go standard library

Top products

The 15 most recently published vulnerabilities affecting go standard library.

• CVE-2026-42507Arbitrary inputs are included in errors without any escaping in net/textproto5.3Jun 2, 2026
• CVE-2026-42504Quadratic complexity in WordDecoder.DecodeHeader in mime7.5Jun 2, 2026
• CVE-2026-27145Inefficient candidate hostname parsing in crypto/x5096.5Jun 2, 2026
• CVE-2026-39826Escaper bypass leads to XSS in html/template6.1May 7, 2026
• CVE-2026-39823Bypass of meta content URL escaping causes XSS in html/template6.1May 7, 2026
• CVE-2026-39820Quadratic string concatentation in consumeComment in net/mail7.5May 7, 2026
• CVE-2026-33811Crash when handling long CNAME response in net7.5May 7, 2026
• CVE-2026-42499Quadratic string concatenation in consumePhrase in net/mail7.5May 7, 2026
• CVE-2026-39836Panic in Dial and LookupPort when handling NUL byte on Windows in net7.5May 7, 2026
• CVE-2026-39825ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil5.3May 7, 2026
• CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net7.5May 7, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026