pkg:Go/golang.org/x/crypto

41 total CVEsCRITICAL9HIGH18MEDIUM14

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-46595Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2026-39830Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2026-39832Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2026-42508Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2026-39833Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2026-39831Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2026-39834Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • CRITICAL9.1CVE-2024-45337Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
    from 0, < 0.31.0
  • CRITICAL9.1CVE-2024-45337Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
    from 0, < 0.31.0
  • HIGH8.1CVE-2017-3204Man-in-the-middle attack in golang.org/x/crypto/ssh
    from 0, < 0.0.0-20170330155735-e4e2799dd7aa
  • HIGH8.1CVE-2017-3204Man-in-the-middle attack in golang.org/x/crypto/ssh
    from 0, < 0.0.0-20170330155735-e4e2799dd7aa
  • HIGH7.5CVE-2026-39829Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • HIGH7.5CVE-2026-46597Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • HIGH7.5CVE-2025-47913Potential denial of service in golang.org/x/crypto/ssh/agent
    from 0, < 0.43.0
  • HIGH7.5CVE-2025-22869Potential denial of service in golang.org/x/crypto
    from 0, < 0.35.0
  • HIGH7.5CVE-2025-22869Potential denial of service in golang.org/x/crypto
    from 0, < 0.35.0
  • HIGH7.5CVE-2022-30636Limited directory traversal vulnerability on Windows in golang.org/x/crypto
    from 0, < 0.0.0-20220525230936-793ad666bf5e
  • HIGH7.5CVE-2021-43565Panic on malformed packets in golang.org/x/crypto/ssh
    from 0, < 0.0.0-20211202192323-5770296d904e
  • HIGH7.5CVE-2021-43565Panic on malformed packets in golang.org/x/crypto/ssh
    from 0, < 0.0.0-20211202192323-5770296d904e
  • HIGH7.5CVE-2020-29652golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
    from 0, < 0.0.0-20201216223049-8b5274cf687f
  • HIGH7.5CVE-2020-29652golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
    from 0, < 0.0.0-20201216223049-8b5274cf687f
  • HIGH7.5CVE-2022-27191golang.org/x/crypto/ssh Denial of service via crafted Signer
    from 0, < 0.0.0-20220314234659-1baeb1ce4c0b
  • HIGH7.5CVE-2022-27191golang.org/x/crypto/ssh Denial of service via crafted Signer
    from 0, < 0.0.0-20220314234659-1baeb1ce4c0b
  • HIGH7.5CVE-2020-7919Helm uses crypto package vulnerable to panic from malformed X.509 certificate
    from 0, < 0.0.0-20200124225646-8b5121be2f68
  • HIGH7.5CVE-2020-7919Helm uses crypto package vulnerable to panic from malformed X.509 certificate
    from 0, < 0.0.0-20200124225646-8b5121be2f68
  • HIGH7.5CVE-2020-9283Improper Verification of Cryptographic Signature in golang.org/x/crypto
    from 0, < 0.0.0-20200220183623-bac4c82f6975
  • HIGH7.5CVE-2020-9283Improper Verification of Cryptographic Signature in golang.org/x/crypto
    from 0, < 0.0.0-20200220183623-bac4c82f6975
  • MEDIUM6.5CVE-2026-39827Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • MEDIUM6.3CVE-2026-39828Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
    from 0, < 0.17.0
  • MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
    >= 0.1.0, < 0.17.0
  • MEDIUM5.9CVE-2019-11841golang-go.crypto - security update
    from 0, < 0.0.0-20190424203555-c05e17bb3b2d
  • MEDIUM5.9CVE-2019-11841golang-go.crypto - security update
    from 0, < 0.0.0-20190424203555-c05e17bb3b2d
  • MEDIUM5.9CVE-2019-11840rclone - security update
    from 0, < 0.0.0-20190320223903-b7391e95e576
  • MEDIUM5.9CVE-2019-11840rclone - security update
    from 0, < 0.0.0-20190320223903-b7391e95e576
  • MEDIUM5.3CVE-2026-46598Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
    from 0, < 0.52.0
  • MEDIUM5.3CVE-2026-39835Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
    from 0, < 0.52.0
  • MEDIUM5.3CVE-2025-47914golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
    from 0, < 0.45.0
  • MEDIUM5.3CVE-2025-47914golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
    from 0, < 0.45.0
  • MEDIUM5.3CVE-2025-58181Unbounded memory consumption in golang.org/x/crypto/ssh
    from 0, < 0.45.0
  • MEDIUM5.3CVE-2025-58181Unbounded memory consumption in golang.org/x/crypto/ssh
    from 0, < 0.45.0