Golang.org/x/net/http2
This hub aggregates every CVE we track for Golang.org/x/net/http2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
0
Critical
7
High
0
In CISA KEV
Severity distribution
HIGH7MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Golang.org/x/net/http2.
- CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net7.5
- CVE-2026-27141Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net7.5
- CVE-2023-45288HTTP/2 CONTINUATION flood in net/http7.5
- CVE-2023-39325HTTP/2 rapid reset can cause excessive work in net/http7.5
- CVE-2022-41723Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net7.5
- CVE-2022-41717Excessive memory growth in net/http and golang.org/x/net/http25.3
- CVE-2022-27664In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.7.5
- CVE-2021-44716net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.7.5
Product normalization is registry-driven with AI assist and human review. How it works