Package impact
Go / github.com/go-git/go-billy/v6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44973 | high | 8.1 | 8.1 | 15d ago | Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem… | |||
| CVE-2026-44740 | medium | — | 5.5 | 16d ago | go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion |