Package impact
Go / golang.org/x/crypto
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3204 | high | 8.1 | 8.1 | 9y ago | The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey … | |||
| CVE-2025-47913 | high | — | 8.0 | 5mo ago | RHSA-2026:0753: container-tools:rhel8 security update (Important) | |||
| CVE-2025-22869 | high | — | 8.0 | 1y ago | RHSA-2025:3210: container-tools:rhel8 security update (Important) | |||
| CVE-2026-46597 | high | 7.5 | 7.5 | 14d ago | An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. | |||
| CVE-2026-39829 | high | 7.5 | 7.5 | 14d ago | The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumptio… |