opencost | Snyk

Direct Vulnerabilities

Known vulnerabilities in the opencost package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1.120.1-r2
L Improper Encoding or Escaping of Output	<1.120.1-r1
H Allocation of Resources Without Limits or Throttling	<1.120.1-r1
L CVE-2026-42499	<1.120.1-r1
L GHSA-qf3q-3h68-mmh2	<1.120.1-r1
L GHSA-497x-jcxf-m478	<1.120.1-r1
L GHSA-5m4p-2gjx-p2g8	<1.120.1-r1
H NULL Pointer Dereference	<1.120.1-r1
L GHSA-2283-wf8c-rw8r	<1.120.1-r1
L CVE-2026-42501	<1.120.1-r1
L GHSA-xq5j-9r39-c3vf	<1.120.1-r1
L Cross-site Scripting (XSS)	<1.120.1-r1
H Double Free	<1.120.1-r1
L GHSA-8g2r-hhvj-mv99	<1.120.1-r1
L GHSA-p9h5-jm8x-mjm5	<1.120.1-r1
L GHSA-3v2c-x6q9-f697	<1.120.1-r1
M Out-of-bounds Write	<1.120.1-r1
L GHSA-qc64-m6c2-v4x7	<1.120.1-r1
M Link Following	<1.120.1-r1
H Allocation of Resources Without Limits or Throttling	<1.120.0-r0
H Access of Resource Using Incompatible Type ('Type Confusion')	<1.120.0-r0
L GHSA-cfp9-33rc-j74f	<1.120.0-r0
L GHSA-5w89-2c2x-6x66	<1.120.0-r0
L GHSA-m4pr-4j3g-9v7v	<1.120.0-r0
C CVE-2026-27143	<1.120.0-r0
L GHSA-7mr4-xjxg-34g6	<1.120.0-r0
M Cross-site Scripting (XSS)	<1.120.0-r0
H Untrusted Search Path	<1.120.0-r1
L GHSA-hfvc-g4fc-pqhx	<1.120.0-r1
L CVE-2026-32280	<1.120.0-r0
L GHSA-gjvh-7jh8-7xhm	<1.120.0-r0
H Incorrect Authorization	<1.120.0-r0
L GHSA-cqrx-3m42-5p5w	<1.120.0-r0
H Improper Certificate Validation	<1.120.0-r0
L GHSA-jrg3-gfjw-hm96	<1.120.0-r0
L GHSA-xmrv-pmrh-hhx2	<1.119.2-r11
L Uncaught Exception	<1.119.2-r10
L GHSA-78h2-9frx-2jm8	<1.119.2-r10
L GHSA-p77j-4mvh-x3m3	<1.119.2-r6
L Improper Authorization	<1.119.2-r6
L GHSA-89xv-2j6f-qhc8	<1.119.2-r7
L GHSA-q382-vc8q-7jhj	<1.119.2-r7
M Cross-site Request Forgery (CSRF)	<1.119.2-r7
L Directory Traversal	<1.119.2-r4
L Direct Request ('Forced Browsing')	<1.119.2-r4
L GHSA-j3gx-2473-5fp8	<1.119.2-r4
L GHSA-j4j7-vw47-rhfq	<1.119.2-r4
L GHSA-rv83-g57w-fr8j	<1.119.2-r4
L Cross-site Scripting (XSS)	<1.119.2-r4
L CVE-2025-22874	<1.115.0-r2
L GHSA-g9pc-8g42-g6vq	<1.114.0-r5
L Asymmetric Resource Consumption (Amplification)	<1.114.0-r4
L GHSA-cm6p-qc7v-m3jw	<1.119.1-r1
L GHSA-xvqr-69v8-f3gv	<1.119.1-r1
L GHSA-62jj-gr2r-5c34	<1.115.0-r2
L Untrusted Search Path	<1.119.2-r2
L GHSA-mh63-6h87-95cp	<1.114.0-r4
L GHSA-qxp5-gwg8-xv66	<1.114.0-r3
L GHSA-5mh9-3jwc-rp59	<1.118.0-r2
L CVE-2025-22869	<1.114.0-r1
H Improper Handling of Case Sensitivity	<1.119.2-r1
L Improper Certificate Validation	<1.118.0-r2
L CVE-2025-58181	<1.118.0-r1
L GHSA-j5w8-q4qc-rx2x	<1.118.0-r1
L GHSA-gm9r-q53w-2gh4	<1.119.1-r1
L CVE-2025-4673	<1.115.0-r2
L GHSA-7c64-f9jr-v9h2	<1.118.0-r2
L CVE-2025-22868	<1.114.0-r2
L GHSA-vvgc-356p-c3xw	<1.114.0-r6
L GHSA-9h8m-3fm2-qjrq	<1.119.2-r2
L GHSA-hcg3-q754-cr77	<1.114.0-r1
L CVE-2025-61730	<1.119.1-r1
L GHSA-gr56-3gp6-6gmj	<1.119.1-r1
L Improper Certificate Validation	<1.118.0-r2
L GHSA-f6x5-jh6r-wrfv	<1.118.0-r1
L CVE-2025-22870	<1.114.0-r3
L CVE-2025-47914	<1.118.0-r1
L CVE-2025-61731	<1.119.1-r1
L Allocation of Resources Without Limits or Throttling	<1.119.1-r1
L CVE-2025-22872	<1.114.0-r6
L GHSA-6v2p-p543-phr9	<1.114.0-r2
L GHSA-6f52-wpx2-hvf2	<1.115.0-r2
L CVE-2025-22871	<1.114.0-r5
L Out-of-bounds Write	<1.119.1-r1
L GHSA-wvj2-96wp-fq3f	<1.119.2-r1

Vulnerability

Vulnerable Version

Loop with Unreachable Exit Condition ('Infinite Loop')

<1.120.1-r2