VYPR

Opentelemetry Go

by Opentelemetry

Source repositories

CVEs (3)

  • CVE-2026-24051HigFeb 2, 2026
    risk 0.39cvss 7.0epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system…

  • CVE-2026-41178MedJun 4, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the…

  • CVE-2026-45287LowJun 4, 2026
    risk 0.07cvss epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it…