govulnceck report: GO-2025-3553 on github.com/golang-jwt/jwt

When running `govulncheck` on this codebase the following vulnerability is being reported:

```
Vulnerability #1: GO-2025-3553
    Excessive memory allocation during header parsing in
    github.com/golang-jwt/jwt
  More info: https://pkg.go.dev/vuln/GO-2025-3553
  Module: github.com/golang-jwt/jwt
    Found in: github.com/golang-jwt/jwt@v3.2.2+incompatible
    Fixed in: N/A
```

This issue has been patched: https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp

When running `go mod why github.com/golang-jwt/jwt` we get the following chain, which indicates the source of the issue is in `DefangLabs/secret-detector`:

```
github.com/docker/compose/v2/pkg/compose
github.com/DefangLabs/secret-detector/pkg/scanner
github.com/DefangLabs/secret-detector/pkg/detectors/jwt
github.com/golang-jwt/jwt
```

`DefangLabs/secret-detector` has no way to open an issue on the affected repo. I'm also not sure the significance of that package on this codebase. 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

govulnceck report: GO-2025-3553 on github.com/golang-jwt/jwt #12701

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

govulnceck report: GO-2025-3553 on github.com/golang-jwt/jwt #12701

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions