| CVE-2025-68121 |
critical |
10.0 |
10.0 |
|
|
|
17d ago |
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succee… |
| CVE-2015-5740 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2015-5739 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2023-29403 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2025-22871 |
critical |
9.1 |
9.1 |
|
|
|
10mo ago |
Moderate: git-lfs security update |
| CVE-2016-5386 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Improper input validation in net/http and net/http/cgi |
| CVE-2025-61726 |
high |
— |
8.0 |
|
|
|
17d ago |
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the … |
| CVE-2026-33810 |
high |
— |
8.0 |
|
|
|
17d ago |
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affe… |
| CVE-2026-32281 |
high |
— |
8.0 |
|
|
|
17d ago |
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This on… |
| CVE-2026-27137 |
high |
— |
8.0 |
|
|
|
17d ago |
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will n… |
| CVE-2026-25679 |
high |
— |
8.0 |
|
|
|
1mo ago |
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. |
| CVE-2026-32280 |
high |
— |
8.0 |
|
|
|
1mo ago |
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial … |
| CVE-2026-32282 |
high |
— |
8.0 |
|
|
|
1mo ago |
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. … |
| CVE-2026-32283 |
high |
— |
8.0 |
|
|
|
1mo ago |
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a … |
| CVE-2025-61728 |
high |
— |
8.0 |
|
|
|
4mo ago |
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously construct… |
| CVE-2025-61729 |
high |
— |
8.0 |
|
|
|
5mo ago |
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string con… |
| CVE-2025-47907 |
high |
— |
8.0 |
|
|
|
10mo ago |
Incorrect results returned from Rows.Scan in database/sql |
| CVE-2025-22866 |
high |
— |
8.0 |
|
|
|
1y ago |
Important: delve and golang security update |
| CVE-2024-34156 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34158 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34155 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-24785 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2026:3428: container-tools:rhel8 security update (Important) |
| CVE-2023-45287 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-45289 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:3346: git-lfs security update (Important) |
| CVE-2023-45290 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45288 |
high |
— |
8.0 |
|
|
|
2y ago |
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HE… |
| CVE-2023-39326 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-24532 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:3319: go-toolset:rhel8 security update (Important) |
| CVE-2022-41715 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2022-2880 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2018-16875 |
high |
— |
8.0 |
|
|
|
4y ago |
Denial of service in chain verification in crypto/x509 |
| CVE-2019-9514 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2019-9512 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2021-44717 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2021:5160: go-toolset:rhel8 security and bug fix update (Important) |
| CVE-2021-44716 |
high |
— |
8.0 |
|
|
|
5y ago |
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. |
| CVE-2020-28362 |
high |
— |
8.0 |
|
|
|
5y ago |
RHSA-2021:0706: container-tools:2.0 security update (Important) |
| CVE-2016-3958 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
Privilege escalation on Windows via malicious DLL in syscall |
| CVE-2026-42504 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
Quadratic complexity in WordDecoder.DecodeHeader in mime |
| CVE-2026-42499 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. |
| CVE-2026-39836 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). |
| CVE-2026-39820 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. |
| CVE-2026-33814 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. |
| CVE-2026-33811 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. |
| CVE-2017-1000098 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Denial of service when parsing large forms in mime/multipart |
| CVE-2017-1000097 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Mishandled trust preferences for root certificates on Darwin in crypto/x509 |
| CVE-2016-3959 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Denial of service due to unchecked parameters in crypto/dsa |
| CVE-2015-8618 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
Incorrect calculation affecting RSA computations in math/big |
| CVE-2026-27145 |
medium |
6.5 |
6.5 |
|
|
|
2d ago |
Inefficient candidate hostname parsing in crypto/x509 |
| CVE-2026-39826 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a… |
| CVE-2026-39823 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins… |
| CVE-2017-15042 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Cleartext transmission of credentials in net/smtp |
| CVE-2017-8932 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Incorrect computation for P-256 curves in crypto/elliptic |
| CVE-2025-58183 |
medium |
— |
5.5 |
|
|
|
7mo ago |
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause … |
| CVE-2025-47906 |
medium |
— |
5.5 |
|
|
|
10mo ago |
RHSA-2025:22668: go-toolset:rhel8 security update (Moderate) |
| CVE-2025-22874 |
medium |
— |
5.5 |
|
|
|
11mo ago |
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath… |
| CVE-2025-4673 |
medium |
— |
5.5 |
|
|
|
11mo ago |
RHSA-2025:10672: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45341 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45336 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24791 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:7349: grafana security update (Moderate) |
| CVE-2024-24790 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:8876: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24789 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:5291: grafana security update (Moderate) |
| CVE-2024-24788 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29406 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2023:7202: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2024-24783 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2024-24784 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39322 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39318 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39319 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39321 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29409 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39325 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:5863: grafana security update (Moderate) |
| CVE-2023-24534 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24538 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24536 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24540 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-29400 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24539 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24537 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41724 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41725 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41723 |
medium |
— |
5.5 |
|
|
|
3y ago |
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. |
| CVE-2022-27664 |
medium |
— |
5.5 |
|
|
|
3y ago |
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. |
| CVE-2022-2879 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-41717 |
medium |
— |
5.5 |
|
|
|
3y ago |
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of ent… |
| CVE-2021-33198 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-32189 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2021-33195 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-33197 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-34558 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-28131 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-24921 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-28327 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-1705 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30630 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-1962 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30633 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30632 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30631 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30635 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-32148 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
