Search CVE reports


Toggle filters

21 – 30 of 135 results


CVE-2026-27143

Medium priority
Vulnerable

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not affected
golang-1.13 Not in release Not in release Not affected Not affected Not affected
golang-1.14 Not in release Not in release Not in release Not affected
golang-1.16 Not in release Not in release Not in release Not affected Not affected
golang-1.17 Not in release Not in release Not affected
golang-1.18 Not in release Not in release Not affected Not affected Not affected
golang-1.20 Not in release Not in release Vulnerable Vulnerable
golang-1.21 Not in release Vulnerable Vulnerable Vulnerable
golang-1.22 Not in release Vulnerable Vulnerable Vulnerable
golang-1.23 Vulnerable Vulnerable Vulnerable
golang-1.24 Vulnerable Vulnerable Vulnerable
golang-1.25 Vulnerable Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not affected
golang-1.9 Not in release Not in release Not in release Not affected
Show all 16 packages Show less packages

CVE-2026-27140

Medium priority
Vulnerable

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Not in release Vulnerable
golang-1.16 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Not in release Vulnerable
golang-1.18 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.20 Not in release Not in release Vulnerable Vulnerable
golang-1.21 Not in release Vulnerable Vulnerable Vulnerable
golang-1.22 Not in release Vulnerable Vulnerable Vulnerable
golang-1.23 Vulnerable Vulnerable Vulnerable
golang-1.24 Vulnerable Vulnerable Vulnerable
golang-1.25 Vulnerable Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not affected
golang-1.9 Not in release Not in release Not in release Not affected
Show all 16 packages Show less packages

CVE-2025-68121

Medium priority
Vulnerable

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed....

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not affected
golang-1.13 Not in release Not in release Not affected Not affected Not affected
golang-1.14 Not in release Not in release Not in release Not affected
golang-1.16 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Not in release Vulnerable
golang-1.18 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.20 Not in release Not in release Vulnerable Vulnerable
golang-1.21 Not in release Vulnerable Vulnerable Vulnerable
golang-1.22 Not in release Vulnerable Vulnerable Vulnerable
golang-1.23 Vulnerable Vulnerable Vulnerable
golang-1.24 Vulnerable Vulnerable Vulnerable
golang-1.25 Vulnerable Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not affected
golang-1.9 Not in release Not in release Not in release Not affected
Show all 16 packages Show less packages

CVE-2025-61732

Medium priority
Vulnerable

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

15 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Not in release Vulnerable
golang-1.16 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Not in release Vulnerable
golang-1.20 Not in release Not in release Vulnerable Vulnerable
golang-1.21 Not in release Vulnerable Vulnerable Vulnerable
golang-1.22 Not in release Vulnerable Vulnerable Vulnerable
golang-1.23 Vulnerable Vulnerable Vulnerable
golang-1.24 Not affected Vulnerable Vulnerable
golang-1.25 Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
Show all 15 packages Show less packages

CVE-2025-68119

Medium priority
Needs evaluation

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2025-61731

Medium priority
Vulnerable

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Not in release Vulnerable
golang-1.16 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Not in release Vulnerable
golang-1.18 Not in release Not in release Vulnerable Vulnerable Vulnerable
golang-1.20 Not in release Not in release Vulnerable Vulnerable
golang-1.21 Not in release Vulnerable Vulnerable Vulnerable
golang-1.22 Not in release Vulnerable Vulnerable Vulnerable
golang-1.23 Vulnerable Vulnerable Vulnerable
golang-1.24 Vulnerable Vulnerable Vulnerable
golang-1.25 Vulnerable Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not affected
golang-1.9 Not in release Not in release Not in release Not affected
Show all 16 packages Show less packages

CVE-2025-61730

Medium priority
Needs evaluation

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2025-61728

Medium priority
Needs evaluation

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2025-61726

Medium priority
Needs evaluation

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the...

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages

CVE-2025-61725

Medium priority
Needs evaluation

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

16 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation
golang-1.18 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Needs evaluation
golang-1.21 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation Needs evaluation
golang-1.24 Needs evaluation Needs evaluation Needs evaluation
golang-1.25 Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 16 packages Show less packages