| CVE-2025-68121 |
critical |
10.0 |
10.0 |
|
|
|
16d ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2015-5740 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2015-5739 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2023-29403 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2025-22871 |
critical |
9.1 |
9.1 |
|
|
|
10mo ago |
Moderate: git-lfs security update |
| CVE-2016-5386 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Improper input validation in net/http and net/http/cgi |
| CVE-2026-27137 |
high |
— |
8.0 |
|
|
|
16d ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2026-33810 |
high |
— |
8.0 |
|
|
|
16d ago |
Important: opentelemetry-collector security update |
| CVE-2026-32281 |
high |
— |
8.0 |
|
|
|
16d ago |
Inefficient policy validation in crypto/x509 |
| CVE-2025-61726 |
high |
— |
8.0 |
|
|
|
16d ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2026-25679 |
high |
— |
8.0 |
|
|
|
1mo ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2026-32283 |
high |
— |
8.0 |
|
|
|
1mo ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2026-32280 |
high |
— |
8.0 |
|
|
|
1mo ago |
Unexpected work during chain building in crypto/x509 |
| CVE-2026-32282 |
high |
— |
8.0 |
|
|
|
1mo ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2025-61728 |
high |
— |
8.0 |
|
|
|
4mo ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2025-61729 |
high |
— |
8.0 |
|
|
|
4mo ago |
RHSA-2026:4952: rhc security update (Important) |
| CVE-2025-47907 |
high |
— |
8.0 |
|
|
|
10mo ago |
Incorrect results returned from Rows.Scan in database/sql |
| CVE-2025-22866 |
high |
— |
8.0 |
|
|
|
1y ago |
Important: delve and golang security update |
| CVE-2024-34156 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34155 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34158 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45289 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:3346: git-lfs security update (Important) |
| CVE-2024-24785 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2026:3428: container-tools:rhel8 security update (Important) |
| CVE-2023-45290 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45287 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-45288 |
high |
— |
8.0 |
|
|
|
2y ago |
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HE… |
| CVE-2023-39326 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-24532 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:3319: go-toolset:rhel8 security update (Important) |
| CVE-2022-2880 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2022-41715 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2018-16875 |
high |
— |
8.0 |
|
|
|
4y ago |
Denial of service in chain verification in crypto/x509 |
| CVE-2019-9512 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2019-9514 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2021-44717 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2021:5160: go-toolset:rhel8 security and bug fix update (Important) |
| CVE-2021-44716 |
high |
— |
8.0 |
|
|
|
5y ago |
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. |
| CVE-2020-28362 |
high |
— |
8.0 |
|
|
|
5y ago |
RHSA-2021:0706: container-tools:2.0 security update (Important) |
| CVE-2016-3958 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
Privilege escalation on Windows via malicious DLL in syscall |
| CVE-2026-42504 |
high |
7.5 |
7.5 |
|
|
|
1d ago |
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. |
| CVE-2026-42499 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. |
| CVE-2026-39836 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). |
| CVE-2026-39820 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. |
| CVE-2026-33814 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. |
| CVE-2026-33811 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. |
| CVE-2017-1000098 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Denial of service when parsing large forms in mime/multipart |
| CVE-2017-1000097 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Mishandled trust preferences for root certificates on Darwin in crypto/x509 |
| CVE-2016-3959 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Denial of service due to unchecked parameters in crypto/dsa |
| CVE-2015-8618 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
Incorrect calculation affecting RSA computations in math/big |
| CVE-2025-22873 |
low |
— |
2.5 |
|
|
|
4mo ago |
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape o… |
| CVE-2020-0601 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… |
| CVE-2021-27919 |
low |
— |
2.5 |
|
|
|
5y ago |
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… |
| CVE-2026-27145 |
unknown |
— |
— |
|
|
|
1d ago |
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the sa… |
