Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
go vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-28367
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
Golang Go
7.3
CVSSv3
CVE-2023-29400
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Golang Go
1 Github repository
6.5
CVSSv3
CVE-2023-29406
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Golang Go
1 Github repository
7.8
CVSSv3
CVE-2019-9634
Go up to and including 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
Golang Go
5.3
CVSSv3
CVE-2021-33197
In Go prior to 1.15.13 and 1.16.x prior to 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
Golang Go
7.5
CVSSv3
CVE-2021-33198
In Go prior to 1.15.13 and 1.16.x prior to 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
Golang Go
7.5
CVSSv3
CVE-2023-45283
The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,...
Golang Go
5.3
CVSSv3
CVE-2023-45284
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as loc...
Golang Go
4.8
CVSSv3
CVE-2023-49292
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are adv...
Ecies Go
9.8
CVSSv3
CVE-2019-11888
Go up to and including 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows malicious users to obtain sensitive information or gain privileges.
Golang Go
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »