`github.com/hashicorp/go-getter`

Ecosystem:
go

Package URL:
pkg:golang/github.com/hashicorp/go-getter

Total PRs:
1,098 Dependabot PRs

Latest PR:
12 days ago

Unique Repositories:
542 repositories

Unique Repos (30 days):
86 repositories

Security Advisories

HashiCorp go-getter Vulnerable to Symlink Attacks

GHSA-wjrx-6529-hcj3 CVE-2025-8959 HIGH published 3 months ago • updated 3 months ago

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designa...

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

GHSA-xfhp-jf8p-mh5w CVE-2024-6257 HIGH published over 1 year ago • updated 3 months ago

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading t...

Insertion of Sensitive Information into Log File in Hashicorp go-getter

GHSA-27rq-4943-qcwp CVE-2022-29810 MODERATE published over 3 years ago • updated 3 months ago

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to r...

Data Amplification in HashiCorp go-getter

GHSA-jpxj-2jvg-6jv9 CVE-2023-0475 MODERATE published over 2 years ago • updated 4 months ago

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion

GHSA-28r2-q6m8-9hpx CVE-2022-30323 HIGH published over 3 years ago • updated 3 months ago

HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious ...

View all 9 advisories

Recent PRs

build(deps): bump github.com/hashicorp/go-getter from 1.5.3 to 1.7.9

integrations/terraform-provider-github #2790

1.5.3 → 1.7.9 Minor PR

Closed 12 days ago 2 comments

build(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.8.2

gurufinglobal/cosmos-sdk #113

1.6.1 → 1.8.2 Minor PR

Closed 16 days ago 2 comments

Bump the go-modules group across 1 directory with 32 updates

paketo-buildpacks/pipenv #729

1.8.1 → 1.8.2 Patch PR

Closed 18 days ago 1 comment

chore(deps): bump the go_modules group across 3 directories with 5 updates

zeta-chain/evm #16

1.7.8 → 1.7.9 Patch PR

Closed 18 days ago 1 comment

chore(deps): bump the common group across 1 directory with 35 updates

goodtab/cptrivy #22

1.7.8 → 1.8.2 Minor PR

Closed 20 days ago 1 comment

chore(deps): bump the common group across 1 directory with 9 updates

aquasecurity/trivy #9654

1.8.1 → 1.8.2 Patch PR

Closed 20 days ago 6 comments

chore(deps): bump the common group with 8 updates

DmitriyLewen/trivy #189

1.8.1 → 1.8.2 Patch PR

Closed 20 days ago 1 comment

Bump the go-modules group across 1 directory with 24 updates

paketo-buildpacks/node-engine #1325

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 20 updates

paketo-buildpacks/pip-install #524

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 18 updates

paketo-buildpacks/pip-install #523

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 21 updates

paketo-buildpacks/pip #774

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 92 updates

paketo-buildpacks/miniconda #657

1.7.9 → 1.8.2 Minor PR

Open 25 days ago

Bump the go-modules group across 1 directory with 17 updates

paketo-buildpacks/pipenv #723

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 17 updates

paketo-buildpacks/nginx #1019

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 18 updates

paketo-buildpacks/go-dist #1133

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

chore(deps): bump the go_modules group across 1 directory with 9 updates

thoroc/steampipe-plugin-gitlab #1

1.7.2 → 1.7.9 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 17 updates

paketo-buildpacks/httpd #935

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 12 updates

paketo-buildpacks/go-mod-vendor #948

1.8.1 → 1.8.2 Patch PR

Open 25 days ago

Bump the go-modules group across 1 directory with 15 updates

paketo-buildpacks/cpython #1039

1.8.1 → 1.8.2 Patch PR

Closed 26 days ago 1 comment

Bump the go-modules group across 1 directory with 9 updates

paketo-buildpacks/pipenv-install #536

1.8.1 → 1.8.2 Patch PR

Closed 26 days ago 1 comment

Bump the go-modules group across 1 directory with 15 updates

paketo-buildpacks/pip #773

1.8.1 → 1.8.2 Patch PR

Open 26 days ago

Bump the go-modules group across 1 directory with 11 updates

paketo-buildpacks/pipenv #722

1.8.1 → 1.8.2 Patch PR

Closed 26 days ago 1 comment

Bump the go-modules group across 1 directory with 11 updates

paketo-buildpacks/nginx #1018

1.8.1 → 1.8.2 Patch PR

Closed 26 days ago 1 comment

Bump the go-modules group across 1 directory with 6 updates

paketo-buildpacks/go-build #909

1.8.1 → 1.8.2 Patch PR

Open 26 days ago

Bump the go-modules group across 1 directory with 12 updates

paketo-buildpacks/go-dist #1132

1.8.1 → 1.8.2 Patch PR

Closed 26 days ago 1 comment

chore(deps): Bump github.com/hashicorp/go-getter from 1.7.8 to 1.8.2

unclesp1d3r/CipherSwarmAgent #81

1.7.8 → 1.8.2 Minor PR

Open 26 days ago

Bump the go-dependencies group across 1 directory with 11 updates

gruntwork-io/boilerplate #247

1.7.6 → 1.8.2 Minor PR

Open 26 days ago

chore(deps): bump the security group with 3 updates

replicatedhq/troubleshoot #1879

1.8.1 → 1.8.2 Patch PR

Merged 26 days ago

build(deps): Bump github.com/hashicorp/go-getter from 1.6.2 to 1.8.2 in /tools/cosmovisor

huione-labs/cosmos-sdk #468

1.6.2 → 1.8.2 Minor PR

Open 26 days ago 1 comment

build(deps): Bump github.com/hashicorp/go-getter from 1.6.2 to 1.8.2 in /tools/cosmovisor

crossfichain/cosmos-sdk #192

1.6.2 → 1.8.2 Minor PR

Open 26 days ago 1 comment

build(deps): Bump github.com/hashicorp/go-getter from 1.7.0 to 1.8.2 in /tools/cosmovisor

terra-money/cosmos-sdk #995

1.7.0 → 1.8.2 Minor PR

Open 26 days ago 1 comment

Bump the go-modules group across 1 directory with 6 updates

paketo-buildpacks/poetry-install #487

1.8.1 → 1.8.2 Patch PR

Open 26 days ago 1 comment

Bump the go-modules group across 1 directory with 38 updates

paketo-buildpacks/npm-install #1026

1.8.1 → 1.8.2 Patch PR

Open 26 days ago 1 comment

Bump github.com/hashicorp/go-getter from 1.5.11 to 1.8.2

riddopic/minikube #41

1.5.11 → 1.8.2 Minor PR

Open 26 days ago 1 comment

chore(deps): bump the common group across 1 directory with 28 updates

tnir/trivy #276

1.7.9 → 1.8.2 Minor PR

Open 26 days ago

Bump the go-modules group across 1 directory with 11 updates

paketo-buildpacks/httpd #934

1.8.1 → 1.8.2 Patch PR

Open 26 days ago 1 comment

Bump the go-modules group across 1 directory with 6 updates

paketo-buildpacks/go-mod-vendor #947

1.8.1 → 1.8.2 Patch PR

Open 26 days ago 1 comment

chore: bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 in the terraform group

vincenthsh/fogg #434

1.8.1 → 1.8.2 Patch PR

Merged 26 days ago

Chore: (deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.8.2

kcl-lang/kpm #673

1.7.8 → 1.8.2 Minor PR

Open 27 days ago

Bump the go-modules group across 1 directory with 13 updates

paketo-buildpacks/node-engine #1321

1.8.1 → 1.8.2 Patch PR

Closed 27 days ago 1 comment

build(deps): Bump github.com/hashicorp/go-getter from 1.7.0 to 1.8.2 in /tools/cosmovisor

artela-network/artela-cosmos-sdk #858

1.7.0 → 1.8.2 Minor PR

Open 27 days ago 1 comment

Bump the go-dependencies group across 1 directory with 62 updates

brooke-hamilton/radius #151

1.7.9 → 1.8.2 Minor PR

Open 27 days ago

Bump the go-modules group across 1 directory with 8 updates

paketo-buildpacks/pip-install #521

1.8.1 → 1.8.2 Patch PR

Closed 27 days ago 1 comment

chore(deps): bump the common group across 1 directory with 55 updates

k-hal/trivy #400

1.7.6 → 1.8.2 Minor PR

Open 27 days ago

chore(deps): bump the common group across 1 directory with 34 updates

goodtab/cptrivy #21

1.7.8 → 1.8.2 Minor PR

Open 27 days ago

chore(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 in the common group

aquasecurity/trivy #9598

1.8.1 → 1.8.2 Patch PR

Open 27 days ago

chore(deps): bump the common group across 1 directory with 30 updates

MaineK00n/trivy #340

1.7.9 → 1.8.2 Minor PR

Open 27 days ago

chore(deps): bump the common group across 1 directory with 49 updates

suryatmodulus/trivy #343

1.7.8 → 1.8.2 Minor PR

Open 27 days ago

Bump the go-modules group across 1 directory with 14 updates

paketo-buildpacks/cpython #1038

1.8.1 → 1.8.2 Patch PR

Open 27 days ago

Bump the go-modules group across 1 directory with 7 updates

paketo-buildpacks/pipenv-install #535

1.8.1 → 1.8.2 Patch PR

Closed 27 days ago 1 comment

Package Details

Name:	`github.com/hashicorp/go-getter`
Ecosystem:	go
PURL Type:	golang
Package URL:	`pkg:golang/github.com/hashicorp/go-getter`
JSON API:	View JSON

Security Advisories

9

Active advisories

CRITICAL 2

HIGH 5

MODERATE 2

View All golang Advisories

Package Information

Description:

getter is a package for downloading files or directories from a variety of protocols. getter is unique in its ability to download both directories and files. It also detects certain source strings to be protocol-specific URLs. For example, "github.com/hashicorp/go-getter" would turn into a Git URL and use the Git protocol. Protocols and detectors are extensible. To get started, see Client.

Repository:	https://github.com/hashicorp/go-getter
Homepage:	https://github.com/hashicorp/go-getter
Latest Release:	`v1.7.8` 10 months ago
Dependent Repos:	6,872
Dependent Packages:	3,705
Ranking:	Top 0.0949% by dependent repos Top 0.0592% by dependent pkgs

PR Status

Open 659 (60.0%)

Merged 109 (9.9%)

Closed 313 (28.5%)

PR Types

Minor 379 (34.5%)

Patch 702 (63.9%)