:19

Warn: containerImage not pinned by hash: interop/xds/server/Dockerfile:32: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Warn: goCommand not pinned by hash: scripts/regenerate.sh:34

Warn: goCommand not pinned by hash: scripts/vet.sh:26

Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned

Info: 0 out of 2 third-party GitHubAction dependencies pinned

Info: 0 out of 10 containerImage dependencies pinned

Info: 1 out of 3 goCommand dependencies pinned