| CVE-2016-5386 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Improper input validation in net/http and net/http/cgi |
| CVE-2025-61726 |
high |
— |
8.0 |
|
|
|
17d ago |
Memory exhaustion in query parameter parsing in net/url |
| CVE-2026-32281 |
high |
— |
8.0 |
|
|
|
17d ago |
Inefficient policy validation in crypto/x509 |
| CVE-2026-33810 |
high |
— |
8.0 |
|
|
|
17d ago |
Important: opentelemetry-collector security update |
| CVE-2026-27137 |
high |
— |
8.0 |
|
|
|
17d ago |
Incorrect enforcement of email constraints in crypto/x509 |
| CVE-2026-25679 |
high |
— |
8.0 |
|
|
|
1mo ago |
Incorrect parsing of IPv6 host literals in net/url |
| CVE-2026-32283 |
high |
— |
8.0 |
|
|
|
1mo ago |
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls |
| CVE-2026-32282 |
high |
— |
8.0 |
|
|
|
1mo ago |
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix |
| CVE-2026-32280 |
high |
— |
8.0 |
|
|
|
1mo ago |
Unexpected work during chain building in crypto/x509 |
| CVE-2025-61728 |
high |
— |
8.0 |
|
|
|
4mo ago |
RHSA-2026:22714: osbuild-composer security update (Important) |
| CVE-2025-61729 |
high |
— |
8.0 |
|
|
|
5mo ago |
RHSA-2026:4952: rhc security update (Important) |
| CVE-2025-47907 |
high |
— |
8.0 |
|
|
|
10mo ago |
Incorrect results returned from Rows.Scan in database/sql |
| CVE-2025-22866 |
high |
— |
8.0 |
|
|
|
1y ago |
Important: delve and golang security update |
| CVE-2024-34156 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34155 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2024-34158 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45290 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:8038: container-tools:rhel8 security update (Important) |
| CVE-2023-45289 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2024:3346: git-lfs security update (Important) |
| CVE-2024-24785 |
high |
— |
8.0 |
|
|
|
2y ago |
RHSA-2026:3428: container-tools:rhel8 security update (Important) |
| CVE-2023-45287 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-45288 |
high |
— |
8.0 |
|
|
|
2y ago |
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HE… |
| CVE-2023-39326 |
high |
— |
8.0 |
|
|
|
2y ago |
Important: container-tools:4.0 security update |
| CVE-2023-24532 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:3319: go-toolset:rhel8 security update (Important) |
| CVE-2022-41715 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2022-2880 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2024:3254: container-tools:rhel8 security update (Important) |
| CVE-2018-16875 |
high |
— |
8.0 |
|
|
|
4y ago |
Denial of service in chain verification in crypto/x509 |
| CVE-2019-9514 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2019-9512 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2019:4273: container-tools:1.0 security update (Important) |
| CVE-2021-44717 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2021:5160: go-toolset:rhel8 security and bug fix update (Important) |
| CVE-2021-44716 |
high |
— |
8.0 |
|
|
|
5y ago |
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. |
| CVE-2020-28362 |
high |
— |
8.0 |
|
|
|
5y ago |
RHSA-2021:0706: container-tools:2.0 security update (Important) |
| CVE-2016-3958 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
Privilege escalation on Windows via malicious DLL in syscall |
| CVE-2026-42504 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. |
| CVE-2026-42499 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. |
| CVE-2026-39836 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). |
| CVE-2026-39820 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. |
| CVE-2026-33814 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. |
| CVE-2026-33811 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. |
| CVE-2017-1000098 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Denial of service when parsing large forms in mime/multipart |
| CVE-2017-1000097 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Mishandled trust preferences for root certificates on Darwin in crypto/x509 |
| CVE-2016-3959 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Denial of service due to unchecked parameters in crypto/dsa |
| CVE-2015-8618 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
Incorrect calculation affecting RSA computations in math/big |
| CVE-2026-39826 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a… |
| CVE-2026-39823 |
medium |
6.1 |
6.1 |
|
|
|
28d ago |
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins… |
| CVE-2017-15042 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Cleartext transmission of credentials in net/smtp |
| CVE-2017-8932 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Incorrect computation for P-256 curves in crypto/elliptic |
| CVE-2025-58183 |
medium |
— |
5.5 |
|
|
|
7mo ago |
Unbounded allocation when parsing GNU sparse map in archive/tar |
| CVE-2025-47906 |
medium |
— |
5.5 |
|
|
|
10mo ago |
RHSA-2025:22668: go-toolset:rhel8 security update (Moderate) |
| CVE-2025-22874 |
medium |
— |
5.5 |
|
|
|
11mo ago |
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath… |
| CVE-2025-4673 |
medium |
— |
5.5 |
|
|
|
11mo ago |
RHSA-2025:10672: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45341 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-45336 |
medium |
— |
5.5 |
|
|
|
1y ago |
RHSA-2025:3772: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24791 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:7349: grafana security update (Moderate) |
| CVE-2024-24790 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:8876: go-toolset:rhel8 security update (Moderate) |
| CVE-2024-24789 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:5291: grafana security update (Moderate) |
| CVE-2024-24788 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2024-24784 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29406 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2023:7202: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2024-24783 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:6969: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39322 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39321 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39318 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39319 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-29409 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2023-39325 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:5863: grafana security update (Moderate) |
| CVE-2023-24540 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24539 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24537 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24534 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24536 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-24538 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2023-29400 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41724 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-41723 |
medium |
— |
5.5 |
|
|
|
3y ago |
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. |
| CVE-2022-41725 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) |
| CVE-2022-2879 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-27664 |
medium |
— |
5.5 |
|
|
|
3y ago |
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. |
| CVE-2022-41717 |
medium |
— |
5.5 |
|
|
|
3y ago |
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of ent… |
| CVE-2021-34558 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2021-33195 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2021-33198 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2024:2988: container-tools:rhel8 security update (Moderate) |
| CVE-2022-32189 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2021-33197 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) |
| CVE-2022-30635 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30631 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-28327 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-1705 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-29526 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-30630 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30632 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30629 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2758: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2022-24675 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-24921 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2022-32148 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-1962 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-30633 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2022-28131 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2023:2802: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2019-14809 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2019-17596 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate) |
| CVE-2021-31525 |
medium |
— |
5.5 |
|
|
|
4y ago |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client ca… |
