net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

CLSA-2026-1777445847 grafana-pcp: Fix of CVE-2026-25679

Rebuild against recent Go compiler - CVE-2026-25679: fix net/url insufficient validation of host in url.Parse...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

CLSA-2026-1777306907 runc: Fix of CVE-2026-25679

Rebuild with Go 1.25.8 to fix Go standard library CVE - CVE-2026-25679: reject invalid IPv6 host literals in net/url.Parse to prevent URL validation bypass...

CLSA-2026-1777029448 containernetworking-plugins: Fix of CVE-2026-25679

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els2 to fix the following CVE - CVE-2026-25679: reject IPv6 literals not at the start of the host subcomponent in net/url.Parse to prevent URL authority validation bypass...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to incorrect parse function values in net/url (CVE-2025-47912)

Summary IBM Watson Speech Services Cartridge is vulnerable to a condition in net/url that allows incorrect parse function values other than IPv6 addresses to be included in square brackets within the host component of a URL CVE-2025-47912, Net/url is used in our speech-utilities. This...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

CVE-2026-25679

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

Server-side Request Forgery (SSRF)

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to insufficient validation of the url.Parse process. An attacker can bypass expected URL parsing restrictions by supplying specially crafted...

[SECURITY] [DLA 4413-1] node-url-parse security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 16, 2025 https://wiki.debian.org/LTS -...

Debian dla-4413 : node-url-parse - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4413 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/...

DLA-4413-1 node-url-parse - security update

Bulletin has no description...

Debian: Security Advisory (DLA-4413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

EUVD-2022-1044

Malicious code in bioql PyPI...

EUVD-2022-48113

Malicious code in bioql PyPI...