the go project
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting the go project.
- CVE-2026-39829Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh7.5
- CVE-2026-42501Malicious module proxy can bypass checksum database in cmd/go7.5
- CVE-2026-39826Escaper bypass leads to XSS in html/template6.1
- CVE-2026-39823Bypass of meta content URL escaping causes XSS in html/template6.1
- CVE-2026-39820Quadratic string concatentation in consumeComment in net/mail7.5
- CVE-2026-33811Crash when handling long CNAME response in net7.5
- CVE-2026-42499Quadratic string concatenation in consumePhrase in net/mail7.5
- CVE-2026-39836Panic in Dial and LookupPort when handling NUL byte on Windows in net7.5
- CVE-2026-39825ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil5.3
- CVE-2026-39819Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go5.3
- CVE-2026-39817Invoking "go tool pack" does not sanitize output paths in cmd/go5.9
- CVE-2026-33812Excessive memory allocation when decoding malicious SFNT in golang.org/x/image6.1
- CVE-2026-32281Inefficient policy validation in crypto/x5097.5
- CVE-2026-32280Unexpected work during chain building in crypto/x5097.5
- CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5