| CVE-2025-68121 |
critical |
10.0 |
10.0 |
|
|
|
17d ago |
RHSA-2026:23228: image-builder security update (Important) |
| CVE-2015-5740 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2015-5739 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Request smuggling due to improper header parsing in net/http |
| CVE-2023-29403 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2025-22871 |
critical |
9.1 |
9.1 |
|
|
|
10mo ago |
Moderate: git-lfs security update |
| CVE-2026-27145 |
medium |
6.5 |
6.5 |
|
|
|
2d ago |
Inefficient candidate hostname parsing in crypto/x509 |
| CVE-2026-39826 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a… |
| CVE-2026-39823 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins… |
| CVE-2017-15042 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Cleartext transmission of credentials in net/smtp |
| CVE-2017-8932 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Incorrect computation for P-256 curves in crypto/elliptic |
| CVE-2025-58183 |
medium |
— |
5.5 |
|
|
|
7mo ago |
Moderate: delve and golang security update |
| CVE-2025-47906 |
medium |
— |
5.5 |
|
|
|
10mo ago |
RHSA-2025:22668: go-toolset:rhel8 security update (Moderate) |
| CVE-2025-22874 |
medium |
— |
5.5 |
|
|
|
11mo ago |
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath… |
| CVE-2025-4673 |
medium |
— |
5.5 |
|
|
|
11mo ago |
RHSA-2025:10672: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45341 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45336 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24791 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:7349: grafana security update (Moderate) |
| CVE-2024-24790 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:8876: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24789 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:5291: grafana security update (Moderate) |
| CVE-2024-24788 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2024-24783 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29406 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2023:7202: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2024-24784 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39326 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moderate: golang security update |
| CVE-2023-39321 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39322 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39319 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39318 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-24539 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-29400 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24540 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24536 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24534 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24537 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24538 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41724 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41725 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41723 |
medium |
— |
5.5 |
|
|
|
3y ago |
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. |
| CVE-2022-41717 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: podman security and bug fix update |
| CVE-2022-2879 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-27664 |
medium |
— |
5.5 |
|
|
|
3y ago |
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. |
| CVE-2021-34558 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-32189 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2021-33198 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2021-33195 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-33197 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2022-28327 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-32148 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30629 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: podman security and bug fix update |
| CVE-2022-30633 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-28131 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-24675 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-24921 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-30631 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30632 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-29526 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-1962 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30630 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-1705 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30635 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2019-14809 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2019-17596 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) |
| CVE-2021-31525 |
medium |
— |
5.5 |
|
|
|
4y ago |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client ca… |
| CVE-2019-6486 |
medium |
— |
5.5 |
|
|
|
4y ago |
Denial of service affecting P-521 and P-384 curves in crypto/elliptic |
| CVE-2019-16276 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) |
| CVE-2022-23772 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-23806 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-39293 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2020-15586 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) |
| CVE-2021-27918 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2021-3114 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-33196 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-36221 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2021-41772 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-41771 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2020-24553 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) |
| CVE-2020-16845 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2020:3665: go-toolset:rhel8 security update (Moderate) |
| CVE-2026-42507 |
medium |
5.3 |
5.3 |
|
|
|
2d ago |
Arbitrary inputs are included in errors without any escaping in net/textproto |
| CVE-2026-39825 |
medium |
5.3 |
5.3 |
|
|
|
28d ago |
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize… |
| CVE-2014-7189 |
medium |
— |
4.3 |
|
|
|
12y ago |
Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls |
| CVE-2025-22873 |
low |
— |
2.5 |
|
|
|
4mo ago |
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape o… |
| CVE-2020-0601 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… |
| CVE-2021-27919 |
low |
— |
2.5 |
|
|
|
5y ago |
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… |
| CVE-2026-32289 |
unknown |
— |
— |
|
|
|
2mo ago |
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS … |
| CVE-2026-32288 |
unknown |
— |
— |
|
|
|
2mo ago |
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. |
| CVE-2026-27142 |
unknown |
— |
— |
|
|
|
3mo ago |
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG set… |
| CVE-2026-27139 |
unknown |
— |
— |
|
|
|
3mo ago |
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impac… |
| CVE-2026-27138 |
unknown |
— |
— |
|
|
|
3mo ago |
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either di… |
| CVE-2025-61730 |
unknown |
— |
— |
|
|
|
4mo ago |
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages … |
| CVE-2025-61727 |
unknown |
— |
— |
|
|
|
6mo ago |
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com doe… |
| CVE-2025-61724 |
unknown |
— |
— |
|
|
|
7mo ago |
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. |
| CVE-2025-58188 |
unknown |
— |
— |
|
|
|
7mo ago |
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arb… |
| CVE-2025-58186 |
unknown |
— |
— |
|
|
|
7mo ago |
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP … |
| CVE-2025-58185 |
unknown |
— |
— |
|
|
|
7mo ago |
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. |
| CVE-2025-47912 |
unknown |
— |
— |
|
|
|
7mo ago |
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host compon… |
| CVE-2025-61723 |
unknown |
— |
— |
|
|
|
7mo ago |
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. |
| CVE-2025-58189 |
unknown |
— |
— |
|
|
|
7mo ago |
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. |
| CVE-2025-58187 |
unknown |
— |
— |
|
|
|
7mo ago |
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate ar… |
| CVE-2025-61725 |
unknown |
— |
— |
|
|
|
7mo ago |
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. |
| CVE-2025-47910 |
unknown |
— |
— |
|
|
|
9mo ago |
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original … |
