Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-7189
crpyto/tls in Go 1.1 prior to 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle malicious users to spoof clients via unspecified vectors.
Golang Go 1.1
Golang Go 1.1.1
Golang Go 1.1.2
Golang Go 1.2
Golang Go 1.2.1
Golang Go 1.2.2
Golang Go 1.3
Golang Go 1.3.1
7.5
CVSSv3
CVE-2022-41723
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Golang Go
Golang Go 1.20.0
Golang Hpack
Golang Http2
2 Github repositories
7.5
CVSSv3
CVE-2015-8618
The Int.Exp Montgomery code in the math/big library in Go 1.5.x prior to 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for malicious users to obtain private RSA keys via unspecified vectors.
Opensuse Leap 42.1
Golang Go 1.5
Golang Go 1.5.1
Golang Go 1.5.2
7.8
CVSSv3
CVE-2016-3958
Untrusted search path vulnerability in Go prior to 1.5.4 and 1.6.x prior to 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
Golang Go
Golang Go 1.6
5.3
CVSSv3
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are c...
Golang Go
Golang Go 1.21.0
1 Github repository
7.5
CVSSv3
CVE-2022-41722
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute pat...
Golang Go
Golang Go 1.20.0
7.5
CVSSv3
CVE-2022-41724
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly...
Golang Go
Golang Go 1.20.0
7.5
CVSSv3
CVE-2022-41725
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package wi...
Golang Go
Golang Go 1.20.0
7.5
CVSSv3
CVE-2022-27664
In net/http in Go prior to 1.18.6 and 1.19.x prior to 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Golang Go
Golang Go 1.19.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
5.9
CVSSv3
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go prior to 1.7.6 and 1.8.x prior to 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar i...
Golang Go
Golang Go 1.8
Golang Go 1.8.1
Novell Suse Package Hub For Suse Linux Enterprise 12
Fedoraproject Fedora 25
Opensuse Leap 42.2
1 Github repository
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-22207
joomla! cms
CVE-2024-45774
post smtp – wordpress smtp plugin with email logs and mobile app for failure notifications – gmail smtp, office 365, brevo, mailgun, amazon ses and more
XSS
CVE-2025-1094
CVE-2025-22656
malicious code
CVE-2025-0108
CVE-2024-13438
infusionsoft
XXE
supporthost
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »