ALSA-2026:8841 Important: go-rpm-macros security update

This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url...

ALSA-2026:3669 Important: go-rpm-macros security update

This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing i...

Critical Photon OS Security Update - PHSA-2026-4.0-0968

Updates of 'vim', 'linux', 'go' packages of Photon OS have been released...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-195:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-195:01 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

Moderate: go-rpm-macros security update

This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only. Security Fixes: os/exec: Unexpected paths returned from LookPath in os/exec...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

RLSA-2025:13941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

Oracle Linux 10 : golang (ELSA-2025-10677)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10677 advisory. 1.24.4-1 - Update to Go 1.24.4 fips-1 1.24.3-3 - Update to Go 1.24.3 fips-3 1.24.3-2 - Update to Go 1.24.3 fips-2 1.24.3-1 - Update to Go 1.24.3 Tenable has...

Security Bulletin: Multiple security vulnerabilities affect Go related packages shipped with IBM CICS TX Standard.

Summary Security vulnerabilities affect Go packages that are shipped with IBM CICS TX Standard. Go modules are used by IBM CICS TX Standard to simplify dependency management. It is possible for sensitive information to be exposed through data queries with an attacker causing an HTTP/2 endpoint to...

MAL-2025-2544 Malicious code in github.com/belatedplanet/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ae6bd303b29130f3970f2f526b9c704e4fa0905fa4b3e015542213f4aaf5f701 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2547 Malicious code in github.com/shadowybulk/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 80a941bac0303482eb50ebe17fbfa05f22640a3932940be16100c6a1c0357a04 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2551 Malicious code in github.com/vainreboot/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security cd535431a1bde903495e71799081c385016d84659ac004c1c57c0d81e311ee59 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2550 Malicious code in github.com/utilizedsun/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Malicious code in github.com/shallowmulti/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2548 Malicious code in github.com/shallowmulti/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2546 Malicious code in github.com/ornatedoctrin/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9edf608032bbc84563da5c04376d6add49123c8fdba94883c239857eb45afc40 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2549 Malicious code in github.com/thankfulmai/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3fb8eb4f90f5b6657c77cd4876445c068cc53ec74237d2ec559dd21c3c876fc4 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

Malware Infects Linux and macOS via Typosquatted Go Packages

Socket exposes a typosquatting campaign delivering malware to Linux and macOS systems via malicious Go packages. Discover the…...

Linux Distros Unpatched Vulnerability : CVE-2021-3115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch module...

Linux Distros Unpatched Vulnerability : CVE-2023-45142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.meth...