Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how golang compares to other vendors in security performance

View Risk Score →

Golang GoBypass of meta content URL escaping causes XSS in html/template

Risk 39
Severity
6.1
First published (updated )
CVE-2026-39823

Golang GoQuadratic string concatentation in consumeComment in net/mail

Risk 45
Severity
7.5
First published (updated )
CVE-2026-39820

Golang GoCrash when handling long CNAME response in net

Risk 45
Severity
7.5
First published (updated )
CVE-2026-33811

Golang GoEscaper bypass leads to XSS in html/template

Risk 39
Severity
6.1
First published (updated )
CVE-2026-39826

Golang GoMalicious module proxy can bypass checksum database in cmd/go

Risk 72
Severity
7.5
First published (updated )
CVE-2026-42501
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoPanic in Dial and LookupPort when handling NUL byte on Windows in net

Risk 45
Severity
7.5
First published (updated )
CVE-2026-39836

Golang GoInvoking "go tool pack" does not sanitize output paths in cmd/go

Risk 34
Severity
5.9
First published (updated )
CVE-2026-39817

Golang GoInvoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

Risk 38
Severity
5.3
First published (updated )
CVE-2026-39819

Golang GoReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil

Risk 28
Severity
5.3
First published (updated )
CVE-2026-39825

Golang GoQuadratic string concatenation in consumePhrase in net/mail

Risk 45
Severity
7.5
First published (updated )
CVE-2026-42499
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoInfinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Risk 46
Severity
7.5
First published (updated )
CVE-2026-33814

go/golang.org/x/imageExcessive memory allocation when decoding malicious SFNT in golang.org/x/image

Risk 41
Severity
6.1
First published (updated )
CVE-2026-33812

golang.org/x/imagePanic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Risk 43
Severity
7.5
First published (updated )
CVE-2026-33813

Golang GoInefficient policy validation in crypto/x509

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32281

Golang GoUnexpected work during chain building in crypto/x509

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32280
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoUnbounded allocation for old GNU sparse in archive/tar

Risk 33
Severity
5.5
First published (updated )
CVE-2026-32288

Golang GoMissing bound checks can lead to memory corruption in safe Go in cmd/compile

Risk 91
Severity
9.8
First published (updated )
CVE-2026-27143

Golang GoUnauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32283

Golang GoCode execution vulnerability in SWIG code generation in cmd/go

Risk 81
Severity
8.8
First published (updated )
CVE-2026-27140

Golang GoJsBraceDepth Context Tracking Bugs (XSS) in html/template

Risk 39
Severity
6.1
First published (updated )
CVE-2026-32289
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoMiscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

Risk 56
Severity
7.1
First published (updated )
CVE-2026-27144

go crypto/x509Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

Risk 59
Severity
8.2
First published (updated )
CVE-2026-33810

Golang GoTOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

Risk 60
Severity
6.4
First published (updated )
CVE-2026-32282

golang/golang.org/x/image/tiffOOM from malicious IFD offset in golang.org/x/image/tiff

Risk 19
Severity
5.3
EPSS
0.03%
First published (updated )
CVE-2026-33809

golang/x509Panic in name constraint checking for malformed certificates in crypto/x509

Risk 37
Severity
5.9
First published (updated )
CVE-2026-27138
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Golang GoIncorrect parsing of IPv6 host literals in net/url

Risk 46
Severity
7.5
First published (updated )
CVE-2026-25679

Golang GoFileInfo can escape from a Root in os

Risk 15
Severity
2.5
First published (updated )
CVE-2026-27139

Golang GoURLs in meta content attribute actions are not escaped in html/template

Risk 40
Severity
6.1
First published (updated )
CVE-2026-27142

Microsoft azl3 golang 1.26.0-1Incorrect enforcement of email constraints in crypto/x509

Risk 46
Severity
7.5
First published (updated )
CVE-2026-27137

go/github.com/gofiber/fiber/v2Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Risk 76
Severity
9.4
First published (updated )
CVE-2025-66630
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203