Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how go compares to other vendors in security performance

View Risk Score →

oss-secGo 1.26.3 and Go 1.25.10 aleased with 11 security fixes

First published (updated )
https://seclists.org/oss-sec/2026/q2/454

Golang GoBypass of meta content URL escaping causes XSS in html/template

Risk 39
Severity
6.1
First published (updated )
CVE-2026-39823

Golang GoInvoking "go tool pack" does not sanitize output paths in cmd/go

Risk 34
Severity
5.9
First published (updated )
CVE-2026-39817

Golang GoInvoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

Risk 38
Severity
5.3
First published (updated )
CVE-2026-39819

Golang GoReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Risk 28
Severity
5.3
First published (updated )
CVE-2026-39825
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoQuadratic string concatenation in consumePhrase in net/mail

Risk 45
Severity
7.5
First published (updated )
CVE-2026-42499

go crypto/x509During chain building, the amount of work that is done is not correctly limited when a large number …

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2456339

go Go crypto/x509When verifying a certificate chain containing excluded DNS constraints, these constraints are not co…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2456335

Golang GoInefficient policy validation in crypto/x509

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32281

Golang GoUnexpected work during chain building in crypto/x509

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32280
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoMissing bound checks can lead to memory corruption in safe Go in cmd/compile

Risk 91
Severity
9.8
First published (updated )
CVE-2026-27143

Golang GoUnauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32283

Golang GoCode execution vulnerability in SWIG code generation in cmd/go

Risk 81
Severity
8.8
First published (updated )
CVE-2026-27140

go crypto/x509Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

Risk 59
Severity
8.2
First published (updated )
CVE-2026-33810

Golang GoTOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

Risk 60
Severity
6.4
First published (updated )
CVE-2026-32282
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go net/urlurl.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2445356

Golang GoIncorrect parsing of IPv6 host literals in net/url

Risk 46
Severity
7.5
First published (updated )
CVE-2026-25679

go crypto/tls (Go standard library)During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs field…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2437111

golang.org/x/net/htmlInfinite parsing loop in golang.org/x/net

Risk 27
Severity
5.3
First published (updated )
CVE-2025-58190

golang.org/x/net/htmlQuadratic parsing complexity in golang.org/x/net/html

Risk 27
Severity
5.3
First published (updated )
CVE-2025-47911
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoHandshake messages may be processed at the incorrect encryption level in crypto/tls

Risk 29
Severity
5.3
First published (updated )
CVE-2025-61730

oss-secCVE-2025-68121: gssion and Incomplete Fix for Go TLS Session sumption

First published (updated )
https://seclists.org/oss-sec/2026/q1/84

github.com/golang/vscode-goUnexpected untrusted code execution in github.com/golang/vscode-go

Risk 34
Severity
5.4
First published (updated )
CVE-2025-68120

go crypto/x509Within HostnameError.Error(), when constructing an error string, there is no limit to the number of …

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2418462

go crypto/sshUnbounded memory consumption in golang.org/x/crypto/ssh

Risk 27
Severity
5.3
First published (updated )
CVE-2025-58181
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang x/crypto/ssh/agentPotential denial of service in golang.org/x/crypto/ssh/agent

Risk 43
Severity
7.5
First published (updated )
CVE-2025-47913

go archive/tartar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2407258

go Go (os/exec LookPath)If the PATH environment variable contains paths which are executables (rather than just directories)…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2396546

go GoImproper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Risk 51
Severity
7.3
First published (updated )
CVE-2025-47909

go database/sqlRace Condition

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2387083
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203