Lucene search
+L

316 matches found

CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...

5.3CVSS7.3AI score0.00482EPSS
Exploits1References4
OSV
OSV
added 2026/01/28 8:16 p.m.12 views

AZL-75734 CVE-2025-61726 affecting package golang for versions less than 1.25.6-1

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.4AI score0.01945EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/28 7:8 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The net/url package does not set a limit on the number of query parameters in a query. While the...

8.7CVSS7.3AI score0.01945EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 7:8 p.m.5 views

Incorrect Behavior Order: Early Validation

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Incorrect Behavior Order: Early Validation. Go Vulnerability Report: During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level...

5.3CVSS7.2AI score0.00276EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 7:7 p.m.5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path. Go Vulnerability Report: Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive i...

8.6CVSS7.3AI score0.00532EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

7.8CVSS8AI score0.00532EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/01/26 11:11 a.m.11 views

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260123T022811 2026-01-23T02:28:11Z jscPED-11136. Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3764 CVE-2024-44905 GHSA-6xp3-p59p-q4fj GO-2025-4188 CVE-2025-65637 GHSA-4f99-4q7p-p3gh...

9CVSS5.9AI score0.01643EPSS
Exploits15References2
OSV
OSV
added 2025/12/13 9:11 a.m.8 views

RLSA-2025:23088 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS8.5AI score0.00419EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/11 8:58 p.m.7 views

CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS7.7AI score0.00338EPSS
Exploits0
Snyk
Snyk
added 2025/12/02 8:55 p.m.1 views

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

7.5CVSS6.8AI score0.00274EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/02 6:30 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: A memory exhaustion vulnerability in the Error function of HostnameError when constructing a...

7.5CVSS6.8AI score0.00459EPSS
Exploits2References3
OSV
OSV
added 2025/11/20 12:0 a.m.5 views

ALSA-2025:21816 Moderate: delve and golang security update

The Go Programming Language. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

4.3CVSS6.8AI score0.00419EPSS
Exploits0References4
OSV
OSV
added 2025/11/05 6:41 p.m.5 views

GO-2025-3987 Vulnerable to Improper Validation of Syntactic Correctness of Input in github.com/nyaruka/phonenumbers

Vulnerable to Improper Validation of Syntactic Correctness of Input in github.com/nyaruka/phonenumbers...

7.5CVSS6.9AI score0.00421EPSS
Exploits1References4
Snyk
Snyk
added 2025/10/29 9:51 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The Reader.ReadResponse function constructs a response string through repeated string...

6.9CVSS6.9AI score0.00526EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 9:51 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/archive/tar is a Go standard library package std/archive/tar Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar...

7.5CVSS6.8AI score0.00419EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 9:50 p.m.3 views

Uncaught Exception

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes...

8.7CVSS6.9AI score0.00361EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 9:50 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does n...

6.9CVSS6.9AI score0.00534EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 9:49 p.m.4 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. Go Vulnerability Report:The Parse function permits values other than IPv6 addresses to be included in...

8.2CVSS6.9AI score0.00443EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 9:49 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The processing time for parsing some invalid inputs scales non-linearly with respect to th...

8.7CVSS6.8AI score0.00626EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.6 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from a design flaw in the name constraint checking algorithm that could lead to a non-linear increase in certificate...

7.5CVSS6.3AI score0.00384EPSS
Exploits0References6
Rows per page
Query Builder