Launch Week Day 1: Announcing Security Design Review
Start for Free
go

stdlib

View on go registry
100 Total advisories
100 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2025-68121

Unexpected session resumption in crypto/tls
UNKNOWN
Go

CVE-2026-25679

Incorrect parsing of IPv6 host literals in net/url
UNKNOWN
Go

CVE-2025-61728

Excessive CPU consumption when building archive index in archive/zip
UNKNOWN
Go

CVE-2025-61729

Excessive resource consumption when printing error string for host certificate validation in crypto/x509
UNKNOWN
Go

CVE-2025-61726

Memory exhaustion in query parameter parsing in net/url
UNKNOWN
Go

CVE-2026-32280

Unexpected work during chain building in crypto/x509
UNKNOWN
Go

CVE-2026-32282

TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
UNKNOWN
Go

CVE-2026-32283

Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
UNKNOWN
Go

CVE-2026-39826

Escaper bypass leads to XSS in html/template
UNKNOWN
Go

CVE-2026-33811

Crash when handling long CNAME response in net
UNKNOWN
Go

CVE-2026-32281

Inefficient policy validation in crypto/x509
UNKNOWN
Go

CVE-2026-27137

Incorrect enforcement of email constraints in crypto/x509
UNKNOWN
Go

CVE-2026-42507

Arbitrary inputs are included in errors without any escaping in net/textproto
UNKNOWN
Go

CVE-2026-42504

Quadratic complexity in WordDecoder.DecodeHeader in mime
UNKNOWN
Go

CVE-2026-27145

Inefficient candidate hostname parsing in crypto/x509
UNKNOWN
Go

CVE-2025-58183

Unbounded allocation when parsing GNU sparse map in archive/tar
UNKNOWN
Go

CVE-2025-47907

Incorrect results returned from Rows.Scan in database/sql
UNKNOWN
Go

CVE-2026-33810

Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
UNKNOWN
Go

CVE-2026-32289

JsBraceDepth Context Tracking Bugs (XSS) in html/template
UNKNOWN
Go

CVE-2025-58187

Quadratic complexity when checking name constraints in crypto/x509
UNKNOWN
Go

CVE-2025-47912

Insufficient validation of bracketed IPv6 hostnames in net/url
UNKNOWN
Go

CVE-2025-61730

Handshake messages may be processed at the incorrect encryption level in crypto/tls
UNKNOWN
Go

CVE-2025-61727

Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
UNKNOWN
Go

CVE-2025-61723

Quadratic complexity when parsing some invalid inputs in encoding/pem
UNKNOWN
Go

CVE-2026-27142

URLs in meta content attribute actions are not escaped in html/template
UNKNOWN
Go

CVE-2026-27138

Panic in name constraint checking for malformed certificates in crypto/x509
UNKNOWN
Go

CVE-2026-27139

FileInfo can escape from a Root in os
UNKNOWN
Go

CVE-2025-58189

ALPN negotiation error contains attacker controlled information in crypto/tls
UNKNOWN
Go

CVE-2025-61724

Excessive CPU consumption in Reader.ReadResponse in net/textproto
UNKNOWN
Go

CVE-2025-47910

CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http
UNKNOWN
Go

CVE-2025-58186

Lack of limit when parsing cookies can cause memory exhaustion in net/http
UNKNOWN
Go

CVE-2025-61725

Excessive CPU consumption in ParseAddress in net/mail
UNKNOWN
Go

CVE-2025-58188

Panic when validating certificates with DSA public keys in crypto/x509
UNKNOWN
Go

CVE-2026-32288

Unbounded allocation for old GNU sparse in archive/tar
UNKNOWN
Go

CVE-2025-58185

Parsing DER payload can cause memory exhaustion in encoding/asn1
UNKNOWN
Go

CVE-2025-22873

Improper access to parent directory of root in os
UNKNOWN
Go

CVE-2026-39825

ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
UNKNOWN
Go

CVE-2026-42499

Quadratic string concatenation in consumePhrase in net/mail
UNKNOWN
Go

CVE-2026-39823

Bypass of meta content URL escaping causes XSS in html/template
UNKNOWN
Go

CVE-2026-39820

Quadratic string concatentation in consumeComment in net/mail
UNKNOWN
Go

CVE-2026-33814

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
UNKNOWN
Go

CVE-2026-39836

Panic in Dial and LookupPort when handling NUL byte on Windows in net
UNKNOWN
Go

CVE-2025-22870

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
UNKNOWN
Go

CVE-2023-39325

HTTP/2 rapid reset can cause excessive work in net/http
UNKNOWN
Go

CVE-2025-22866

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
UNKNOWN
Go

CVE-2024-24790

Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
UNKNOWN
Go

CVE-2024-24789

Mishandling of corrupt central directory record in archive/zip
UNKNOWN
Go

CVE-2024-34158

Stack exhaustion in Parse in go/build/constraint
UNKNOWN
Go

CVE-2024-34156

Stack exhaustion in Decoder.Decode in encoding/gob
UNKNOWN
Go

CVE-2024-34155

Stack exhaustion in all Parse functions in go/parser
UNKNOWN
Go

CVE-2024-45341

Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
UNKNOWN
Go

CVE-2024-45336

Sensitive headers incorrectly sent after cross-domain redirect in net/http
UNKNOWN
Go

CVE-2025-22871

Request smuggling due to acceptance of invalid chunked data in net/http
UNKNOWN
Go

CVE-2025-22874

Usage of ExtKeyUsageAny disables policy validation in crypto/x509
UNKNOWN
Go

CVE-2025-4673

Sensitive headers not cleared on cross-origin redirect in net/http
UNKNOWN
Go

CVE-2023-24534

Excessive memory allocation in net/http and net/textproto
UNKNOWN
Go

CVE-2024-24784

Comments in display names are incorrectly handled in net/mail
UNKNOWN
Go

CVE-2025-47906

Unexpected paths returned from LookPath in os/exec
UNKNOWN
Go

CVE-2023-24539

Improper sanitization of CSS values in html/template
UNKNOWN
Go

CVE-2023-29406

Insufficient sanitization of Host header in net/http
UNKNOWN
Go

CVE-2022-41717

Excessive memory growth in net/http and golang.org/x/net/http2
UNKNOWN
Go

CVE-2022-41716

Unsanitized NUL in environment variables on Windows in syscall and os/exec
UNKNOWN
Go

CVE-2023-39318

Improper handling of HTML-like comments in script contexts in html/template
UNKNOWN
Go

CVE-2023-24538

Backticks not treated as string delimiters in html/template
UNKNOWN
Go

CVE-2020-7919

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
UNKNOWN
Go

CVE-2023-39319

Improper handling of special tags within script contexts in html/template
UNKNOWN
Go

CVE-2023-45288

HTTP/2 CONTINUATION flood in net/http
UNKNOWN
Go

CVE-2022-41720

Restricted file access on Windows in os and net/http
UNKNOWN
Go

CVE-2023-29409

Large RSA keys can cause high CPU usage in crypto/tls
UNKNOWN
Go

CVE-2023-45287

Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
UNKNOWN
Go

CVE-2023-45284

Incorrect detection of reserved device names on Windows in path/filepath
UNKNOWN
Go

CVE-2023-24540

Improper handling of JavaScript whitespace in html/template
UNKNOWN
Go

CVE-2023-29403

Unsafe behavior in setuid/setgid binaries in runtime
UNKNOWN
Go

CVE-2023-24536

Excessive resource consumption in net/http, net/textproto and mime/multipart
UNKNOWN
Go

CVE-2023-24537

Infinite loop in parsing in go/scanner
UNKNOWN
Go

CVE-2022-29526

Incorrect privilege reporting in syscall and golang.org/x/sys/unix
UNKNOWN
Go

CVE-2023-39322

Memory exhaustion in QUIC connection handling in crypto/tls
UNKNOWN
Go

CVE-2024-24791

Denial of service due to improper 100-continue handling in net/http
UNKNOWN
Go

CVE-2022-41723

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
UNKNOWN
Go

CVE-2023-39326

Denial of service via chunk extensions in net/http
UNKNOWN
Go

CVE-2025-0913

Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
UNKNOWN
Go

CVE-2022-41725

Excessive resource consumption in mime/multipart
UNKNOWN
Go

CVE-2024-24783

Verify panics on certificates with an unknown public key algorithm in crypto/x509
UNKNOWN
Go

CVE-2024-24785

Errors returned from JSON marshaling may break template escaping in html/template
UNKNOWN
Go

CVE-2023-45283

Insecure parsing of Windows paths with a \??\ prefix in path/filepath
UNKNOWN
Go

CVE-2022-41724

Panic on large handshake records in crypto/tls
UNKNOWN
Go

CVE-2022-41722

Path traversal on Windows in path/filepath
UNKNOWN
Go

CVE-2021-31525

Panic due to large headers in net/http and golang.org/x/net/http/httpguts
UNKNOWN
Go

CVE-2024-24788

Malformed DNS message can cause infinite loop in net
UNKNOWN
Go

CVE-2023-24532

Incorrect calculation on P256 curves in crypto/internal/nistec
UNKNOWN
Go

CVE-2023-39321

Panic when processing post-handshake message on QUIC connections in crypto/tls
UNKNOWN
Go

CVE-2022-27664

Denial of service in net/http and golang.org/x/net/http2
UNKNOWN
Go

CVE-2023-45289

Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http
UNKNOWN
Go

CVE-2023-29400

Improper handling of empty HTML attributes in html/template
UNKNOWN
Go

CVE-2023-45290

Memory exhaustion in multipart form parsing in net/textproto and net/http
UNKNOWN
Go

CVE-2019-9512

Reset flood in net/http and golang.org/x/net/http
UNKNOWN
Go

CVE-2025-22865

ParsePKCS1PrivateKey panic with partial keys in crypto/x509
UNKNOWN
Go

CVE-2017-1000097

Mishandled trust preferences for root certificates on Darwin in crypto/x509
UNKNOWN
Go

CVE-2014-7189

Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls
UNKNOWN
Go

CVE-2022-41715

Memory exhaustion when compiling regular expressions in regexp/syntax

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes