| github.com/jackc/pgx/v5 | v5.8.0 | CRITICAL | GHSA-9jj7-4m8r-rfcm | 5.9.0 | Memory-safety vulnerability in github.com/jackc/pgx/v5. |
| google.golang.org/grpc | v1.79.2 | CRITICAL | GHSA-p77j-4mvh-x3m3 | 1.79.3 | gRPC-Go has an authorization bypass via missing leading slash in :path |
| go.opentelemetry.io/otel | v1.40.0 | HIGH | GHSA-mh2q-q3fh-2475 | 1.41.0 | OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) |
| go.opentelemetry.io/otel/sdk | v1.40.0 | HIGH | GHSA-hfvc-g4fc-pqhx | 1.43.0 | opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking |
| go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp | v0.16.0 | MEDIUM | GHSA-w8rr-5gcm-pp58 | 0.19.0 | opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies |
| go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp | v1.40.0 | MEDIUM | GHSA-w8rr-5gcm-pp58 | 1.43.0 | opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.40.0 | MEDIUM | GHSA-w8rr-5gcm-pp58 | 1.43.0 | opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies |
| github.com/jackc/pgx/v5 | v5.8.0 | LOW | GHSA-j88v-2chj-qfwx | 5.9.2 | pgx: SQL Injection via placeholder confusion with dollar quoted string literals |