golang.org/x/net

Top products

The 15 most recently published vulnerabilities affecting golang.org/x/net.

• CVE-2026-27136Invoking duplicate attributes can cause XSS in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-39821Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna9.6May 22, 2026
• CVE-2026-42502Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-42506Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-25681Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html6.1May 22, 2026
• CVE-2026-25680Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html6.5May 22, 2026
• CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net7.5May 7, 2026
• CVE-2026-27141Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net7.5Feb 26, 2026
• CVE-2025-58190Infinite parsing loop in golang.org/x/net5.3Feb 5, 2026
• CVE-2025-47911Quadratic parsing complexity in golang.org/x/net/html5.3Feb 5, 2026
• CVE-2025-22872Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net6.5Apr 16, 2025
• CVE-2025-22870HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net4.4Mar 12, 2025
• CVE-2024-45338Non-linear parsing of case-insensitive content in golang.org/x/net/html5.3Dec 18, 2024
• CVE-2023-45288HTTP/2 CONTINUATION flood in net/http7.5Apr 4, 2024
• CVE-2023-39325HTTP/2 rapid reset can cause excessive work in net/http7.5Oct 11, 2023