Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Go standard library — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting Go standard library. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Go standard library:net/httpcrypto/x509crypto/tlshtml/templatepath/filepathnet/urlarchive/tarnet/textprotoosgo/parserarchive/zipnet/mailnet/http/internalcrypto/internal/nistecmime/multipartsyscallencoding/gobencoding/xmlos/execinternal/syscall/unixencoding/pemencoding/asn1database/sqlgo/build/constraintnet/netipnetnet/http/httputilio/fsruntimecompress/gzip
CVE IDTitleCVSSSeverityPublished
CVE-2025-47906 Unexpected paths returned from LookPath in os/exec — os/exec 7.5AIHighAI2025-09-18
CVE-2025-47907 Incorrect results returned from Rows.Scan in database/sql — database/sql 5.3AIMediumAI2025-08-07
CVE-2024-8244 Walk/WalkDir in path/filepath susceptible to symlink race — path/filepath 4.7 -2025-08-06
CVE-2025-0913 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall — syscall--AI2025-06-11
CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http — net/http 6.5AIMediumAI2025-06-11
CVE-2025-22874 Usage of ExtKeyUsageAny disables policy validation in crypto/x509 — crypto/x509 6.5AIMediumAI2025-06-11
CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http — net/http/internal 9.1AICriticalAI2025-04-08
CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net — net/http 5.3 -2025-03-12
CVE-2025-22866 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec — crypto/internal/nistec 7.5 -2025-02-06
CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http — net/http 8.2 -2025-01-28
CVE-2025-22865 ParsePKCS1PrivateKey panic with partial keys in crypto/x509 — crypto/x509 7.5 -2025-01-28
CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 — crypto/x509 5.3 -2025-01-28
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser — go/parser 7.5 -2024-09-06
CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob — encoding/gob 7.5 -2024-09-06
CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint — go/build/constraint 7.5 -2024-09-06
CVE-2024-24791 Denial of service due to improper 100-continue handling in net/http — net/http 7.5AIHighAI2024-07-02
CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip — archive/zip 5.3AIMediumAI2024-06-05
CVE-2024-24790 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip — net/netip--AI2024-06-05
CVE-2024-24788 Malformed DNS message can cause infinite loop in net — net 7.5AIHighAI2024-05-08
CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http — net/http 7.5 -2024-04-04
CVE-2024-24785 Errors returned from JSON marshaling may break template escaping in html/template — html/template 5.3AIMediumAI2024-03-05
CVE-2024-24784 Comments in display names are incorrectly handled in net/mail — net/mail 7.5AIHighAI2024-03-05
CVE-2023-45289 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http — net/http 7.1AIHighAI2024-03-05
CVE-2023-45290 Memory exhaustion in multipart form parsing in net/textproto and net/http — net/textproto 7.5AIHighAI2024-03-05
CVE-2024-24783 Verify panics on certificates with an unknown public key algorithm in crypto/x509 — crypto/x509 7.5AIHighAI2024-03-05
CVE-2023-39326 Denial of service via chunk extensions in net/http — net/http/internal 7.5 -2023-12-06
CVE-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel — crypto/tls 5.9 -2023-12-05
CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath — path/filepath 4.3 -2023-11-09
CVE-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath — path/filepath 9.1 -2023-11-09
CVE-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http — net/http 7.5 -2023-10-11

This page lists every published CVE security advisory associated with Go standard library. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.