Known Vulnerabilities for products from Golang

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Golang".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-52814 json Not Provided 2026-06-24 2026-06-25
CVE-2026-46604 json The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. Not Provided 2026-06-26 2026-07-01
CVE-2026-46598 json For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. Not Provided 2026-05-22 2026-05-28
CVE-2026-46597 json An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inp... Not Provided 2026-05-22 2026-05-28
CVE-2026-46595 json Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback... Not Provided 2026-05-22 2026-07-10
CVE-2026-45135 json Not Provided 2026-06-23 2026-06-23
CVE-2026-45062 json Not Provided 2026-06-10 2026-06-11
CVE-2026-42508 json Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key... Not Provided 2026-05-22 2026-07-10
CVE-2026-42506 json Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to ex... Not Provided 2026-05-22 2026-05-29
CVE-2026-42502 json Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to ex... Not Provided 2026-05-22 2026-05-29
CVE-2026-42501 json A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database va... Not Provided 2026-05-07 2026-05-13
CVE-2026-42499 json Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. Not Provided 2026-05-07 2026-07-10
CVE-2026-39835 json SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused... Not Provided 2026-05-22 2026-07-10
CVE-2026-39834 json When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size ... Not Provided 2026-05-22 2026-05-28
CVE-2026-39833 json The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced... Not Provided 2026-05-22 2026-05-28
CVE-2026-39832 json When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in... Not Provided 2026-05-22 2026-07-10
CVE-2026-39831 json The Verify() method for FIDO/U2F security key types ([email protected], [email protected]) did not ... Not Provided 2026-05-22 2026-06-02
CVE-2026-39830 json A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's re... Not Provided 2026-05-22 2026-07-10
CVE-2026-39829 json The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively la... Not Provided 2026-05-22 2026-07-10
CVE-2026-39828 json When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were sile... Not Provided 2026-05-22 2026-07-10

Known software with vulnerabilities from Golang

Type Vendor Product Version
ApplicationGolangCrypto-
ApplicationGolangGo0.0.0-20201203163018-be400aefbc4c
ApplicationGolangNet2018-07-02
ApplicationGolangPackage Ssh0.0.0-20200220183623-bac4c82f6975
ApplicationGolangProtobuf0.1
ApplicationGolangText0.1.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report