62 matches found
ROOT-APP-GOBINARY-CVE-2025-22868 CVE-2025-22868 in rootio-golang.org/x/oauth2 - Patched by Root
Root has patched CVE-2025-22868 in the rootio-golang.org/x/oauth2 package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-68156 CVE-2025-68156 in rootio-github.com/expr-lang/expr - Patched by Root
Root has patched CVE-2025-68156 in the rootio-github.com/expr-lang/expr package for Root:Go. Multiple fixed versions available...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
...
GO-2026-5028 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...
GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
GO-2026-4997 Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor
Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...
github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...
CLSA-2026-1779153233 golang: Fix of CVE-2026-32280
CVE-2026-32280: Limit processing of attacker-supplied intermediate certificates during chain building and introduce bound on number of intermediates, preventing uncontrolled work and denial of service...
PT-2026-39697
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description go-git may parse malformed Git objects differently than upstream Git. When commit or tag objects contain ambiguous or malformed headers, the decoded representation in go-git may expose values that differ...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
RHSA-2026:3473 Red Hat Security Advisory: golang security update
Bulletin has no description...
RHSA-2026:5942 Red Hat Security Advisory: golang security update
Bulletin has no description...
BIT-GOLANG-2026-25679 Incorrect parsing of IPv6 host literals in net/url
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...
AZL-76944 CVE-2025-47911 affecting package kubernetes for versions less than 1.28.4-25
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76910 CVE-2025-47911 affecting package containerized-data-importer 1.62.0-1
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
[SECURITY] Fedora 43 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc43
Meta's Time libraries...
GO-2025-4134 Unbounded memory consumption in golang.org/x/crypto/ssh
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...