Package impact
Go / github.com/ulikunitz/xz
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-16845 | medium | — | 5.5 | 5y ago | RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2025-58058 | unknown | — | — | 9mo ago | xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation wh… | |||
| CVE-2021-29482 | unknown | — | — | 5y ago | xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malico… |