49 matches found
SUSE-SU-2026:2733-1 Security update for buildah
This update for buildah fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267179. - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE...
SUSE-SU-2026:2096-1 Security update for yq
This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...
Invoking duplicate attributes can cause XSS in golang.org/x/net/html
...
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the...
CVE-2026-25681
CVE-2026-25681 affects the golang.org/x/net/html component. The root cause is an incorrect handling of character references in DOCTYPE nodes, which can cause an unexpected HTML tree when rendering and potentially enable XSS in applications that sanitize input HTML before rendering. The descriptio...
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
CVE-2026-25680
CVE-2026-25680 affects the Go ecosystem’s HTML parser in golang.org/x/net/html. Description: parsing arbitrary HTML can cause excessive CPU time, potentially leading to denial of service. CVSSv3.1 base score 6.5 (Network, Low attack complexity, User interaction required, Availability impact). Con...
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...
Astra Linux – Vulnerability in containerd-app
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to a Denial-of-Service DoS attack if an attacker provides specially crafted HTML content...
GHSA-W4GW-W5JQ-G9JH golang.org/x/net/html has a Quadratic Parsing Complexity issue
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to Denial of Service DoS if an attacker provides specially crafted HTML content...
AZL-77049 CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.6.2-11
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
DEBIAN-CVE-2025-58190
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76830 CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76863 CVE-2025-47911 affecting package gh for versions less than 2.13.0-26
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2025-47911
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2025-47911 Quadratic parsing complexity in golang.org/x/net/html
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2025-47911
The IBM Security Bulletin for ELM on Hybrid Cloud notes CVE-2025-47911 affects the underlying golang.org/x/net/html html.Parse function, which can exhibit quadratic parsing behavior on carefully crafted HTML inputs and may enable DoS. Affected product versions are ELM on Hybrid Cloud 1.0.0 to 1.3...