263 matches found
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
CVE-2026-59161
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
ROOT-APP-GOBINARY-CVE-2026-53492 CVE-2026-53492 in rootio-github.com/containerd/containerd/v2 - Patched by Root
Root has patched CVE-2026-53492 in the rootio-github.com/containerd/containerd/v2 package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-27136 CVE-2026-27136 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-27136 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-25681 CVE-2026-25681 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-25681 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-42502 CVE-2026-42502 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-42502 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-29181 CVE-2026-29181 in rootio-go.opentelemetry.io/otel - Patched by Root
Root has patched CVE-2026-29181 in the rootio-go.opentelemetry.io/otel package for Root:Go. Multiple fixed versions available...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
ROOT-APP-GOBINARY-CVE-2026-39832 CVE-2026-39832 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39832 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39834 CVE-2026-39834 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39834 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39827 CVE-2026-39827 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39827 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39829 CVE-2026-39829 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39829 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-42508 CVE-2026-42508 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-42508 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-58181 CVE-2025-58181 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2025-58181 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...
ROOT-APP-GOBINARY-CVE-2025-22870 CVE-2025-22870 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2025-22870 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
GO-2026-5756 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle in github.com/AdguardTeam/AdGuardHome
AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle in github.com/AdguardTeam/AdGuardHome...