pkg:Go/toolchain

All known vulnerabilities

• CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• CRITICAL9.8CVE-2023-24531Output of "go env" does not sanitize values in cmd/go
  from 0, < 1.21.0-0
• CRITICAL9.8CVE-2023-39320Arbitrary code execution via go.mod toolchain directive in cmd/go
  >= 1.21.0-0, < 1.21.1
• CRITICAL9.8Code injection via go command with cgo in cmd/go
  from 0, < 1.19.10, >= 1.20.0-0, < 1.20.5
• CRITICAL9.8Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
  from 0, < 1.19.10, >= 1.20.0-0, < 1.20.5
• CRITICAL9.8Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
  from 0, < 1.19.10, >= 1.20.0-0, < 1.20.5
• CRITICAL9.8Buffer overflow in WASM modules in misc/wasm and cmd/link
  from 0, < 1.16.9, >= 1.17.0-0, < 1.17.2
• HIGH8.8Code execution vulnerability in SWIG code generation in cmd/go
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• HIGH8.8GOAUTH credential leak in cmd/go
  >= 1.24.0-0, < 1.24.0-rc.2
• HIGH8.6Potential code smuggling via doc comments in cmd/cgo
  from 0, < 1.24.13, >= 1.25.0-0, < 1.25.7
• HIGH8.6Unexpected command execution in untrusted VCS repositories in cmd/go
  from 0, < 1.23.11, >= 1.24.0-0, < 1.24.5
• HIGH8.1Arbitrary code execution during build via line directives in cmd/go
  from 0, < 1.20.9, >= 1.21.0-0, < 1.21.2
• HIGH7.8Arbitrary file write using cgo pkg-config directive in cmd/go
  from 0, < 1.24.12, >= 1.25.0, < 1.25.6
• HIGH7.5Malicious module proxy can bypass checksum database in cmd/go
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• HIGH7.5Arbitrary code execution during build on darwin in cmd/go
  >= 1.24.0-rc.2, < 1.24.0-rc.3
• HIGH7.5Command 'go get' may unexpectedly fallback to insecure git in cmd/go
  from 0, < 1.20.12, >= 1.21.0-0, < 1.21.5
• HIGH7.5Incorrect access control in the go command in cmd/go/internal/modfetch
  from 0, < 1.16.14, >= 1.17.0-0, < 1.17.7
• HIGH7.5Arbitrary code execution via the go command with cgo in cmd/go
  from 0, < 1.14.12, >= 1.15.0-0, < 1.15.5
• HIGH7.5Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
  from 0, < 1.14.12, >= 1.15.0-0, < 1.15.5
• HIGH7.5Arbitrary code injection via the go command with cgo on Windows in cmd/go
  from 0, < 1.14.14, >= 1.15.0-0, < 1.15.7
• HIGH7.1Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
  from 0, < 1.25.9, >= 1.26.0-0, < 1.26.2
• HIGH7.0Unexpected code execution when invoking toolchain in cmd/go
  >= 1.25.0, < 1.25.6
• MEDIUM6.4Arbitrary code execution during build on Darwin in cmd/go
  from 0, < 1.21.10, >= 1.22.0-0, < 1.22.3
• MEDIUM5.9Invoking "go tool pack" does not sanitize output paths in cmd/go
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• MEDIUM5.3Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
  from 0, < 1.25.10, >= 1.26.0-0, < 1.26.3
• —golang-1.7 - security update
  from 0, < 1.9.5, >= 1.10.0-0, < 1.10.1
• —golang-1.8 - security update
  from 0, < 1.8.7, >= 1.9.0-0, < 1.9.4
• —golang-1.8 - security update
  from 0, < 1.8.4, >= 1.9.0-0, < 1.9.1
• —Remote command execution via "go get" with "-u" flag in cmd/go
  from 0, < 1.10.6, >= 1.11.0-0, < 1.11.3
• —Directory traversal via "go get" command in cmd/go
  from 0, < 1.10.6, >= 1.11.0-0, < 1.11.3