Checking nixpkg agebox
Scanning your code and 182 packages across 17 dependent modules for known vulnerabilities...
=== Symbol Results ===
Vulnerability #1: GO-2022-0956
Excessive resource consumption in gopkg.in/yaml.v2
More info: https://pkg.go.dev/vuln/GO-2022-0956
Module: gopkg.in/yaml.v2
Found in: gopkg.in/yaml.v2@v2.2.2
Fixed in: gopkg.in/yaml.v2@v2.2.4
Example traces found:
#1: internal/storage/fs/track.go:74:22: fs.TrackRepository.GetSecretRegistry calls yaml.Unmarshal, which eventually calls yaml.Unmarshal
Vulnerability #2: GO-2021-0061
Denial of service in gopkg.in/yaml.v2
More info: https://pkg.go.dev/vuln/GO-2021-0061
Module: gopkg.in/yaml.v2
Found in: gopkg.in/yaml.v2@v2.2.2
Fixed in: gopkg.in/yaml.v2@v2.2.3
Example traces found:
#1: internal/storage/fs/track.go:74:22: fs.TrackRepository.GetSecretRegistry calls yaml.Unmarshal, which eventually calls yaml.Unmarshal
Vulnerability #3: GO-2020-0036
Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
More info: https://pkg.go.dev/vuln/GO-2020-0036
Module: gopkg.in/yaml.v2
Found in: gopkg.in/yaml.v2@v2.2.2
Fixed in: gopkg.in/yaml.v2@v2.2.8
Example traces found:
#1: internal/storage/fs/track.go:74:22: fs.TrackRepository.GetSecretRegistry calls yaml.Unmarshal, which eventually calls yaml.Unmarshal
Your code is affected by 3 vulnerabilities from 1 module.
This scan also found 5 vulnerabilities in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
Fixes the following vulnerabilities found during a scan:
https://pkg.go.dev/vuln/GO-2022-0956 https://pkg.go.dev/vuln/GO-2021-0061 https://pkg.go.dev/vuln/GO-2020-0036