CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1...

CVE-2025-9409

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...

GO-2025-3735 Panic in Path Probe Loss Recovery Handling in github.com/quic-go/quic-go

Panic in Path Probe Loss Recovery Handling in github.com/quic-go/quic-go...

PT-2025-19993

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.3 Go versions prior to 1.23.9 Description The issue concerns a security fix in the os package. Recommendations For versions prior to 1.24.3, update to version 1.24.3 to resolve the issue. For versions prior to 1.23.9,...

PT-2025-4738

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.23.6 Go versions prior to 1.22.12 Description The issue concerns a security fix in the crypto/elliptic module. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a sma...

PT-2025-2692

Name of the Vulnerable Software and Affected Versions Google Go versions up to 1.22.10/1.23.4 Description A certificate with a URI which has an IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not...

PT-2025-14376

Name of the Vulnerable Software and Affected Versions Go versions 1.23 through 1.23.7 Go versions 1.24 through 1.24.1 Description The issue concerns a security fix for the net/http package. Recommendations For Go versions 1.23 through 1.23.7, update to version 1.23.8. For Go versions 1.24 through...

PT-2025-9733

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.1 and 1.23.7 Description A security issue was found in the net/http component. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was...

GO-2024-3116 sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go...

CVE-2023-52728

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString...

SUSE-SU-2024:1161-1 Security update for go1.21

This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.21.9 bsc1212475...

Sensitive Information Disclosure

go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the client not forwarding sensitive headers such as "Authorization" or "Cookie" when following an HTTP redirect to a domain that is not a subdomain match or exact match of the initial domain...

SUSE-SU-2024:0811-1 Security update for go1.21

This update for go1.21 fixes the following issues: - Upgrade go to version 1.21.8 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect bsc1221000 - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm bsc122100...

SUSE-SU-2023:4018-1 Security update for go1.20

This update for go1.20 fixes the following issues: - Updated to version 1.20.9 bsc1206346: - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass bsc1215985...

CVE-2023-24540 vulnerabilities

Vulnerabilities for packages: go, falco...

Denial Of Service (DoS)

go is vulnerable to denial of service DoS attacks. A remote attacker is able to allocate unbounded amounts of memory using Reader.Read via passing a maliciously crafted archive, causing a system crash due to resource exhaustion...

CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

CVE-2021-39293

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...

Denial Of Service (DoS)

go is vulnerable to Denial Of Service DoS. The vulnerability exists due to a race condition where the system is trying to access the same resources leading to denial of service...

Improper Certificate Validation

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...