| CVE-2025-68121 |
critical |
10.0 |
10.0 |
|
|
|
17d ago |
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succee… |
| CVE-2015-5740 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2015-5739 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2023-29403 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2025-22871 |
critical |
9.1 |
9.1 |
|
|
|
10mo ago |
Moderate: git-lfs security update |
| CVE-2016-5386 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Improper input validation in net/http and net/http/cgi |
| CVE-2025-61726 |
high |
— |
8.0 |
|
|
|
17d ago |
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the … |
| CVE-2026-27137 |
high |
— |
8.0 |
|
|
|
17d ago |
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will n… |
| CVE-2026-32281 |
high |
— |
8.0 |
|
|
|
17d ago |
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This on… |
| CVE-2026-33810 |
high |
— |
8.0 |
|
|
|
17d ago |
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affe… |
| CVE-2026-25679 |
high |
— |
8.0 |
|
|
|
1mo ago |
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. |
| CVE-2026-32283 |
high |
— |
8.0 |
|
|
|
1mo ago |
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a … |
| CVE-2026-32280 |
high |
— |
8.0 |
|
|
|
1mo ago |
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial … |
| CVE-2026-32282 |
high |
— |
8.0 |
|
|
|
1mo ago |
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. … |
| CVE-2025-61728 |
high |
— |
8.0 |
|
|
|
4mo ago |
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously construct… |
| CVE-2025-61729 |
high |
— |
8.0 |
|
|
|
5mo ago |
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string con… |
| CVE-2025-47907 |
high |
— |
8.0 |
|
|
|
10mo ago |
Incorrect results returned from Rows.Scan in database/sql |
| CVE-2025-22866 |
high |
— |
8.0 |
|
|
|
1y ago |
Important: delve and golang security update |
| CVE-2024-34156 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34158 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34155 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45287 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2024-24785 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2026:3428: container-tools:rhel8 security update (Important) |
| CVE-2023-45289 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:3346: git-lfs security update (Important) |
| CVE-2023-45290 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45288 |
high |
— |
8.0 |
|
|
|
2y ago |
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HE… |
| CVE-2023-39326 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-24532 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:3319: go-toolset:rhel8 security update (Important) |
| CVE-2022-2880 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2022-41715 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2018-16875 |
high |
— |
8.0 |
|
|
|
4y ago |
Denial of service in chain verification in crypto/x509 |
| CVE-2019-9514 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2019-9512 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2021-44717 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2021:5160: go-toolset:rhel8 security and bug fix update (Important) |
| CVE-2021-44716 |
high |
— |
8.0 |
|
|
|
5y ago |
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. |
| CVE-2020-28362 |
high |
— |
8.0 |
|
|
|
5y ago |
RHSA-2021:0706: container-tools:2.0 security update (Important) |
| CVE-2016-3958 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
Privilege escalation on Windows via malicious DLL in syscall |
| CVE-2026-42504 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
Quadratic complexity in WordDecoder.DecodeHeader in mime |
| CVE-2026-42499 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. |
| CVE-2026-39836 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). |
| CVE-2026-39820 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. |
| CVE-2026-33814 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. |
| CVE-2026-33811 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. |
| CVE-2017-1000098 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Denial of service when parsing large forms in mime/multipart |
| CVE-2017-1000097 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Mishandled trust preferences for root certificates on Darwin in crypto/x509 |
| CVE-2016-3959 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Denial of service due to unchecked parameters in crypto/dsa |
| CVE-2015-8618 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
Incorrect calculation affecting RSA computations in math/big |
| CVE-2025-22873 |
low |
— |
2.5 |
|
|
|
4mo ago |
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape o… |
| CVE-2020-0601 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… |
| CVE-2021-27919 |
low |
— |
2.5 |
|
|
|
5y ago |
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… |
| CVE-2026-32288 |
unknown |
— |
— |
|
|
|
2mo ago |
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. |
| CVE-2026-32289 |
unknown |
— |
— |
|
|
|
2mo ago |
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS … |
| CVE-2026-27142 |
unknown |
— |
— |
|
|
|
3mo ago |
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG set… |
| CVE-2026-27139 |
unknown |
— |
— |
|
|
|
3mo ago |
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impac… |
| CVE-2026-27138 |
unknown |
— |
— |
|
|
|
3mo ago |
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either di… |
| CVE-2025-61730 |
unknown |
— |
— |
|
|
|
4mo ago |
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages … |
| CVE-2025-61727 |
unknown |
— |
— |
|
|
|
6mo ago |
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com doe… |
| CVE-2025-61724 |
unknown |
— |
— |
|
|
|
7mo ago |
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. |
| CVE-2025-58188 |
unknown |
— |
— |
|
|
|
7mo ago |
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arb… |
| CVE-2025-58186 |
unknown |
— |
— |
|
|
|
7mo ago |
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP … |
| CVE-2025-58185 |
unknown |
— |
— |
|
|
|
7mo ago |
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. |
| CVE-2025-47912 |
unknown |
— |
— |
|
|
|
7mo ago |
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host compon… |
| CVE-2025-61723 |
unknown |
— |
— |
|
|
|
7mo ago |
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. |
| CVE-2025-58189 |
unknown |
— |
— |
|
|
|
7mo ago |
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. |
| CVE-2025-58187 |
unknown |
— |
— |
|
|
|
7mo ago |
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate ar… |
| CVE-2025-61725 |
unknown |
— |
— |
|
|
|
7mo ago |
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. |
| CVE-2025-47910 |
unknown |
— |
— |
|
|
|
9mo ago |
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original … |
