VYPR

Vendor CVEs

Golang

All CVEs

105 total · sorted by risk
  • CVE-2024-45339HigJan 28, 2025
    risk 0.39cvss 7.1epss 0.00

    When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink…

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.93

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2019-11840MedMay 9, 2019
    risk 0.39cvss 5.9epss 0.03

    An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256…

  • CVE-2026-27145MedJun 2, 2026
    risk 0.35cvss 6.5epss 0.01

    (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled…

  • CVE-2026-25680MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

  • CVE-2026-39827MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state…

  • CVE-2026-32282MedApr 8, 2026
    risk 0.35cvss 6.4epss 0.00

    On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which…

  • CVE-2024-24787MedMay 8, 2024
    risk 0.35cvss 6.4epss 0.01

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  • CVE-2026-39828MedMay 22, 2026
    risk 0.34cvss 6.3epss 0.00

    When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with…

  • CVE-2026-42506MedMay 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-27136MedMay 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-25681MedMay 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-39826MedMay 7, 2026
    risk 0.33cvss 6.1epss 0.00

    If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block.

  • CVE-2026-39823MedMay 7, 2026
    risk 0.33cvss 6.1epss 0.00

    CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it,…

  • CVE-2026-33812MedApr 21, 2026
    risk 0.33cvss 6.1epss 0.00

    Parsing a malicious font file can cause excessive memory allocation.

  • CVE-2026-32289MedApr 8, 2026
    risk 0.33cvss 6.1epss 0.00

    Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect…

  • CVE-2026-27142MedMar 6, 2026
    risk 0.33cvss 6.1epss 0.00

    Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable…

  • CVE-2024-45341MedJan 28, 2025
    risk 0.33cvss 6.1epss 0.00

    A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

  • CVE-2024-45336MedJan 28, 2025
    risk 0.33cvss 6.1epss 0.01

    The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain…

  • CVE-2017-8932MedJul 6, 2017
    risk 0.32cvss 5.9epss 0.02

    A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar…

  • CVE-2026-39817MedMay 7, 2026
    risk 0.31cvss 5.9epss 0.00

    The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem.

  • CVE-2026-27138MedMar 6, 2026
    risk 0.31cvss 5.9epss 0.00

    Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

  • CVE-2024-24788MedMay 8, 2024
    risk 0.31cvss 5.9epss 0.01

    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

  • CVE-2024-24783MedMar 5, 2024
    risk 0.31cvss 5.9epss 0.01

    Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The…

  • CVE-2017-15042MedOct 5, 2017
    risk 0.31cvss 5.9epss 0.01

    An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this…

  • CVE-2026-32288MedApr 8, 2026
    risk 0.29cvss 5.5epss 0.00

    tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

  • CVE-2024-24785MedMar 5, 2024
    risk 0.28cvss 5.4epss 0.01

    If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.

  • CVE-2026-42507MedJun 2, 2026
    risk 0.27cvss 5.3epss 0.00

    When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

  • CVE-2026-42500MedMay 29, 2026
    risk 0.27cvss 5.3epss 0.00

    Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

  • CVE-2026-46598MedMay 22, 2026
    risk 0.27cvss 5.3epss 0.00

    For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

  • CVE-2026-39835MedMay 22, 2026
    risk 0.27cvss 5.3epss 0.00

    SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

  • CVE-2026-39825MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by…

  • CVE-2026-39819MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink.

  • CVE-2026-33809MedMar 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

  • CVE-2024-34155MedSep 6, 2024
    risk 0.21cvss 4.3epss 0.01

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

  • CVE-2023-45289MedMar 5, 2024
    risk 0.21cvss 4.3epss 0.01

    When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the…

  • CVE-2025-22866MedFeb 6, 2025
    risk 0.19cvss 4.0epss 0.00

    Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow…

  • CVE-2026-27139LowMar 6, 2026
    risk 0.09cvss 2.5epss 0.00

    On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary…

  • CVE-2025-58190Feb 5, 2026
    risk 0.00cvss epss 0.00

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-61728Jan 28, 2026
    risk 0.00cvss epss 0.01

    archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

  • CVE-2025-61726Jan 28, 2026
    risk 0.00cvss epss 0.01

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a…

  • CVE-2025-61730Jan 28, 2026
    risk 0.00cvss epss 0.00

    During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor…

  • CVE-2025-61731Jan 28, 2026
    risk 0.00cvss epss 0.00

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker…

  • CVE-2025-68119Jan 28, 2026
    risk 0.00cvss epss 0.00

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are…

  • CVE-2025-68120Dec 29, 2025
    risk 0.00cvss epss 0.00

    To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

  • CVE-2012-2666Jul 9, 2021
    risk 0.00cvss epss 0.02

    golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

  • CVE-2021-3114Jan 26, 2021
    risk 0.00cvss epss 0.03

    In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

  • CVE-2020-29509Dec 14, 2020
    risk 0.00cvss epss 0.02

    The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected…

  • CVE-2020-29511Dec 14, 2020
    risk 0.00cvss epss 0.02

    The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected…

  • CVE-2020-29510Dec 14, 2020
    risk 0.00cvss epss 0.02

    The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream…