from 0
CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile from 0
CRITICAL9.8CVE-2023-24531Output of "go env" does not sanitize values in cmd/go from 0
CRITICAL9.8Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
from 0
CRITICAL9.8Code injection via go command with cgo in cmd/go
from 0
CRITICAL9.8Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
from 0
CRITICAL9.8Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
from 0
CRITICAL9.8Improper handling of JavaScript whitespace in html/template
from 0
CRITICAL9.8Backticks not treated as string delimiters in html/template
from 0
CRITICAL9.8Buffer overflow in WASM modules in misc/wasm and cmd/link
from 0, < 1.15.15-1~deb11u2
CRITICAL9.8Authentication bypass in github.com/russellhaering/gosaml2
from 0
CRITICAL9.1Request smuggling due to acceptance of invalid chunked data in net/http
from 0
CRITICAL9.1Incorrect computation for some invalid field elements in crypto/elliptic
from 0, < 1.15.15-1~deb11u3
HIGH8.8Code execution vulnerability in SWIG code generation in cmd/go
from 0
HIGH8.6Potential code smuggling via doc comments in cmd/cgo
from 0
HIGH8.6Unexpected command execution in untrusted VCS repositories in cmd/go
from 0
HIGH8.1Arbitrary code execution during build via line directives in cmd/go
from 0
HIGH7.8Arbitrary file write using cgo pkg-config directive in cmd/go
from 0
HIGH7.8Unsafe behavior in setuid/setgid binaries in runtime
from 0
HIGH7.5Quadratic complexity in WordDecoder.DecodeHeader in mime
from 0
HIGH7.5Crash when handling long CNAME response in net
from 0
HIGH7.5Quadratic string concatentation in consumeComment in net/mail
from 0
HIGH7.5Malicious module proxy can bypass checksum database in cmd/go
from 0
HIGH7.5Quadratic string concatenation in consumePhrase in net/mail
from 0
HIGH7.5Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
from 0
HIGH7.5Inefficient policy validation in crypto/x509
from 0
HIGH7.5Unexpected work during chain building in crypto/x509
from 0
HIGH7.5Memory exhaustion in query parameter parsing in net/url
from 0
HIGH7.5Excessive resource consumption when printing error string for host certificate validation in crypto/x509
from 0
HIGH7.5Panic when validating certificates with DSA public keys in crypto/x509
from 0
HIGH7.5Quadratic complexity when parsing some invalid inputs in encoding/pem
from 0
HIGH7.5Quadratic complexity when checking name constraints in crypto/x509
from 0
HIGH7.5Excessive CPU consumption in ParseAddress in net/mail
from 0
HIGH7.5Stack exhaustion in Decoder.Decode in encoding/gob
from 0
HIGH7.5Stack exhaustion in Parse in go/build/constraint
from 0
HIGH7.5Denial of service due to improper 100-continue handling in net/http
from 0
HIGH7.5Comments in display names are incorrectly handled in net/mail
from 0
HIGH7.5Command 'go get' may unexpectedly fallback to insecure git in cmd/go
from 0
HIGH7.5Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
from 0
HIGH7.5Insecure parsing of Windows paths with a \??\ prefix in path/filepath
from 0
HIGH7.5HTTP/2 rapid reset can cause excessive work in net/http
from 0
HIGH7.5Infinite loop in parsing in go/scanner
from 0
HIGH7.5Excessive resource consumption in net/http, net/textproto and mime/multipart
from 0
HIGH7.5Excessive memory allocation in net/http and net/textproto
from 0
HIGH7.5Excessive resource consumption in mime/multipart
from 0
HIGH7.5Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
from 0
HIGH7.5Panic on large handshake records in crypto/tls
from 0
HIGH7.5Path traversal on Windows in path/filepath
from 0
HIGH7.5Restricted file access on Windows in os and net/http
from 0
HIGH7.5Unsanitized NUL in environment variables on Windows in syscall and os/exec
from 0
HIGH7.5Incorrect sanitization of forwarded query parameters in net/http/httputil
from 0
HIGH7.5Memory exhaustion when compiling regular expressions in regexp/syntax
from 0
HIGH7.5Unbounded memory consumption when reading headers in archive/tar
from 0
HIGH7.5Denial of service in net/http and golang.org/x/net/http2
from 0
HIGH7.5Panic when decoding Float and Rat types in math/big
from 0
HIGH7.5Incorrect access control in the go command in cmd/go/internal/modfetch
from 0, < 1.15.15-1~deb11u3
HIGH7.5golang-1.11 - security update
from 0, < 1.15.5-1
HIGH7.5Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
from 0, < 1.15.5-1
HIGH7.5Stack exhaustion when decoding certain messages in encoding/gob
from 0
HIGH7.5Stack exhaustion when reading certain archives in compress/gzip
from 0
HIGH7.5Stack exhaustion when unmarshaling certain documents in encoding/xml
from 0
HIGH7.5Stack exhaustion on crafted paths in path/filepath
from 0
HIGH7.5Stack exhaustion from deeply nested XML documents in encoding/xml
from 0
HIGH7.5Stack exhaustion when compiling deeply nested expressions in regexp
from 0, < 1.15.15-1~deb11u4
HIGH7.5golang-1.8 - security update
from 0, < 1.15.15-1~deb11u3
HIGH7.5Panic due to crafted inputs in archive/zip
from 0, < 1.15.15-1~deb11u1
HIGH7.5Infinite loop when decoding inputs in encoding/xml
from 0, < 1.15.9-1
HIGH7.5golang-1.7 - security update
from 0, < 1.15.9-4
HIGH7.5Panic on inputs with large exponents in math/big
from 0, < 1.15.9-5
HIGH7.5Panic on invalid symbol tables in debug/macho
from 0, < 1.15.15-1~deb11u2
HIGH7.5Unbounded memory growth in net/http and golang.org/x/net/http2
from 0, < 1.15.15-1~deb11u2
HIGH7.5Unbounded read from invalid inputs in encoding/binary
from 0, < 1.15~rc2-1
HIGH7.5Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) al…
from 0
HIGH7.5Arbitrary code injection via the go command with cgo on Windows in cmd/go
from 0, < 1.15.7-1
HIGH7.5Panic during division of very large numbers in math/big
from 0, < 1.15.5-1
HIGH7.3Improper handling of empty HTML attributes in html/template
from 0
HIGH7.3Improper sanitization of CSS values in html/template
from 0
HIGH7.3Improper sanitization when resolving values from DNS in net
from 0, < 1.15.9-5
HIGH7.1Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
from 0
HIGH7.0Unexpected code execution when invoking toolchain in cmd/go
from 0
HIGH7.0Incorrect results returned from Rows.Scan in database/sql
from 0
MEDIUM6.8Sensitive headers not cleared on cross-origin redirect in net/http
from 0
MEDIUM6.5Inefficient candidate hostname parsing in crypto/x509
from 0
MEDIUM6.5Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
from 0
MEDIUM6.5Unexpected paths returned from LookPath in os/exec
from 0
MEDIUM6.5Memory exhaustion in multipart form parsing in net/textproto and net/http
from 0
MEDIUM6.5Insufficient sanitization of Host header in net/http
from 0
MEDIUM6.5Exposure of client IP addresses in net/http
from 0
MEDIUM6.5Improper sanitization of Transfer-Encoding headers in net/http
from 0
MEDIUM6.5Incorrect operations on the P-224 curve in crypto/elliptic
from 0, < 1.15.7-1
MEDIUM6.5Panic on certain certificates in crypto/tls
from 0, < 1.15.9-6
MEDIUM6.4TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
from 0
MEDIUM6.1Bypass of meta content URL escaping causes XSS in html/template
from 0
MEDIUM6.1Escaper bypass leads to XSS in html/template
from 0
MEDIUM6.1JsBraceDepth Context Tracking Bugs (XSS) in html/template
from 0
MEDIUM6.1URLs in meta content attribute actions are not escaped in html/template
from 0
MEDIUM6.1Sensitive headers incorrectly sent after cross-domain redirect in net/http
from 0
MEDIUM6.1Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
from 0
MEDIUM6.1Improper handling of special tags within script contexts in html/template
from 0
MEDIUM6.1Improper handling of HTML-like comments in script contexts in html/template
from 0