Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: golang Clear
ID Title
CVE-2026-46604 The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
CVE-2023-54365 Vulnerability in traefik (CVE-2023-54365)
vulnerability in traefik (CVE-2023-54365). Risk of unauthorized operations or information disclosure.
CVE-2026-46597 Vulnerability in golang.org/x/crypto (CVE-2026-46597)
vulnerability in golang.org/x/crypto (CVE-2026-46597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-46598 Vulnerability in golang.org/x/crypto (CVE-2026-46598)
vulnerability in golang.org/x/crypto (CVE-2026-46598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-42508 Vulnerability in golang.org/x/crypto (CVE-2026-42508)
vulnerability in golang.org/x/crypto (CVE-2026-42508). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-46595 Vulnerability in golang.org/x/crypto (CVE-2026-46595)
vulnerability in golang.org/x/crypto (CVE-2026-46595). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39834 Vulnerability in golang.org/x/crypto (CVE-2026-39834)
vulnerability in golang.org/x/crypto (CVE-2026-39834). Data can be tampered with by attackers. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39835 Vulnerability in golang.org/x/crypto (CVE-2026-39835)
vulnerability in golang.org/x/crypto (CVE-2026-39835). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39828 Vulnerability in golang.org/x/crypto (CVE-2026-39828)
vulnerability in golang.org/x/crypto (CVE-2026-39828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39829 Vulnerability in golang.org/x/crypto (CVE-2026-39829)
vulnerability in golang.org/x/crypto (CVE-2026-39829). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39830 Buffer Overflow in golang.org/x/crypto (CVE-2026-39830)
vulnerability in golang.org/x/crypto (CVE-2026-39830). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39831 Vulnerability in golang.org/x/crypto (CVE-2026-39831)
vulnerability in golang.org/x/crypto (CVE-2026-39831). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39832 Vulnerability in golang.org/x/crypto (CVE-2026-39832)
vulnerability in golang.org/x/crypto (CVE-2026-39832). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39833 Vulnerability in golang.org/x/crypto (CVE-2026-39833)
vulnerability in golang.org/x/crypto (CVE-2026-39833). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-39827 Vulnerability in golang.org/x/crypto (CVE-2026-39827)
vulnerability in golang.org/x/crypto (CVE-2026-39827). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-25680 Vulnerability in golang.org/x/net (CVE-2026-25680)
vulnerability in golang.org/x/net (CVE-2026-25680). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-25681 Vulnerability in golang.org/x/net (CVE-2026-25681)
vulnerability in golang.org/x/net (CVE-2026-25681). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-42502 Vulnerability in golang.org/x/net (CVE-2026-42502)
vulnerability in golang.org/x/net (CVE-2026-42502). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-39821 Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-27136 Vulnerability in golang.org/x/net (CVE-2026-27136)
vulnerability in golang.org/x/net (CVE-2026-27136). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-42506 Cross-Site Scripting (XSS) in golang.org/x/net (CVE-2026-42506)
cross-site scripting in golang.org/x/net (CVE-2026-42506). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-42560 Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
CVE-2026-42501 Vulnerability in golang (CVE-2026-42501)
vulnerability in golang (CVE-2026-42501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-42499 Vulnerability in golang (CVE-2026-42499)
vulnerability in golang (CVE-2026-42499). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39836 Vulnerability in golang (CVE-2026-39836)
vulnerability in golang (CVE-2026-39836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39826 Vulnerability in golang (CVE-2026-39826)
vulnerability in golang (CVE-2026-39826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39825 Vulnerability in golang (CVE-2026-39825)
vulnerability in golang (CVE-2026-39825). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39823 Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
cross-site scripting in golang (CVE-2026-39823). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39820 Vulnerability in golang (CVE-2026-39820)
vulnerability in golang (CVE-2026-39820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39819 Vulnerability in golang (CVE-2026-39819)
vulnerability in golang (CVE-2026-39819). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33811 Vulnerability in golang (CVE-2026-33811)
vulnerability in golang (CVE-2026-33811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33814 Vulnerability in golang (CVE-2026-33814)
vulnerability in golang (CVE-2026-33814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39817 Out-of-Bounds Write in golang (CVE-2026-39817)
out-of-bounds write in golang (CVE-2026-39817). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33812 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
CVE-2026-33810 Vulnerability in stdlib (CVE-2026-33810)
vulnerability in stdlib (CVE-2026-33810). Confidential information can be exposed externally. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-27140 Authorization Flaw in toolchain (CVE-2026-27140)
vulnerability in toolchain (CVE-2026-27140). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
CVE-2026-32280 Vulnerability in stdlib (CVE-2026-32280)
vulnerability in stdlib (CVE-2026-32280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
CVE-2026-32283 Vulnerability in stdlib (CVE-2026-32283)
vulnerability in stdlib (CVE-2026-32283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
CVE-2026-27137 Vulnerability in stdlib (CVE-2026-27137)
vulnerability in stdlib (CVE-2026-27137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.1` or later.
CVE-2026-25679 Vulnerability in stdlib (CVE-2026-25679)
vulnerability in stdlib (CVE-2026-25679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.8, 1.26.1` or later.
CVE-2025-61732 Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
CVE-2025-61726 Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
CVE-2025-61731 Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
CVE-2023-48795 Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
CVE-2023-44487 KEV [KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
CVE-2019-11840 Vulnerability in c (CVE-2019-11840)
vulnerability in c (CVE-2019-11840). Confidential information can be exposed externally.
CVE-2015-5739 Vulnerability in golang (CVE-2015-5739)
vulnerability in golang (CVE-2015-5739). Successful exploitation can lead to full system takeover.
CVE-2015-5740 Vulnerability in golang (CVE-2015-5740)
vulnerability in golang (CVE-2015-5740). Successful exploitation can lead to full system takeover.
CVE-2017-15041 Vulnerability in golang (CVE-2017-15041)
vulnerability in golang (CVE-2017-15041). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →