250 matches found
github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...
ROOT-APP-GOBINARY-CVE-2026-42502 CVE-2026-42502 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-42502 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-27136 CVE-2026-27136 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-27136 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-25681 CVE-2026-25681 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2026-25681 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39827 CVE-2026-39827 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39827 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39829 CVE-2026-39829 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39829 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39832 CVE-2026-39832 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39832 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-58181 CVE-2025-58181 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2025-58181 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-42508 CVE-2026-42508 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-42508 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-39834 CVE-2026-39834 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2026-39834 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-22870 CVE-2025-22870 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2025-22870 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
GHSA-78MQ-XCR3-XM33 golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...
GHSA-9M57-25V3-79X9 golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...
ROOT-APP-GOBINARY-CVE-2026-42306 CVE-2026-42306 in rootio-github.com/docker/docker - Patched by Root
Root has patched CVE-2026-42306 in the rootio-github.com/docker/docker package for Root:Go. Multiple fixed versions available...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
ROOT-APP-GOBINARY-GHSA-FW8G-CG8F-9J28 GHSA-fw8g-cg8f-9j28 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched GHSA-fw8g-cg8f-9j28 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-29181 CVE-2026-29181 in rootio-go.opentelemetry.io/otel - Patched by Root
Root has patched CVE-2026-29181 in the rootio-go.opentelemetry.io/otel package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-27889 CVE-2026-27889 in rootio-github.com/nats-io/nats-server/v2 - Patched by Root
Root has patched CVE-2026-27889 in the rootio-github.com/nats-io/nats-server/v2 package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-35469 CVE-2026-35469 in rootio-github.com/moby/spdystream - Patched by Root
Root has patched CVE-2026-35469 in the rootio-github.com/moby/spdystream package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-30204 CVE-2025-30204 in rootio-github.com/golang-jwt/jwt/v4 - Patched by Root
Root has patched CVE-2025-30204 in the rootio-github.com/golang-jwt/jwt/v4 package for Root:Go. Multiple fixed versions available...