| CVE-2017-15041 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Remote command execution via "go get" in cmd/go |
| CVE-2023-29405 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2023-29402 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2023-29404 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2026-27144 |
high |
— |
8.0 |
|
|
|
1mo ago |
RHSA-2026:10704: go-toolset:rhel8 security update (Important) |
| CVE-2026-27143 |
high |
— |
8.0 |
|
|
|
1mo ago |
RHSA-2026:10704: go-toolset:rhel8 security update (Important) |
| CVE-2026-27140 |
high |
— |
8.0 |
|
|
|
1mo ago |
RHSA-2026:10704: go-toolset:rhel8 security update (Important) |
| CVE-2025-61731 |
high |
— |
8.0 |
|
|
|
2mo ago |
RHSA-2026:6949: go-toolset:rhel8 security update (Important) |
| CVE-2025-61732 |
high |
— |
8.0 |
|
|
|
4mo ago |
RHSA-2026:2708: go-toolset:rhel8 security update (Important) |
| CVE-2025-4674 |
high |
— |
8.0 |
|
|
|
10mo ago |
Important: golang security update |
| CVE-2018-6574 |
high |
— |
8.0 |
|
|
|
4y ago |
Remote command execution via "go get" command with cgo in cmd/go |
| CVE-2018-16873 |
high |
— |
8.0 |
|
|
|
4y ago |
Remote command execution via "go get" with "-u" flag in cmd/go |
| CVE-2018-16874 |
high |
— |
8.0 |
|
|
|
4y ago |
Directory traversal via "go get" command in cmd/go |
| CVE-2026-42501 |
high |
7.5 |
7.5 |
|
|
|
27d ago |
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr… |
| CVE-2026-39817 |
medium |
5.9 |
5.9 |
|
|
|
27d ago |
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su… |
| CVE-2023-45285 |
medium |
— |
5.5 |
|
|
|
2y ago |
RHSA-2024:0887: go-toolset:rhel8 security update (Moderate) |
| CVE-2023-39323 |
medium |
— |
5.5 |
|
|
|
3y ago |
RHBA-2023:6928: go-toolset:rhel8 bug fix and enhancement update (Moderate) |
| CVE-2022-23773 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2020-28367 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) |
| CVE-2020-28366 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2020:5493: go-toolset:rhel8 security update (Moderate) |
| CVE-2021-38297 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) |
| CVE-2021-3115 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:1746: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) |
| CVE-2026-39819 |
medium |
5.3 |
5.3 |
|
|
|
27d ago |
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one… |
| CVE-2025-68119 |
unknown |
— |
— |
|
|
|
4mo ago |
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom d… |
| CVE-2025-22867 |
unknown |
— |
— |
|
|
|
1y ago |
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special value… |
| CVE-2024-45340 |
unknown |
— |
— |
|
|
|
1y ago |
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless othe… |
| CVE-2023-24531 |
unknown |
— |
— |
|
|
|
2y ago |
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahav… |
| CVE-2024-24787 |
unknown |
— |
— |
|
|
|
2y ago |
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. |
| CVE-2023-39320 |
unknown |
— |
— |
|
|
|
3y ago |
Arbitrary code execution via go.mod toolchain directive in cmd/go |
| CVE-2018-7187 |
unknown |
— |
— |
|
|
|
4y ago |
Remote command execution via "go get" command with "-insecure" option in cmd/go |
