from 0
CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile from 0
CRITICAL9.1Request smuggling due to acceptance of invalid chunked data in net/http
from 0, < 1.24.2-1
HIGH8.8Code execution vulnerability in SWIG code generation in cmd/go
from 0
HIGH8.8GOAUTH credential leak in cmd/go
from 0, < 1.24~rc2-1
HIGH8.6Potential code smuggling via doc comments in cmd/cgo
from 0
HIGH8.6Unexpected command execution in untrusted VCS repositories in cmd/go
from 0
HIGH7.8Arbitrary file write using cgo pkg-config directive in cmd/go
from 0
HIGH7.5Quadratic complexity in WordDecoder.DecodeHeader in mime
from 0
HIGH7.5Crash when handling long CNAME response in net
from 0
HIGH7.5Quadratic string concatenation in consumePhrase in net/mail
from 0
HIGH7.5Quadratic string concatentation in consumeComment in net/mail
from 0
HIGH7.5Malicious module proxy can bypass checksum database in cmd/go
from 0
HIGH7.5Inefficient policy validation in crypto/x509
from 0
HIGH7.5Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
from 0
HIGH7.5Unexpected work during chain building in crypto/x509
from 0
HIGH7.5Memory exhaustion in query parameter parsing in net/url
from 0
HIGH7.5Excessive resource consumption when printing error string for host certificate validation in crypto/x509
from 0
HIGH7.5Panic when validating certificates with DSA public keys in crypto/x509
from 0
HIGH7.5Quadratic complexity when parsing some invalid inputs in encoding/pem
from 0
HIGH7.5Quadratic complexity when checking name constraints in crypto/x509
from 0
HIGH7.5Excessive CPU consumption in ParseAddress in net/mail
from 0
HIGH7.5Usage of ExtKeyUsageAny disables policy validation in crypto/x509
from 0, < 1.24.4-1
HIGH7.5ParsePKCS1PrivateKey panic with partial keys in crypto/x509
from 0, < 1.24~rc2-1
HIGH7.1Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
from 0
HIGH7.0Unexpected code execution when invoking toolchain in cmd/go
from 0
HIGH7.0Incorrect results returned from Rows.Scan in database/sql
from 0
MEDIUM6.8Sensitive headers not cleared on cross-origin redirect in net/http
from 0, < 1.24.4-1
MEDIUM6.5Inefficient candidate hostname parsing in crypto/x509
from 0
MEDIUM6.5Excessive CPU consumption when building archive index in archive/zip
from 0
MEDIUM6.5Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
from 0
MEDIUM6.5Unexpected paths returned from LookPath in os/exec
from 0
MEDIUM6.4TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
from 0
MEDIUM6.1Bypass of meta content URL escaping causes XSS in html/template
from 0
MEDIUM6.1Escaper bypass leads to XSS in html/template
from 0
MEDIUM6.1JsBraceDepth Context Tracking Bugs (XSS) in html/template
from 0
MEDIUM6.1URLs in meta content attribute actions are not escaped in html/template
from 0
MEDIUM6.1Sensitive headers incorrectly sent after cross-domain redirect in net/http
from 0, < 1.24~rc2-1
MEDIUM6.1Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
from 0, < 1.24~rc2-1
MEDIUM5.9Invoking "go tool pack" does not sanitize output paths in cmd/go
from 0
MEDIUM5.5Unbounded allocation for old GNU sparse in archive/tar
from 0
MEDIUM5.3Arbitrary inputs are included in errors without any escaping in net/textproto
from 0
MEDIUM5.3ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
from 0
MEDIUM5.3Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
from 0
MEDIUM5.3Handshake messages may be processed at the incorrect encryption level in crypto/tls
from 0
MEDIUM5.3Excessive CPU consumption in Reader.ReadResponse in net/textproto
from 0
MEDIUM5.3Lack of limit when parsing cookies can cause memory exhaustion in net/http
from 0
MEDIUM5.3Parsing DER payload can cause memory exhaustion in encoding/asn1
from 0
MEDIUM5.3Insufficient validation of bracketed IPv6 hostnames in net/url
from 0
MEDIUM5.3ALPN negotiation error contains attacker controlled information in crypto/tls
from 0
MEDIUM4.4HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
from 0, < 1.24.1-1
MEDIUM4.3Unbounded allocation when parsing GNU sparse map in archive/tar
from 0
MEDIUM4.0Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
from 0, < 1.24~rc3-1
LOW3.8Improper access to parent directory of root in os
from 0, < 1.24.4-1
LOW3.7The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TO…
from 0
LOW2.5FileInfo can escape from a Root in os
from 0