GO-2026-4804 Ory Oathkeeper has a path traversal authorization bypass in github.com/ory/oathkeeper

Ory Oathkeeper has a path traversal authorization bypass in github.com/ory/oathkeeper...

GHSA-89XV-2J6F-QHC8 Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...

Uncaught Exception

Overview github.com/buger/jsonparser is an Alternative JSON parser for Go. Affected versions of this package are vulnerable to Uncaught Exception via the Delete function when processing malformed JSON input. An attacker can cause a runtime panic and disrupt service availability by submitting...

GO-2026-4694 SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm

SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm...

GO-2026-4677 Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm

Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm...

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

GHSA-XJ69-M9QQ-8M94 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

GO-2026-4569 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk...

AZL-79532 CVE-2026-27139 affecting package golang 1.18.8-10

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

Security Bulletin: FDB

Summary The library is included as part of the GO installed and not directly affect the product in any means. The go version has been updated since then and has been fixed. This only affect pre-CPD 4.5 Vulnerability Details CVEID:CVE-2022-21698 DESCRIPTION: Prometheus Go client library clientgola...

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2025-30204: Fixed a vulnerability in jwt-go which allowed excessive memory allocation during header parsing. bsc1240513 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

RLSA-2026:2914 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...

RHSA-2026:3092 Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-26958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and...

UBUNTU-CVE-2026-26958

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

CVE-2026-26958

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

GO-2026-4485 webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule in github.com/quic-go/webtransport-go

webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WTCLOSESESSION Capsule in github.com/quic-go/webtransport-go...

Inadequate Encryption Strength

Overview github.com/pion/dtls is a DTLS 1.2 Server/Client implementation for Go. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by...