Advisories for Golang/Github.com/Open-Feature/Flagd/Flagd package

Denial of Service: A single crafted request can crash the flagd process. Service Disruption: All applications relying on the affected flagd instance for feature flag evaluation will lose access to flag evaluations until the process restarts. Repeated Exploitation: An attacker can continuously send oversized requests to prevent recovery.

In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling. | CVE ID | Impacted Package | Severity | Description & Impact on flagd | | – | – | – | – | | CVE-2025-47907 | database/sql | 7.0 (High) …