pkg:Debian/golang-1.24

53 total CVEsCRITICAL3HIGH23MEDIUM24LOW3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2025-68121Unexpected session resumption in crypto/tls
    from 0
  • CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile
    from 0
  • CRITICAL9.1CVE-2025-22871RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency
    from 0, < 1.24.2-1
  • HIGH8.8CVE-2026-27140Code execution vulnerability in SWIG code generation in cmd/go
    from 0
  • HIGH8.8CVE-2024-45340GOAUTH credential leak in cmd/go
    from 0, < 1.24~rc2-1
  • HIGH8.6CVE-2025-61732Potential code smuggling via doc comments in cmd/cgo
    from 0
  • HIGH8.6CVE-2025-4674Unexpected command execution in untrusted VCS repositories in cmd/go
    from 0
  • HIGH7.8CVE-2025-61731Arbitrary file write using cgo pkg-config directive in cmd/go
    from 0
  • HIGH7.5CVE-2026-39820Quadratic string concatentation in consumeComment in net/mail
    from 0
  • HIGH7.5CVE-2026-42501Malicious module proxy can bypass checksum database in cmd/go
    from 0
  • HIGH7.5CVE-2026-33811Crash when handling long CNAME response in net
    from 0
  • HIGH7.5CVE-2026-42499Quadratic string concatenation in consumePhrase in net/mail
    from 0
  • HIGH7.5CVE-2026-32281Inefficient policy validation in crypto/x509
    from 0
  • HIGH7.5CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
    from 0
  • HIGH7.5CVE-2026-32280Unexpected work during chain building in crypto/x509
    from 0
  • HIGH7.5CVE-2025-61726Memory exhaustion in query parameter parsing in net/url
    from 0
  • HIGH7.5CVE-2025-61729Excessive resource consumption when printing error string for host certificate validation in crypto/x509
    from 0
  • HIGH7.5CVE-2025-58188Panic when validating certificates with DSA public keys in crypto/x509
    from 0
  • HIGH7.5CVE-2025-61723Quadratic complexity when parsing some invalid inputs in encoding/pem
    from 0
  • HIGH7.5CVE-2025-58187Quadratic complexity when checking name constraints in crypto/x509
    from 0
  • HIGH7.5CVE-2025-61725Excessive CPU consumption in ParseAddress in net/mail
    from 0
  • HIGH7.5CVE-2025-22874Usage of ExtKeyUsageAny disables policy validation in crypto/x509
    from 0, < 1.24.4-1
  • HIGH7.5CVE-2025-22865ParsePKCS1PrivateKey panic with partial keys in crypto/x509
    from 0, < 1.24~rc2-1
  • HIGH7.1CVE-2026-27144Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
    from 0
  • HIGH7.0CVE-2025-68119Unexpected code execution when invoking toolchain in cmd/go
    from 0
  • HIGH7.0CVE-2025-47907Incorrect results returned from Rows.Scan in database/sql
    from 0
  • MEDIUM6.8CVE-2025-4673Sensitive headers not cleared on cross-origin redirect in net/http
    from 0, < 1.24.4-1
  • MEDIUM6.5CVE-2025-61728Excessive CPU consumption when building archive index in archive/zip
    from 0
  • MEDIUM6.5CVE-2025-61727Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
    from 0
  • MEDIUM6.5CVE-2025-47906Unexpected paths returned from LookPath in os/exec
    from 0
  • MEDIUM6.4CVE-2026-32282TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
    from 0
  • MEDIUM6.1CVE-2026-39823Bypass of meta content URL escaping causes XSS in html/template
    from 0
  • MEDIUM6.1CVE-2026-39826Escaper bypass leads to XSS in html/template
    from 0
  • MEDIUM6.1CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template
    from 0
  • MEDIUM6.1CVE-2026-27142URLs in meta content attribute actions are not escaped in html/template
    from 0
  • MEDIUM6.1CVE-2024-45341Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
    from 0, < 1.24~rc2-1
  • MEDIUM6.1CVE-2024-45336Sensitive headers incorrectly sent after cross-domain redirect in net/http
    from 0, < 1.24~rc2-1
  • MEDIUM5.9CVE-2026-39817Invoking "go tool pack" does not sanitize output paths in cmd/go
    from 0
  • MEDIUM5.5CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar
    from 0
  • MEDIUM5.3CVE-2026-39819Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
    from 0
  • MEDIUM5.3CVE-2026-39825ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
    from 0
  • MEDIUM5.3CVE-2025-61730Handshake messages may be processed at the incorrect encryption level in crypto/tls
    from 0
  • MEDIUM5.3CVE-2025-61724Excessive CPU consumption in Reader.ReadResponse in net/textproto
    from 0
  • MEDIUM5.3CVE-2025-58186Lack of limit when parsing cookies can cause memory exhaustion in net/http
    from 0
  • MEDIUM5.3CVE-2025-58185Parsing DER payload can cause memory exhaustion in encoding/asn1
    from 0
  • MEDIUM5.3CVE-2025-47912Insufficient validation of bracketed IPv6 hostnames in net/url
    from 0
  • MEDIUM5.3CVE-2025-58189ALPN negotiation error contains attacker controlled information in crypto/tls
    from 0
  • MEDIUM4.4CVE-2025-22870HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
    from 0, < 1.24.1-1
  • MEDIUM4.3CVE-2025-58183Unbounded allocation when parsing GNU sparse map in archive/tar
    from 0
  • MEDIUM4.0CVE-2025-22866Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
    from 0, < 1.24~rc3-1
  • LOW3.8CVE-2025-22873Improper access to parent directory of root in os
    from 0, < 1.24.4-1
  • LOW3.7CVE-2024-8244The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TO…
    from 0
  • LOW2.5CVE-2026-27139FileInfo can escape from a Root in os
    from 0