Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46604 |
|
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
|
| CVE-2023-54365 |
|
Vulnerability in traefik (CVE-2023-54365)
vulnerability in traefik (CVE-2023-54365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46597 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46597)
vulnerability in golang.org/x/crypto (CVE-2026-46597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-46598 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46598)
vulnerability in golang.org/x/crypto (CVE-2026-46598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-42508 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-42508)
vulnerability in golang.org/x/crypto (CVE-2026-42508). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-46595 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46595)
vulnerability in golang.org/x/crypto (CVE-2026-46595). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39834 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39834)
vulnerability in golang.org/x/crypto (CVE-2026-39834). Data can be tampered with by attackers. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39835 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39835)
vulnerability in golang.org/x/crypto (CVE-2026-39835). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39828 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39828)
vulnerability in golang.org/x/crypto (CVE-2026-39828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39829 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39829)
vulnerability in golang.org/x/crypto (CVE-2026-39829). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39830 |
|
Buffer Overflow in golang.org/x/crypto (CVE-2026-39830)
vulnerability in golang.org/x/crypto (CVE-2026-39830). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39831 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39831)
vulnerability in golang.org/x/crypto (CVE-2026-39831). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39832 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39832)
vulnerability in golang.org/x/crypto (CVE-2026-39832). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39833 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39833)
vulnerability in golang.org/x/crypto (CVE-2026-39833). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39827 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39827)
vulnerability in golang.org/x/crypto (CVE-2026-39827). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-25680 |
|
Vulnerability in golang.org/x/net (CVE-2026-25680)
vulnerability in golang.org/x/net (CVE-2026-25680). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-25681 |
|
Vulnerability in golang.org/x/net (CVE-2026-25681)
vulnerability in golang.org/x/net (CVE-2026-25681). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-42502 |
|
Vulnerability in golang.org/x/net (CVE-2026-42502)
vulnerability in golang.org/x/net (CVE-2026-42502). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-39821 |
|
Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-27136 |
|
Vulnerability in golang.org/x/net (CVE-2026-27136)
vulnerability in golang.org/x/net (CVE-2026-27136). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-42506 |
|
Cross-Site Scripting (XSS) in golang.org/x/net (CVE-2026-42506)
cross-site scripting in golang.org/x/net (CVE-2026-42506). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-42560 |
|
Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
|
| CVE-2026-42501 |
|
Vulnerability in golang (CVE-2026-42501)
vulnerability in golang (CVE-2026-42501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-42499 |
|
Vulnerability in golang (CVE-2026-42499)
vulnerability in golang (CVE-2026-42499). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39836 |
|
Vulnerability in golang (CVE-2026-39836)
vulnerability in golang (CVE-2026-39836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39826 |
|
Vulnerability in golang (CVE-2026-39826)
vulnerability in golang (CVE-2026-39826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39825 |
|
Vulnerability in golang (CVE-2026-39825)
vulnerability in golang (CVE-2026-39825). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39823 |
|
Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
cross-site scripting in golang (CVE-2026-39823). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39820 |
|
Vulnerability in golang (CVE-2026-39820)
vulnerability in golang (CVE-2026-39820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39819 |
|
Vulnerability in golang (CVE-2026-39819)
vulnerability in golang (CVE-2026-39819). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-33811 |
|
Vulnerability in golang (CVE-2026-33811)
vulnerability in golang (CVE-2026-33811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-33814 |
|
Vulnerability in golang (CVE-2026-33814)
vulnerability in golang (CVE-2026-33814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39817 |
|
Out-of-Bounds Write in golang (CVE-2026-39817)
out-of-bounds write in golang (CVE-2026-39817). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-33812 |
|
Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
|
| CVE-2026-33813 |
|
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
|
| CVE-2026-33810 |
|
Vulnerability in stdlib (CVE-2026-33810)
vulnerability in stdlib (CVE-2026-33810). Confidential information can be exposed externally. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-27140 |
|
Authorization Flaw in toolchain (CVE-2026-27140)
vulnerability in toolchain (CVE-2026-27140). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32280 |
|
Vulnerability in stdlib (CVE-2026-32280)
vulnerability in stdlib (CVE-2026-32280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32283 |
|
Vulnerability in stdlib (CVE-2026-32283)
vulnerability in stdlib (CVE-2026-32283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-27137 |
|
Vulnerability in stdlib (CVE-2026-27137)
vulnerability in stdlib (CVE-2026-27137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.1` or later.
|
| CVE-2026-25679 |
|
Vulnerability in stdlib (CVE-2026-25679)
vulnerability in stdlib (CVE-2026-25679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.8, 1.26.1` or later.
|
| CVE-2025-61732 |
|
Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
|
| CVE-2025-61726 |
|
Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-61731 |
|
Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2019-11840 |
|
Vulnerability in c (CVE-2019-11840)
vulnerability in c (CVE-2019-11840). Confidential information can be exposed externally.
|
| CVE-2015-5739 |
|
Vulnerability in golang (CVE-2015-5739)
vulnerability in golang (CVE-2015-5739). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5740 |
|
Vulnerability in golang (CVE-2015-5740)
vulnerability in golang (CVE-2015-5740). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15041 |
|
Vulnerability in golang (CVE-2017-15041)
vulnerability in golang (CVE-2017-15041). Successful exploitation can lead to full system takeover.
|