golang

230 tracked vulnerabilities.

CVE-2026-42505 MEDIUM
Invoking Encrypted Client Hello privacy leak in crypto/tls
Jul 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39822 HIGH
Root escape via symlink plus trailing slash in os
Jul 08, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-46604 HIGH
Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
Jun 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42506 MEDIUM
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-42502 MEDIUM
Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-39821 CRITICAL
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
May 22, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-27136 MEDIUM
Invoking duplicate attributes can cause XSS in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25681 MEDIUM
Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
May 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25680 MEDIUM
Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
May 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46598 MEDIUM
Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
May 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-46597 HIGH
Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
May 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46595 CRITICAL
Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
May 22, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-42508 CRITICAL
Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39835 MEDIUM
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
May 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39834 CRITICAL
Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39833 CRITICAL
Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39832 CRITICAL
Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
May 22, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-39831 CRITICAL
Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
May 22, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39830 CRITICAL
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
May 22, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-39829 HIGH
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
May 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39828 MEDIUM
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
May 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-39827 MEDIUM
Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
May 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42501 HIGH
Malicious module proxy can bypass checksum database in cmd/go
May 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42499 HIGH
Quadratic string concatenation in consumePhrase in net/mail
May 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-39836 HIGH
Panic in Dial and LookupPort when handling NUL byte on Windows in net
May 07, 2026
CVSS 7.5
EPSS 0.01