Search CVE reports
1 – 10 of 81 results
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute,...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to...
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |