267 matches found
ROOT-APP-GOBINARY-CVE-2025-58181 CVE-2025-58181 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2025-58181 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
OPENSUSE-SU-2026:11012-1 golang-github-prometheus-node_exporter-1.11.1-2.1 on GA media
These are all security issues fixed in the golang-github-prometheus-nodeexporter-1.11.1-2.1 package on the GA media of openSUSE Tumbleweed...
Cross-site Scripting (XSS)
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the inBodyEndTagOther function, when rendering sanitized HTML. An attacker can cause the execution of scripts in the...
CVE-2026-33814 affecting package golang for versions less than 1.26.3-1
CVE-2026-33814 affecting package golang for versions less than 1.26.3-1. An upgraded version of the package is available that resolves this issue...
Unity Linux 20.1050e / 20.1070e Security Update: golang (UTSA-2026-016809)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016809 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. Tenable has extracted the preceding description block directly from t...
RHEL 9 : golang (RHSA-2026:7883)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7883 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...
MiracleLinux 9 : golang-1.25.8-1.el9_7 (AXSA:2026-370:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-370:03 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...
OPENSUSE-SU-2026:10432-1 golang-github-v2fly-v2ray-core-5.47.0-1.1 on GA media
These are all security issues fixed in the golang-github-v2fly-v2ray-core-5.47.0-1.1 package on the GA media of openSUSE Tumbleweed...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2026-1310)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-27137 affecting package golang for versions less than 1.25.8-1
CVE-2026-27137 affecting package golang for versions less than 1.25.8-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-27137 affecting package golang for versions less than 1.26.1-1
CVE-2026-27137 affecting package golang for versions less than 1.26.1-1. An upgraded version of the package is available that resolves this issue...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2026-1240)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-61726 affecting package msft-golang for versions less than 1.24.12-1
CVE-2025-61726 affecting package msft-golang for versions less than 1.24.12-1. A patched version of the package is available...
AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...
Infinite loop
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially...
Inefficient Algorithmic Complexity
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which can lea...
CVE-2025-61728 affecting package golang for versions less than 1.25.6-1
CVE-2025-61728 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...
CVE-2025-61730 affecting package golang for versions less than 1.25.6-1
CVE-2025-61730 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...
CVE-2025-68119 affecting package golang for versions less than 1.25.6-1
CVE-2025-68119 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...
CVE-2025-68119 affecting package golang for versions less than 1.25.6-1
CVE-2025-68119 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...