Golang.org/x/net/html
This hub aggregates every CVE we track for Golang.org/x/net/html, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM10
Monthly trend
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
2
0
0
5
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Golang.org/x/net/html.
- CVE-2026-27136Invoking duplicate attributes can cause XSS in golang.org/x/net/html6.1
- CVE-2026-42502Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html6.1
- CVE-2026-42506Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html6.1
- CVE-2026-25681Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html6.1
- CVE-2026-25680Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html6.5
- CVE-2025-58190Infinite parsing loop in golang.org/x/net5.3
- CVE-2025-47911Quadratic parsing complexity in golang.org/x/net/html5.3
- CVE-2025-22872Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net6.5
- CVE-2024-45338Non-linear parsing of case-insensitive content in golang.org/x/net/html5.3
- CVE-2023-3978Improper rendering of text nodes in golang.org/x/net/html6.1
Product normalization is registry-driven with AI assist and human review. How it works