| CVE-2017-15041 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Remote command execution via "go get" in cmd/go |
| CVE-2023-29402 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2023-29404 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2023-29405 |
critical |
— |
9.5 |
|
|
|
3y ago |
RHSA-2023:3922: go-toolset:rhel8 security update (Critical) |
| CVE-2026-27140 |
high |
— |
8.0 |
|
|
|
1mo ago |
SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. |
| CVE-2026-27144 |
high |
— |
8.0 |
|
|
|
1mo ago |
The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves… |
| CVE-2026-27143 |
high |
— |
8.0 |
|
|
|
1mo ago |
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading … |
| CVE-2025-61731 |
high |
— |
8.0 |
|
|
|
2mo ago |
Important: golang security update |
| CVE-2025-61732 |
high |
— |
8.0 |
|
|
|
4mo ago |
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. |
| CVE-2025-4674 |
high |
— |
8.0 |
|
|
|
10mo ago |
Important: golang security update |
| CVE-2018-6574 |
high |
— |
8.0 |
|
|
|
4y ago |
Remote command execution via "go get" command with cgo in cmd/go |
| CVE-2018-16873 |
high |
— |
8.0 |
|
|
|
4y ago |
Remote command execution via "go get" with "-u" flag in cmd/go |
| CVE-2018-16874 |
high |
— |
8.0 |
|
|
|
4y ago |
Directory traversal via "go get" command in cmd/go |
| CVE-2026-42501 |
high |
7.5 |
7.5 |
|
|
|
28d ago |
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr… |
| CVE-2025-68119 |
unknown |
— |
— |
|
|
|
4mo ago |
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom d… |
