Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Go standard library — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting Go standard library. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Go standard library:net/httpcrypto/x509crypto/tlshtml/templatepath/filepathnet/urlarchive/tarnet/textprotoosgo/parserarchive/zipnet/mailnet/http/internalcrypto/internal/nistecmime/multipartsyscallencoding/gobencoding/xmlos/execinternal/syscall/unixencoding/pemencoding/asn1database/sqlgo/build/constraintnet/netipnetnet/http/httputilio/fsruntimecompress/gzip
CVE IDTitleCVSSSeverityPublished
CVE-2026-32280 Unexpected work during chain building in crypto/x509 — crypto/x509 7.5AIHighAI2026-04-08
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls — crypto/tls 7.5AIHighAI2026-04-08
CVE-2026-32281 Inefficient policy validation in crypto/x509 — crypto/x509 7.5AIHighAI2026-04-08
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509 — crypto/x509 6.5AIMediumAI2026-04-08
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar — archive/tar 6.2AIMediumAI2026-04-08
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template — html/template 6.1AIMediumAI2026-04-08
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix — internal/syscall/unix 7.7AIHighAI2026-04-08
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template — html/template 6.1 -2026-03-06
CVE-2026-27139 FileInfo can escape from a Root in os — os 4.0 -2026-03-06
CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509 — crypto/x509 5.3 -2026-03-06
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509 — crypto/x509 7.5 -2026-03-06
CVE-2026-25679 Incorrect parsing of IPv6 host literals in net/url — net/url 5.3 -2026-03-06
CVE-2025-68121 Unexpected session resumption in crypto/tls — crypto/tls 5.4AIMediumAI2026-02-05
CVE-2025-22873 Improper access to parent directory of root in os — os 7.5AIHighAI2026-02-04
CVE-2025-61726 Memory exhaustion in query parameter parsing in net/url — net/url 7.5AIHighAI2026-01-28
CVE-2025-61730 Handshake messages may be processed at the incorrect encryption level in crypto/tls — crypto/tls 3.3AILowAI2026-01-28
CVE-2025-61728 Excessive CPU consumption when building archive index in archive/zip — archive/zip 6.2AIMediumAI2026-01-28
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 — crypto/x509 9.8AICriticalAI2025-12-03
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 — crypto/x509 7.5AIHighAI2025-12-02
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto — net/textproto 7.5AIHighAI2025-10-29
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http — net/http 7.5AIHighAI2025-10-29
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar — archive/tar 8.1AIHighAI2025-10-29
CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1 — encoding/asn1 6.2AIMediumAI2025-10-29
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509 — crypto/x509 7.5AIHighAI2025-10-29
CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls — crypto/tls 7.5AIHighAI2025-10-29
CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509 — crypto/x509 5.3AIMediumAI2025-10-29
CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url — net/url--AI2025-10-29
CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem — encoding/pem 7.5AIHighAI2025-10-29
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail — net/mail 7.5AIHighAI2025-10-29
CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http — net/http 7.5AIHighAI2025-09-22

This page lists every published CVE security advisory associated with Go standard library. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.