Known Vulnerabilities for products from Golang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Golang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33810 json | When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildca... | Not Provided | 2026-04-08 | 2026-04-20 |
| CVE-2026-33809 json | A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive r... | Not Provided | 2026-03-25 | 2026-04-21 |
| CVE-2026-33186 json | Not Provided | 2026-03-20 | 2026-03-24 | |
| CVE-2026-32289 json | Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-32288 json | tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-32283 json | If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can de... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-32282 json | On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate ... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-32281 json | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very la... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-32280 json | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certifica... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-27144 json | The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the ... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-27143 json | Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler ... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-27142 json | Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag al... | Not Provided | 2026-03-06 | 2026-04-21 |
| CVE-2026-27140 json | SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build... | Not Provided | 2026-04-08 | 2026-04-16 |
| CVE-2026-27139 json | On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could re... | Not Provided | 2026-03-06 | 2026-04-21 |
| CVE-2026-27138 json | Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain... | Not Provided | 2026-03-06 | 2026-04-21 |
| CVE-2026-27137 json | When verifying a certificate chain which contains a certificate containing multiple email address constraints which share com... | Not Provided | 2026-03-06 | 2026-04-21 |
| CVE-2026-25679 json | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. | Not Provided | 2026-03-06 | 2026-04-21 |
| CVE-2023-48795 json | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2023-46324 json | pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may comp... | 7.5 - HIGH | 2023-10-23 | 2023-10-30 |
| CVE-2023-45284 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2023-11-09 | 2023-11-17 |
Known software with vulnerabilities from Golang
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Golang | Crypto | - |
| Application | Golang | Go | 0.0.0-20201203163018-be400aefbc4c |
| Application | Golang | Net | 2018-07-02 |
| Application | Golang | Package Ssh | 0.0.0-20200220183623-bac4c82f6975 |
| Application | Golang | Protobuf | 0.1 |
| Application | Golang | Text | 0.1.0 |