golang
230 tracked vulnerabilities.
CVE-2026-42505
MEDIUM
Invoking Encrypted Client Hello privacy leak in crypto/tls
Jul 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39822
HIGH
Root escape via symlink plus trailing slash in os
Jul 08, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-46604
HIGH
Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
Jun 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42506
MEDIUM
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-42502
MEDIUM
Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-39821
CRITICAL
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
May 22, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-27136
MEDIUM
Invoking duplicate attributes can cause XSS in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25681
MEDIUM
Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25680
MEDIUM
Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
May 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46598
MEDIUM
Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
May 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-46597
HIGH
Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
May 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46595
CRITICAL
Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
May 22, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-42508
CRITICAL
Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39835
MEDIUM
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
May 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39834
CRITICAL
Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39833
CRITICAL
Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39832
CRITICAL
Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
May 22, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-39831
CRITICAL
Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39830
CRITICAL
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
May 22, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-39829
HIGH
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
May 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39828
MEDIUM
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
May 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-39827
MEDIUM
Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
May 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42501
HIGH
Malicious module proxy can bypass checksum database in cmd/go
May 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42499
HIGH
Quadratic string concatenation in consumePhrase in net/mail
May 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-39836
HIGH
Panic in Dial and LookupPort when handling NUL byte on Windows in net
May 07, 2026
CVSS 7.5
EPSS 0.01