| CVE-2026-39826 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a… |
| CVE-2026-39823 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins… |
| CVE-2017-15042 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Cleartext transmission of credentials in net/smtp |
| CVE-2017-8932 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Incorrect computation for P-256 curves in crypto/elliptic |
| CVE-2025-58183 |
medium |
— |
5.5 |
|
|
|
7mo ago |
RHSA-2026:1380: osbuild-composer security update (Moderate) |
| CVE-2025-47906 |
medium |
— |
5.5 |
|
|
|
10mo ago |
RHSA-2025:22668: go-toolset:rhel8 security update (Moderate) |
| CVE-2025-4673 |
medium |
— |
5.5 |
|
|
|
11mo ago |
RHSA-2025:10672: go-toolset:rhel8 security update (Moderate) |
| CVE-2025-22874 |
medium |
— |
5.5 |
|
|
|
11mo ago |
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath… |
| CVE-2024-45341 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45336 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24791 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:7349: grafana security update (Moderate) |
| CVE-2024-24790 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:8876: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24789 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:5291: grafana security update (Moderate) |
| CVE-2024-24788 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29406 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2023:7202: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2024-24784 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2024-24783 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39318 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39321 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39319 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39322 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29409 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39325 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:5863: grafana security update (Moderate) |
| CVE-2023-24537 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-29400 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24539 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24538 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24534 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24536 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24540 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41725 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41724 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41723 |
medium |
— |
5.5 |
|
|
|
3y ago |
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. |
| CVE-2022-2879 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-41717 |
medium |
— |
5.5 |
|
|
|
3y ago |
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of ent… |
| CVE-2022-27664 |
medium |
— |
5.5 |
|
|
|
3y ago |
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. |
| CVE-2021-33197 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-33198 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2021-34558 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-32189 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2021-33195 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2022-29526 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-30631 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30635 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-32148 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30632 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-28131 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30633 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-1962 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30630 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-1705 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30629 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2758: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2022-24675 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-28327 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-24921 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2019-14809 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2019-17596 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) |
| CVE-2021-31525 |
medium |
— |
5.5 |
|
|
|
4y ago |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client ca… |
| CVE-2019-6486 |
medium |
— |
5.5 |
|
|
|
4y ago |
Denial of service affecting P-521 and P-384 curves in crypto/elliptic |
| CVE-2019-16276 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) |
| CVE-2022-23772 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-23806 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-39293 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2020-15586 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) |
| CVE-2021-27918 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2021-3114 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-33196 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-36221 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2021-41772 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-41771 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2020-24553 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) |
| CVE-2020-16845 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) |
| CVE-2026-42507 |
medium |
5.3 |
5.3 |
|
|
|
1d ago |
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or log… |
| CVE-2026-39825 |
medium |
5.3 |
5.3 |
|
|
|
28d ago |
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize… |
| CVE-2014-7189 |
medium |
— |
4.3 |
|
|
|
12y ago |
Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls |
| CVE-2025-22873 |
low |
— |
2.5 |
|
|
|
4mo ago |
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape o… |
| CVE-2021-27919 |
low |
— |
2.5 |
|
|
|
5y ago |
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… |
