| Package | Version | Severity | CVE | Fix Version | Description |
|---|---|---|---|---|---|
| go.opentelemetry.io/otel | v1.40.0 | HIGH | GHSA-mh2q-q3fh-2475 | 1.41.0 | OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) |
| go.opentelemetry.io/otel | v1.40.0 | HIGH | GHSA-mh2q-q3fh-2475 | 1.41.0 | OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) |
| go.opentelemetry.io/otel/sdk | v1.40.0 | HIGH | GHSA-hfvc-g4fc-pqhx | 1.43.0 | opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking |