hashicorp/vault · Security & risks
Authoritative risk signals for hashicorp/vault — dependency CVEs (deps.dev), OpenSSF Scorecard, and GitHub Code Scanning. Not a substitute for your own security review.
Dependency CVEs (deps.dev)
0
Critical
0 direct
0
High
0 direct
2
Moderate
53
Deps scanned
25 direct
- GO-2022-0635 · github.com/aws/aws-sdk-go (direct)In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-goMODERATE
- GO-2022-0646 · github.com/aws/aws-sdk-go (direct)CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-goMODERATE
OpenSSF Scorecard · 6.5/10
- Packaging—
- Signed-Releases—
- Code-Review0/10
- CII-Best-Practices0/10
- Token-Permissions0/10
- SAST0/10
- Branch-Protection8/10
- Pinned-Dependencies8/10
GitHub Code Scanning · 0 open / 0 total
Tools: —
Ask AI about hashicorp/vault
Grounded in the actual source code. Pick a starter question or write your own.
What does this repo do, in one paragraph?How would I get started using it?What are the main alternatives?Show me the entry point.
Or write your own question →Informational only. RepoPilot summarises public signals at the time of analysis; they can be incomplete or stale. Not professional, security, or legal advice.