Search CVE reports


Toggle filters

1 – 10 of 126 results


CVE-2026-42505

Medium priority
Needs evaluation

(Handshakes which used Encrypted Client Hello could be de-anonymized by ...)

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
Show all 16 packages Show less packages

CVE-2026-39822

Medium priority
Needs evaluation

(On Unix systems, opening a file in an os.Root improperly follows symli ...)

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
Show all 16 packages Show less packages

CVE-2026-42501

Medium priority
Needs evaluation

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2026-42499

Medium priority
Needs evaluation

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39836

Medium priority
Ignored

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not affected
golang-1.13 Not in release Not in release Not affected Not affected Not affected
golang-1.14 Not in release Not in release Not in release Not affected
golang-1.16 Not in release Not in release Not in release Not affected Not affected
golang-1.17 Not in release Not in release Not affected
golang-1.18 Not in release Not in release Not affected Not affected Not affected
golang-1.20 Not in release Not in release Not affected Not affected
golang-1.21 Not in release Not affected Not affected Not affected
golang-1.22 Not in release Not affected Not affected Not affected
golang-1.23 Not affected Not affected Not affected
golang-1.24 Not affected Not affected Not affected
golang-1.25 Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not affected
golang-1.9 Not in release Not in release Not in release Not affected
Show all 16 packages Show less packages

CVE-2026-39826

Medium priority
Needs evaluation

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39825

Medium priority
Needs evaluation

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39823

Medium priority
Needs evaluation

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute,...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39820

Medium priority
Needs evaluation

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39819

Medium priority
Needs evaluation

The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages