VYPR

cmd/go

by GO

CVEs (2)

  • CVE-2025-61731Jan 28, 2026
    risk 0.00cvss epss 0.00

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker…

  • CVE-2022-23773Feb 11, 2022
    risk 0.00cvss epss 0.03

    cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.