CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

CVE-2026-21697

CVE-2026-21697 affects the Go HTTP client library axios4go. Prior to version 0.6.4, a race condition mutates the shared default http.Client configuration during request execution without synchronization, directly altering Transport, Timeout, and CheckRedirect. This can enable leakage of proxy con...

SUSE CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

编号撤回

ch is a ClickHouse open source low-level Go client for ClickHouse. This CVE number has been withdrawn...

GHSA-47M2-4CR7-MHCW quic-go: Panic occurs when queuing undecryptable packets after handshake completion

Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...

EUVD-2022-24990

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-5397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache...

GO-2025-3540 Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis

Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.

Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.9 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...

[SECURITY] Fedora 37 Update: golang-github-cli-oauth-1.0.1-2.fc37

A library for performing OAuth Device flow and Web application flow in Go client apps...

SUSE CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2022-23538 User credentials leaked to third-party service via HTTP redirect in scs-library-client

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

CVE-2022-23538

Removed by vendor...

Fedora: Security Advisory for golang-github-deepmap-oapi-codegen (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-projectdiscovery-chaos-client-0.2.0-3.fc36

Go client to communicate with Chaos DNS API...

[SECURITY] Fedora 36 Update: golang-github-crossdock-0-0.9.20190628git049aabb.fc36

A Go client for Crossdock...

Fedora: Security Advisory for golang-github-crossdock (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...