Lucene search
K

62 matches found

OSV
OSV
added 2026/06/18 3:47 p.m.5 views

ROOT-APP-GOBINARY-CVE-2025-22868 CVE-2025-22868 in rootio-golang.org/x/oauth2 - Patched by Root

Root has patched CVE-2025-22868 in the rootio-golang.org/x/oauth2 package for Root:Go. Multiple fixed versions available...

7.5CVSS6.2AI score0.00804EPSS
Exploits0
OSV
OSV
added 2026/06/18 1:55 p.m.4 views

ROOT-APP-GOBINARY-CVE-2025-68156 CVE-2025-68156 in rootio-github.com/expr-lang/expr - Patched by Root

Root has patched CVE-2025-68156 in the rootio-github.com/expr-lang/expr package for Root:Go. Multiple fixed versions available...

7.5CVSS5.8AI score0.00377EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.9 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:12 a.m.14 views

Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

...

7.5CVSS5.8AI score0.004EPSS
Exploits0
OSV
OSV
added 2026/05/22 2:46 a.m.8 views

GO-2026-5028 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 2:8 a.m.10 views

GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 7:7 p.m.10 views

GO-2026-4997 Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 4:56 p.m.14 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
OSV
OSV
added 2026/05/19 1:13 a.m.7 views

CLSA-2026-1779153233 golang: Fix of CVE-2026-32280

CVE-2026-32280: Limit processing of attacker-supplied intermediate certificates during chain building and introduce bound on number of intermediates, preventing uncontrolled work and denial of service...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39697

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description go-git may parse malformed Git objects differently than upstream Git. When commit or tag objects contain ambiguous or malformed headers, the decoded representation in go-git may expose values that differ...

7.5CVSS5.8AI score0.00615EPSS
Exploits1References153
RedHat Linux
RedHat Linux
added 2026/04/20 6:55 p.m.13 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS6.6AI score0.00459EPSS
Exploits2References8
OSV
OSV
added 2026/04/04 10:5 a.m.2 views

RHSA-2026:3473 Red Hat Security Advisory: golang security update

Bulletin has no description...

7.5CVSS5.9AI score0.01945EPSS
Exploits1References26
OSV
OSV
added 2026/03/27 10:14 a.m.1 views

RHSA-2026:5942 Red Hat Security Advisory: golang security update

Bulletin has no description...

8.6CVSS5.8AI score0.00728EPSS
Exploits0References19
OSV
OSV
added 2026/03/10 8:44 a.m.2 views

BIT-GOLANG-2026-25679 Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 9:44 a.m.10 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...

9.8CVSS7AI score0.00739EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76944 CVE-2025-47911 affecting package kubernetes for versions less than 1.28.4-25

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-76910 CVE-2025-47911 affecting package containerized-data-importer 1.62.0-1

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.6 views

CVE-2023-50424

SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

9.8CVSS7.3AI score0.01127EPSS
Exploits0References1
Fedora
Fedora
added 2025/12/18 1:0 a.m.5 views

[SECURITY] Fedora 43 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc43

Meta's Time libraries...

7.5CVSS7AI score0.00585EPSS
Exploits1
OSV
OSV
added 2025/11/19 8:11 p.m.3 views

GO-2025-4134 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.8AI score0.00521EPSS
Exploits0References3
Rows per page
Query Builder