Golang Security Vulnerabilities (CVEs)
Track 39 security vulnerabilities affecting Golang products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it should fail due to certificate authority configuration ...
Feb 5, 2026This vulnerability allows attackers to execute arbitrary code or write arbitrary files when downloading and building Go modules with malicious version...
Jan 28, 2026This vulnerability allows attackers to write arbitrary content to files they control by exploiting the '#cgo pkg-config:' directive in Go source files...
Jan 28, 2026This vulnerability in Go's net/url package allows attackers to cause denial of service through memory exhaustion by sending HTTP requests with an exce...
Jan 28, 2026This vulnerability in Go's archive/zip package uses an inefficient file name indexing algorithm that can be exploited via specially crafted ZIP archiv...
Jan 28, 2026This TLS 1.3 vulnerability in Go's crypto/tls library allows a network-local attacker to inject messages during handshake, potentially causing minor i...
Jan 28, 2026This vulnerability allows certificate authorities to issue certificates with wildcard SANs that bypass excluded subdomain constraints. It affects syst...
Dec 3, 2025This vulnerability in Go's HostnameError.Error() function allows a malicious certificate to cause excessive resource consumption through unbounded str...
Dec 2, 2025This vulnerability in SSH Agent servers allows attackers to cause a denial of service by sending specially crafted identity requests that trigger an o...
Nov 19, 2025This vulnerability in SSH servers allows attackers to cause denial of service through memory exhaustion by sending malformed GSSAPI authentication req...
Nov 19, 2025This vulnerability in Go's DER parsing allows an attacker to cause memory exhaustion by sending maliciously crafted DER payloads. It affects applicati...
Oct 29, 2025This vulnerability in Go's LookPath function allows unexpected binary execution when PATH contains executable files instead of directories. Attackers ...
Sep 18, 2025This vulnerability in Go's database/sql package allows race conditions when cancelling queries during parallel database operations. It can cause Scan(...
Aug 7, 2025This vulnerability involves inconsistent symlink handling in Go's os.OpenFile function when using O_CREATE|O_EXCL flags on Windows versus Unix systems...
Jun 11, 2025This vulnerability in Go's archive/zip package allows attackers to create specially crafted ZIP files that behave differently depending on which ZIP i...
Jun 5, 2024This vulnerability in Go's net package causes IPv4-mapped IPv6 addresses to be incorrectly classified by IsPrivate, IsLoopback, and similar methods, r...
Jun 5, 2024CVE-2024-3566 is a command injection vulnerability affecting Windows applications that use CreateProcess function with improper argument quoting. Atta...
Apr 10, 2024This CVE describes a protocol downgrade vulnerability in Go's module fetching system. When using 'go get' with a module ending in '.git', the system m...
Dec 6, 2023This CVE describes a timing side-channel vulnerability in Go's RSA-based TLS key exchange implementation prior to version 1.20. Attackers could potent...
Dec 5, 2023CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...
Oct 10, 2023This vulnerability in QUIC implementations allows malicious connections to cause unbounded memory growth by sending excessively large post-handshake m...
Sep 8, 2023CVE-2023-39320 is a critical vulnerability in Go's module system that allows arbitrary code execution when processing malicious go.mod files. It affec...
Sep 8, 2023This vulnerability in Go's cgo build system allows malicious Go modules to execute arbitrary code during the build process. Attackers can smuggle dang...
Jun 8, 2023This CVE-2023-29402 is a critical code injection vulnerability in Go's cgo build system. It allows attackers to execute arbitrary code during build ti...
Jun 8, 2023This is a cross-site scripting (XSS) vulnerability in Go's html/template package where angle brackets in CSS contexts aren't properly escaped. It affe...
May 11, 2023This CVE describes a template injection vulnerability in Go's text/template and html/template packages where certain Unicode whitespace characters are...
May 11, 2023This vulnerability in Go's crypto/elliptic library allows an attacker to cause a panic (crash) by providing a specially crafted long scalar input to t...
Apr 20, 2022This vulnerability is a stack overflow in Go's encoding/pem package when processing large PEM data. It allows attackers to cause denial of service or ...
Apr 20, 2022This vulnerability in Go's regexp.Compile function allows attackers to cause a denial of service via stack exhaustion by providing a deeply nested reg...
Mar 5, 2022CVE-2022-23772 is an integer overflow vulnerability in Go's math/big.Rat.SetString function that allows attackers to trigger uncontrolled memory consu...
Feb 11, 2022This vulnerability in Go's elliptic curve cryptography library allows Curve.IsOnCurve to incorrectly return true for invalid field elements. This coul...
Feb 11, 2022This vulnerability in Go's debug/macho package allows attackers to read memory beyond allocated buffer boundaries when parsing Mach-O files. It affect...
Nov 8, 2021This vulnerability allows buffer overflow attacks when Go programs compile WebAssembly (WASM) modules with GOARCH=wasm and GOOS=js. Attackers can expl...
Oct 18, 2021This vulnerability in Go's archive/zip package allows attackers to cause denial-of-service by triggering a panic when processing specially crafted ZIP...
Aug 2, 2021This vulnerability in Go's math/big.Rat package causes a panic (crash) when parsing extremely large exponents in rational number strings. It affects a...
Aug 2, 2021This vulnerability in Go programming language allows local privilege escalation through predictable temporary file creation. The dotest() function in ...
Jul 9, 2021This vulnerability in Go's XML encoding package causes an infinite loop when a custom TokenReader returns EOF in the middle of an XML element. This ca...
Mar 11, 2021This vulnerability in Go's encoding/xml package allows attackers to craft XML inputs that behave inconsistently during different processing stages. Th...
Dec 14, 2020This vulnerability in Go's encoding/xml package allows attackers to craft XML inputs that behave inconsistently during different processing stages. Th...
Dec 14, 2020Why Monitor Golang Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 39+ known vulnerabilities affecting Golang products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Golang packages in under 60 seconds. No agents required - completely agentless scanning that works across Golang deployments.
Free vulnerability database: Access detailed information about every Golang CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Golang CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
