VYPR

Net

by Golang

Source repositories

CVEs (5)

  • CVE-2026-39821CriMay 22, 2026
    risk 0.55cvss 9.6epss 0.00

    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in…

  • CVE-2026-25680MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

  • CVE-2026-42506MedMay 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-27136MedMay 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-25681MedMay 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.