All 9 CVE vulnerabilities found in html/template, with AI-generated Chinese analysis, references, and POCs.
Vendor: Go standard library
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-32289 | JsBraceDepth Context Tracking Bugs (XSS) in html/template | 6.1AI | MediumAI | 2026-04-08 |
| CVE-2026-27142 | URLs in meta content attribute actions are not escaped in html/template | 6.1 | - | 2026-03-06 |
| CVE-2024-24785 | Errors returned from JSON marshaling may break template escaping in html/template | 5.3AI | MediumAI | 2024-03-05 |
| CVE-2023-39319 | Improper handling of special tags within script contexts in html/template | 6.1 | - | 2023-09-08 |
| CVE-2023-39318 | Improper handling of HTML-like comments in script contexts in html/template | 6.1 | - | 2023-09-08 |
| CVE-2023-24539 | Improper sanitization of CSS values in html/template | 7.2 | - | 2023-05-11 |
| CVE-2023-24540 | Improper handling of JavaScript whitespace in html/template | 9.8 | - | 2023-05-11 |
| CVE-2023-29400 | Improper handling of empty HTML attributes in html/template | 5.3 | - | 2023-05-11 |
| CVE-2023-24538 | Backticks not treated as string delimiters in html/template | 10.0 | - | 2023-04-06 |
All 9 known CVE vulnerabilities affecting html/template with full Chinese analysis, references, and POCs where available.