CLEANSTART-2026-AB04032 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

EUVD-2021-1345

Malware in sbrugna...

EUVD-2021-2158

Malware in sbrugna...

EUVD-2023-2020

Malicious code in bioql PyPI...

Go implementation of Fast Finality in Filecoin 安全漏洞

Go implementation of Fast Finality in Filecoin is a Golang library for a fast validation mechanism open-sourced by Filecoin. A security vulnerability exists in Go implementation of Fast Finality in Filecoin version 0.8.8 and earlier, which stems from the validation result caching mechanism not...

PT-2025-39916

Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.8 and below Description go-f3’s justification verification caching mechanism improperly caches verification results without considering the message context. An attacker can bypass justification verification by submitting a...

CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

Design/Logic Flaw

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on ...

CVE-2023-24535

A flaw was found in the golang implementation of the protobuf protocol. This issue occurs when parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input, which will cause a panic...

CVE-2020-26265 Consensus flaw during block processing

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...