from 0, < 1.25.6-1
CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile from 0, < 1.25.9-1
HIGH8.8Code execution vulnerability in SWIG code generation in cmd/go
from 0, < 1.25.9-1
HIGH8.6Potential code smuggling via doc comments in cmd/cgo
from 0, < 1.25.7-1
HIGH7.8Arbitrary file write using cgo pkg-config directive in cmd/go
from 0, < 1.25.6-1
HIGH7.5Quadratic complexity in WordDecoder.DecodeHeader in mime
from 0, < 1.25.11-1
HIGH7.5Quadratic string concatenation in consumePhrase in net/mail
from 0, < 1.25.10-1
HIGH7.5Crash when handling long CNAME response in net
from 0, < 1.25.10-1
HIGH7.5Quadratic string concatentation in consumeComment in net/mail
from 0, < 1.25.10-1
HIGH7.5Malicious module proxy can bypass checksum database in cmd/go
from 0, < 1.25.10-1
HIGH7.5Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
from 0, < 1.25.9-1
HIGH7.5Unexpected work during chain building in crypto/x509
from 0, < 1.25.9-1
HIGH7.5Inefficient policy validation in crypto/x509
from 0, < 1.25.9-1
HIGH7.5Incorrect parsing of IPv6 host literals in net/url
from 0, < 1.25.8-1
HIGH7.5Memory exhaustion in query parameter parsing in net/url
from 0, < 1.25.6-1
HIGH7.5Excessive resource consumption when printing error string for host certificate validation in crypto/x509
from 0, < 1.25.6-1
HIGH7.5Panic when validating certificates with DSA public keys in crypto/x509
from 0, < 1.25.2-1
HIGH7.5Quadratic complexity when parsing some invalid inputs in encoding/pem
from 0, < 1.25.2-1
HIGH7.5Quadratic complexity when checking name constraints in crypto/x509
from 0, < 1.25.2-1
HIGH7.5Excessive CPU consumption in ParseAddress in net/mail
from 0, < 1.25.2-1
HIGH7.1Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
from 0, < 1.25.9-1
HIGH7.0Unexpected code execution when invoking toolchain in cmd/go
from 0, < 1.25.6-1
MEDIUM6.5Inefficient candidate hostname parsing in crypto/x509
from 0, < 1.25.11-1
MEDIUM6.5Excessive CPU consumption when building archive index in archive/zip
from 0, < 1.25.6-1
MEDIUM6.5Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
from 0, < 1.25.6-1
MEDIUM6.4TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
from 0, < 1.25.9-1
MEDIUM6.1Bypass of meta content URL escaping causes XSS in html/template
from 0, < 1.25.10-1
MEDIUM6.1Escaper bypass leads to XSS in html/template
from 0, < 1.25.10-1
MEDIUM6.1JsBraceDepth Context Tracking Bugs (XSS) in html/template
from 0, < 1.25.9-1
MEDIUM6.1URLs in meta content attribute actions are not escaped in html/template
from 0, < 1.25.8-1
MEDIUM5.9Invoking "go tool pack" does not sanitize output paths in cmd/go
from 0, < 1.25.10-1
MEDIUM5.5Unbounded allocation for old GNU sparse in archive/tar
from 0, < 1.25.9-1
MEDIUM5.4CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
from 0, < 1.25.1-1
MEDIUM5.3Arbitrary inputs are included in errors without any escaping in net/textproto
from 0, < 1.25.11-1
MEDIUM5.3ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
from 0, < 1.25.10-1
MEDIUM5.3Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
from 0, < 1.25.10-1
MEDIUM5.3Handshake messages may be processed at the incorrect encryption level in crypto/tls
from 0, < 1.25.6-1
MEDIUM5.3Excessive CPU consumption in Reader.ReadResponse in net/textproto
from 0, < 1.25.2-1
MEDIUM5.3Lack of limit when parsing cookies can cause memory exhaustion in net/http
from 0, < 1.25.2-1
MEDIUM5.3Parsing DER payload can cause memory exhaustion in encoding/asn1
from 0, < 1.25.2-1
MEDIUM5.3Insufficient validation of bracketed IPv6 hostnames in net/url
from 0, < 1.25.2-1
MEDIUM5.3ALPN negotiation error contains attacker controlled information in crypto/tls
from 0, < 1.25.2-1
MEDIUM4.3Unbounded allocation when parsing GNU sparse map in archive/tar
from 0, < 1.25.2-1
LOW2.5FileInfo can escape from a Root in os
from 0, < 1.25.8-1