| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33812 | Excessive memory allocation when decoding malicious SFNT in golang.org/x/image | golang.org/x/image | golang.org/x/image/font/sfnt | - | - | 2026-04-21 19:21:29 | Deep Dive |
| CVE-2026-33813 | Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image | golang.org/x/image | golang.org/x/image/webp | - | - | 2026-04-21 19:21:28 | Deep Dive |
| CVE-2026-33809 | OOM from malicious IFD offset in golang.org/x/image/tiff | golang.org/x/image | golang.org/x/image/tiff | 中危 | - | 2026-03-25 18:24:04 | Deep Dive |
| CVE-2026-27141 | Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net | golang.org/x/net | golang.org/x/net/http2 | - | - | 2026-02-26 18:50:32 | Deep Dive |
| CVE-2025-47911 | Quadratic parsing complexity in golang.org/x/net/html | golang.org/x/net | golang.org/x/net/html | - | - | 2026-02-05 17:48:45 | Deep Dive |
| CVE-2025-58190 | Infinite parsing loop in golang.org/x/net | golang.org/x/net | golang.org/x/net/html | - | - | 2026-02-05 17:48:45 | Deep Dive |
| CVE-2025-68120 | Unexpected untrusted code execution in github.com/golang/vscode-go | github.com/golang/vscode-go | github.com/golang/vscode-go | 超危 | - | 2025-12-29 23:46:52 | Deep Dive |
| CVE-2025-10543 | Eclipse Paho Go MQTT v3.1 library 安全漏洞 | Eclipse Foundation | paho.mqtt.golang (Go MQTT v3.1 library) | - | - | 2025-12-02 08:18:17 | Deep Dive |
| CVE-2025-58181 | Unbounded memory consumption in golang.org/x/crypto/ssh | golang.org/x/crypto | golang.org/x/crypto/ssh | - | - | 2025-11-19 20:33:43 | Deep Dive |
| CVE-2025-47914 | Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent | golang.org/x/crypto | golang.org/x/crypto/ssh/agent | - | - | 2025-11-19 20:33:43 | Deep Dive |
| CVE-2025-47913 | Potential denial of service in golang.org/x/crypto/ssh/agent | golang.org/x/crypto | golang.org/x/crypto/ssh/agent | 中危 | - | 2025-11-13 21:29:40 | Deep Dive |
| CVE-2025-22872 | Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net | golang.org/x/net | golang.org/x/net/html | - | - | 2025-04-16 17:13:03 | Deep Dive |
| CVE-2025-30204 | jwt-go allows excessive memory allocation during header parsing | golang-jwt | jwt | High | 7.5 | 2025-03-21 21:42:01 | Deep Dive |
| CVE-2025-22870 | HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net | Go standard library | net/http | 中危 | - | 2025-03-12 18:27:59 | Deep Dive |
| CVE-2025-22869 | Potential denial of service in golang.org/x/crypto | golang.org/x/crypto | golang.org/x/crypto/ssh | 高危 | - | 2025-02-26 03:07:49 | Deep Dive |
| CVE-2025-22868 | Unexpected memory consumption during token parsing in golang.org/x/oauth2 | golang.org/x/oauth2 | golang.org/x/oauth2/jws | 高危 | - | 2025-02-26 03:07:49 | Deep Dive |
| CVE-2024-45339 | Vulnerability when creating log files in github.com/golang/glog | github.com/golang/glog | github.com/golang/glog | 高危 | - | 2025-01-28 01:03:24 | Deep Dive |
| CVE-2024-45338 | Non-linear parsing of case-insensitive content in golang.org/x/net/html | golang.org/x/net | golang.org/x/net/html | 中危 | - | 2024-12-18 20:38:23 | Deep Dive |
| CVE-2024-45337 | Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto | golang.org/x/crypto | golang.org/x/crypto/ssh | 高危 | - | 2024-12-11 18:55:59 | Deep Dive |
| CVE-2024-51744 | Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt | golang-jwt | jwt | Low | 3.1 | 2024-11-04 21:47:12 | Deep Dive |