Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
go vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41725
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package wi...
Golang Go
Golang Go 1.20.0
NA
CVE-2022-42980
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
Go-admin Go-admin 2.0.12
383
VMScore
CVE-2018-20744
The Olivier Poitrey Go CORS handler up to and including 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Go Cors Project Go Cors
445
VMScore
CVE-2021-23409
The package github.com/pires/go-proxyproto prior to 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
Go-proxyproto Project Go-proxyproto
570
VMScore
CVE-2016-9121
go-jose prior to 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the rec...
Go-jose Project Go-jose
445
VMScore
CVE-2016-9122
go-jose prior to 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For examp...
Go-jose Project Go-jose
641
VMScore
CVE-2016-3958
Untrusted search path vulnerability in Go prior to 1.5.4 and 1.6.x prior to 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
Golang Go
Golang Go 1.6
383
VMScore
CVE-2019-18923
Insufficient content type validation of proxied resources in go-camo prior to 2.1.1 allows a remote malicious user to serve arbitrary content from go-camo's origin.
Go-camo Project Go-camo
NA
CVE-2020-36560
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Go-unzip Project Go-unzip
445
VMScore
CVE-2022-30591
quic-go up to and including 0.27.0 allows remote malicious users to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently...
Quic-go Project Quic-go
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »