Skip to content

Nancy marking downstream dependency as vulnerable #256

New issue
New issue
Open
#257
Open
Nancy marking downstream dependency as vulnerable#256
#257
@alxmk

Description

@alxmk
alxmk
opened on Oct 6, 2025
Issues with pkg:golang/github.com/mitchellh/[email protected]
CVE-2025-11065
Description: github.com/go-viper/mapstructure - Generation of Error Message Containing Sensitive Information
Score: 5.3

% go mod why github.com/mitchellh/mapstructure
# github.com/mitchellh/mapstructure
<my package>
github.com/IBM/go-sdk-core/v5/core
github.com/go-openapi/strfmt
github.com/mitchellh/mapstructure

As of v5.21.0 (latest) this is an issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions