golang.org/x/crypto (go) security advisories

UNKNOWN

Go

CVE-2026-42508

Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

May 22, 2026

UNKNOWN

Go

CVE-2026-39831

Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-39833

Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

May 22, 2026

UNKNOWN

Go

CVE-2026-46598

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

May 22, 2026

UNKNOWN

Go

CVE-2026-39834

Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-39832

Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

May 22, 2026

UNKNOWN

Go

CVE-2026-39835

Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-46597

Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-39827

Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-39830

Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-39828

Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-46595

Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2026-39829

Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

May 22, 2026

UNKNOWN

Go

CVE-2025-47913

Potential denial of service in golang.org/x/crypto/ssh/agent

Nov 13, 2025

UNKNOWN

Go

CVE-2025-58181

Unbounded memory consumption in golang.org/x/crypto/ssh

Nov 19, 2025

UNKNOWN

Go

CVE-2025-47914

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

Nov 19, 2025

MEDIUM 5.9

crates.io

CVE-2023-48795

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Dec 18, 2023

MEDIUM 5.3

Go

CVE-2025-58181

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

Nov 19, 2025

MEDIUM 5.3

Go

CVE-2025-47914

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

Nov 19, 2025

UNKNOWN

Go

CVE-2024-45337

Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

Dec 11, 2024

CRITICAL 9.1

Go

CVE-2024-45337

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Dec 11, 2024

HIGH 7.5

Go

CVE-2025-22869

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

Apr 12, 2025

UNKNOWN

Go

CVE-2025-22869

Potential denial of service in golang.org/x/crypto

Feb 26, 2025

MEDIUM 5.9

Go

CVE-2019-11841

Golang/x/crypto message forgery vulnerability

May 24, 2022

UNKNOWN

Go

CVE-2019-11840

Insufficiently random values in golang.org/x/crypto/salsa20

Jul 1, 2022

UNKNOWN

Go

CVE-2020-7919

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte

Jul 6, 2022

HIGH 7.5

Go

CVE-2022-27191

golang.org/x/crypto/ssh Denial of service via crafted Signer

Mar 19, 2022

UNKNOWN

Go

CVE-2021-43565

Panic on malformed packets in golang.org/x/crypto/ssh

Sep 13, 2022

HIGH 7.5

Go

CVE-2020-7919

Helm uses crypto package vulnerable to panic from malformed X.509 certificate

Jun 23, 2021

HIGH 7.5

Go

CVE-2021-43565

x/crypto/ssh vulnerable to panic via malformed packets

Sep 7, 2022

UNKNOWN

Go

CVE-2020-9283

Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh

Apr 14, 2021

HIGH 7.5

Go

CVE-2020-29652

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

May 24, 2022

UNKNOWN

Go

CVE-2020-29652

Panic on crafted authentication request message in golang.org/x/crypto/ssh

Feb 17, 2022

UNKNOWN

Go

CVE-2019-11841

Misleading message verification in golang.org/x/crypto/openpgp/clearsign

Aug 23, 2023

MEDIUM 5.9

Go

CVE-2019-11840

golang.org/x/crypto/salsa20/salsa uses insufficiently random values

May 24, 2022

UNKNOWN

Go

CVE-2022-27191

Denial of service via crafted Signer in golang.org/x/crypto/ssh

Apr 25, 2022

UNKNOWN

Go

CVE-2023-48795

Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto

Dec 18, 2023

HIGH 7.5

Go

CVE-2020-9283

Improper Verification of Cryptographic Signature in golang.org/x/crypto

May 18, 2021

UNKNOWN

Go

CVE-2022-30636

Limited directory traversal vulnerability on Windows in golang.org/x/crypto

Jul 2, 2024

UNKNOWN

Go

CVE-2017-3204

Man-in-the-middle attack in golang.org/x/crypto/ssh

Apr 14, 2021

HIGH 8.1

Go

CVE-2017-3204

golang.org/x/crypto/ssh Man-in-the-Middle attack

Feb 7, 2023

golang.org/x/crypto

Vulnerabilities

Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

Potential denial of service in golang.org/x/crypto/ssh/agent

Unbounded memory consumption in golang.org/x/crypto/ssh

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

Potential denial of service in golang.org/x/crypto

Golang/x/crypto message forgery vulnerability

Insufficiently random values in golang.org/x/crypto/salsa20

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte

golang.org/x/crypto/ssh Denial of service via crafted Signer

Panic on malformed packets in golang.org/x/crypto/ssh

Helm uses crypto package vulnerable to panic from malformed X.509 certificate

x/crypto/ssh vulnerable to panic via malformed packets

Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

Panic on crafted authentication request message in golang.org/x/crypto/ssh

Misleading message verification in golang.org/x/crypto/openpgp/clearsign

golang.org/x/crypto/salsa20/salsa uses insufficiently random values

Denial of service via crafted Signer in golang.org/x/crypto/ssh

Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto

Improper Verification of Cryptographic Signature in golang.org/x/crypto

Limited directory traversal vulnerability on Windows in golang.org/x/crypto

Man-in-the-middle attack in golang.org/x/crypto/ssh

golang.org/x/crypto/ssh Man-in-the-Middle attack

Start Securing