CVE-2026-39822 os: Root Escape via Symlink With Trailing Slash Medium
False PositiveCE / EE CE 2.13.8 / EE 2.13.6 Jul 8, 2026 CVE-2026-42505 crypto/tls: Encrypted Client Hello Privacy Leak via PSK in Outer ClientHello Low
False PositiveCE / EE CE 2.13.8 / EE 2.13.6 Jul 8, 2026 CVE-2026-40898 quic-go: HTTP/3 Memory Exhaustion via Unbounded QPACK Trailer Decompression High
False PositiveCE / EE CE 2.13.8 / EE 2.13.6 Jun 17, 2026 CVE-2026-42504 mime: Denial of Service via Quadratic Complexity in MIME Header Decoding High Advisory CE / EE CE 2.13.7 / EE 2.13.5 Jun 3, 2026 CVE-2026-27145 crypto/x509: Denial of Service via Quadratic Complexity in Hostname Verification Medium Advisory CE / EE CE 2.13.7 / EE 2.13.5 Jun 3, 2026 CVE-2026-42507 net/textproto: Log Injection via Unescaped Input in Error Messages Medium Advisory CE / EE CE 2.13.7 / EE 2.13.5 Jun 3, 2026 CVE-2026-39821 x/net/idna: Punycode-Encoded Labels Bypass Hostname Security Checks Critical Advisory CE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-25680 html: Denial of Service via Cubic Complexity During Tree Construction Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-25681 html: XSS via Incorrect Handling of Character References in DOCTYPE Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-27136 html: XSS via Duplicate Attributes Causing Mis-parsing Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39824 windows: Integer Overflow in NewNTUnicodeString Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39827 ssh: Memory Leak via Repeatedly Rejected Channels Enables Server DoS Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39828 ssh: Certificate Restrictions Bypass via PartialSuccessError Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39829 ssh: Denial of Service via Pathological RSA/DSA Key Parameters Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39830 ssh: Server Deadlock via Unsolicited Global Request Responses Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39831 ssh: FIDO/U2F Physical Interaction Requirement Bypass Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39832 ssh/agent: Destination Constraints Dropped When Forwarding Keys Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39833 ssh/agent: ConfirmBeforeUse Constraint Silently Not Enforced Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39834 ssh: Infinite Loop on Channel Writes Due to Integer Overflow Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-39835 ssh: Server Panic When CertChecker Has No Authority Callbacks Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-42502 html: XSS via HTML Elements in Foreign Content Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-42506 html: XSS via Namespaced Elements in Foreign Content Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-42508 ssh/knownhosts: @revoked Status Not Checked on CA SignatureKey Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-46595 ssh: VerifiedPublicKeyCallback Skips Source-Address Validation Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-46597 ssh: Byte Arithmetic Underflow in AES-GCM Packet Decoder Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-46598 ssh/agent: Client Panic on Malformed ed25519 Wire Bytes Medium
False PositiveCE / EE CE 2.13.6 / EE 2.13.4 May 26, 2026 CVE-2026-32952 auth/ntlm: Process Crash via Malicious NTLM Challenge Message High Advisory EE only EE 2.13.3 May 11, 2026 CVE-2026-33811 net: Application Crash via Long CNAME DNS Response High Advisory CE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-33814 net/http: Infinite Loop in HTTP/2 Transport via Zero SETTINGS_MAX_FRAME_SIZE High Advisory CE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-42151 Prometheus: Azure AD OAuth Client Secret Exposed in Plaintext High
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-42154 Prometheus: Memory Exhaustion via Crafted Remote Read Request High
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39817 cmd/go: go tool pack Does Not Sanitize Output Paths Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39819 cmd/go: go bug Follows Symlinks in Predictable Temporary Filenames Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39820 net/mail: Quadratic String Concatenation in consumeComment Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39823 html/template: Meta Content URL Escaping Bypass Causes XSS Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39825 net/http/httputil: ReverseProxy Forwards Hidden Query Parameters Medium Advisory CE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39826 html/template: Escaper Bypass Leads to Cross-Site Scripting Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39836 net: Panic in Dial and LookupPort on Windows via NUL Byte Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-39882 telemetry/opentelemetry: OTLP HTTP Exporter Reads Unbounded Response Body Medium Advisory CE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-40179 Prometheus: Stored XSS in Web UI via Metric Names and Label Values Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-42499 net/mail: Quadratic String Concatenation in consumePhrase Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-42501 cmd/go: Malicious Module Proxy Can Bypass Checksum Database Medium
False PositiveCE / EE CE 2.13.5 / EE 2.13.3 May 11, 2026 CVE-2026-27143 cmd/compile: Memory Corruption After Bound Check Elimination High
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-32283 crypto/tls: TLS Connection Deadlock via Key Update Flood High Advisory CE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-34986 auth/validator: Go JOSE Panic via Empty Encrypted Key in JWE Key Wrapping High
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-27140 cmd/go: Trust Layer Bypass with cgo and SWIG Medium
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-27144 cmd/compile: No-op Interface Conversion Bypasses Overlap Checking Medium
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-32280 crypto/x509: Unexpected Work During Certificate Chain Building Medium Advisory CE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-32281 crypto/x509: Inefficient Policy Validation Medium Advisory CE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-32282 os: Root.Chmod Follows Symlinks Outside Root on Linux Medium
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-32288 archive/tar: Unbounded Memory Allocation in GNU Sparse Map Parsing Medium
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-32289 html/template: JS Template Literal Context Incorrectly Tracked Medium
False PositiveCE / EE CE 2.13.4 / EE 2.13.2 Apr 8, 2026 CVE-2026-33186 grpc: Authorization Bypass via Custom Interceptors or Per-RPC Plugins High
False PositiveCE / EE CE 2.13.3 / EE 2.13.1 Mar 19, 2026 CVE-2026-24051 telemetry/opentelemetry: Arbitrary Code Execution via Untrusted PATH on macOS High Advisory CE / EE CE 2.13.2 / EE 2.13.0 Mar 9, 2026 CVE-2026-25679 net/url: IPv6 Literal Validation Bypass Medium Advisory CE / EE CE 2.13.2 / EE 2.13.0 Mar 9, 2026 CVE-2026-27139 os: FileInfo Can Escape from a Root Medium Advisory CE / EE CE 2.13.2 / EE 2.13.0 Mar 9, 2026 CVE-2026-27142 html/template: URLs in Meta Content Attribute Not Escaped Medium
False PositiveCE / EE CE 2.13.2 / EE 2.13.0 Mar 9, 2026 CVE-2026-3206 backend/circuit-breaker: Uncontrolled Context Cancellation Causes Cascading Request Failures Medium Advisory CE / EE CE 2.13.1 / EE 2.12.5 Feb 18, 2026 CVE-2025-61732 cmd/cgo: Code Smuggling into cgo Binary via Comment Parsing Medium
False PositiveCE / EE CE 2.13.0 / EE 2.12.4 Feb 10, 2026 CVE-2025-68121 crypto/tls: TLS Session Key Mismanagement in Config.Clone and GetConfigForClient Medium Advisory CE / EE CE 2.13.0 / EE 2.12.4 Feb 10, 2026 CVE-2025-61731 cmd/go: CgoPkgConfig Flag Bypass Leads to Arbitrary Code Execution High
False PositiveCE / EE CE 2.12.1 / EE 2.12.3 Jan 16, 2026 CVE-2025-68119 cmd/go: VCS Toolchain Misinterpretation Enables Code Execution High
False PositiveCE / EE CE 2.12.1 / EE 2.12.3 Jan 16, 2026 CVE-2025-61726 net/http: Memory Exhaustion from Excessive Form Key-Value Pairs Medium Advisory CE / EE CE 2.12.1 / EE 2.12.3 Jan 16, 2026 CVE-2025-61728 archive/zip: Super-linear Filename Indexing Causes DoS on Malicious ZIPs Medium
False PositiveCE / EE CE 2.12.1 / EE 2.12.3 Jan 16, 2026 CVE-2025-61727 crypto/x509: Subdomain Exclusion Constraint Does Not Restrict Wildcard SANs Medium Advisory CE / EE CE 2.12.1 / EE 2.12.2 Dec 4, 2025 CVE-2025-61729 crypto/x509: Quadratic Runtime in HostnameError.Error via Malicious Certificate Medium Advisory CE / EE CE 2.12.1 / EE 2.12.2 Dec 4, 2025 CVE-2025-47914 x/crypto/ssh/agent: Panic via Malformed Identity Request Message Medium
False PositiveCE / EE CE 2.12.1 / EE 2.12.1 Nov 21, 2025 CVE-2025-58181 x/crypto/ssh: Memory Exhaustion via Unbounded GSSAPI Mechanism Count Medium
False PositiveCE / EE CE 2.12.1 / EE 2.12.1 Nov 21, 2025 CVE-2025-58187 crypto/x509: Name Constraint Validation Denial of Service via Quadratic Complexity High Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-58188 crypto/x509: Panic on Certificate Validation with DSA Public Keys High Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-61723 encoding/pem: Denial of Service via Quadratic Complexity on Invalid PEM Input High Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-58185 encoding/asn1: Memory Exhaustion via Malicious DER Payload Medium Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-58186 net/http: Memory Exhaustion via Unbounded Cookie Parsing Medium Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-58189 crypto/tls: Attacker-Controlled Text in ALPN Negotiation Error Medium Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-61724 net/textproto: CPU Exhaustion via Excessive HTTP Response Lines Medium Advisory CE / EE CE 2.11.1 / EE 2.11.2 Oct 8, 2025 CVE-2025-4674 cmd/go: Unexpected Command Execution via Untrusted VCS Repository Metadata High
False PositiveCE / EE CE 2.10.2 / EE 2.10.3 Jul 9, 2025 CVE-2025-22868 go-jose: Memory Exhaustion via Malformed Token Parsing High
False PositiveCE / EE CE 2.10.1 / EE 2.10.1 Jun 19, 2025 CVE-2025-22874 crypto/x509: Certificate Policy Validation Bypass via ExtKeyUsageAny High Advisory CE / EE CE 2.10.1 / EE 2.10.1 Jun 19, 2025 CVE-2025-4673 net/http: Proxy Header Leak on Cross-Origin Redirects Medium Advisory CE / EE CE 2.10.1 / EE 2.10.1 Jun 19, 2025 No CVEs match your search.