CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

CLEANSTART-2026-OA82425 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

[SECURITY] Fedora 43 Update: golang-github-alecthomas-chroma-2-2.14.0-6.fc43

A general purpose syntax highlighter in pure Go...

CVE-2025-58058

CVE-2025-58058 — xz (Go) memory allocation issue : The xz library (Go implementation) prior to 0.5.14 can allocate the full LZMA decoding buffer immediately after reading the header, before detecting improper data prepending to the stream. The LZMA header lacks a mandatory magic/checksum to catch...

ALSA-2025:9150 Moderate: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

RHEL 9 : gvisor-tap-vsock (RHSA-2024:6187)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6187 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM formerly known as Kyber, renamed because we can't have nice things is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly

Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...

CVE-2023-26483

CVE-2023-26483 affects the Go library gosaml2 (SAML 2.0 implementation). A bug allows attackers to craft a deflate-compressed request that can consume memory far beyond the original size, potentially causing memory exhaustion and process termination (a deflate decompression bomb). The maximal obs...

Fedora: Security Advisory for golang-gopkg-src-d-git-4 (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-gopkg-src-d-git-4-4.13.1-9.fc36

A highly extensible git implementation in pure go...

[SECURITY] Fedora 36 Update: golang-github-mholt-archiver-3.5.1-4.fc36

Package Archiver makes it trivially easy to make and extract common archive formats such as zip and tarball and its compressed variants. Simply name the input and output files. The arc command runs the same on all platforms and has no external dependencies not even libc. It is powered by the Go...

[SECURITY] Fedora 36 Update: golang-github-google-jsonnet-0.17.0-6.fc36

This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...

Fedora: Security Advisory for golang-gopkg-src-d-git-4 (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-gopkg-src-d-git-4-4.13.1-8.fc35

A highly extensible git implementation in pure go...

[SECURITY] Fedora 35 Update: golang-github-xo-terminfo-0-0.6.20210113gitc22d04b.fc35

A terminfo package in pure go!...

[SECURITY] Fedora 35 Update: golang-github-google-jsonnet-0.17.0-5.fc35

This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...

[SECURITY] Fedora 35 Update: gojq-0.12.8-3.fc35

Pure Go implementation of jq...

Fedora: Security Advisory for golang-gopkg-src-d-git-4 (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-gopkg-src-d-git-4-4.13.1-8.fc36

A highly extensible git implementation in pure go...