golang

Top products

The 15 most recently published vulnerabilities affecting golang.

• CVE-2026-27136Invoking duplicate attributes can cause XSS in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-42506Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-42502Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-39821Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna9.6May 22, 2026
• CVE-2026-25681Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-25680Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html6.5May 22, 2026
• CVE-2026-46598Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent5.3May 22, 2026
• CVE-2026-46595Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh10.0May 22, 2026
• CVE-2026-42508Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts9.1May 22, 2026
• CVE-2026-39834Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh9.1May 22, 2026
• CVE-2026-39831Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh9.1May 22, 2026
• CVE-2026-39830Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh9.1May 22, 2026
• CVE-2026-39829Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh7.5May 22, 2026
• CVE-2026-39827Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh6.5May 22, 2026
• CVE-2026-46597Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh7.5May 22, 2026