VIR Vulnerability Intelligence Relay

Package impact

golang Go / golang.org/x/net

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-39821 critical 9.6 9.6 6d ago Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna golang
CVE-2023-44487 high 7.5 9.0 3y ago Important: nodejs:20 security update rockylinuxredhatdebiansuse+6
CVE-2023-45288 high 8.0 2y ago Important: git-lfs security update redhatrockylinuxsusedebian+1
CVE-2023-39325 high 8.0 3y ago Important: go-toolset and golang security and bug fix update redhatrockylinuxsusedebian+1
CVE-2019-9512 high 8.0 4y ago Important: container-tools:rhel8 security and bug fix update archsusedebianrockylinux+1
CVE-2019-9514 high 8.0 4y ago Important: nodejs:10 security update archsusedebianrockylinux+1
CVE-2021-44716 high 8.0 5y ago Important: grafana security update archsusedebianrockylinux+1
CVE-2026-33814 high 7.5 7.5 20d ago When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. debiansusegolanggcp
CVE-2026-25680 medium 6.5 6.5 6d ago Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html golang
CVE-2026-42506 medium 6.1 6.1 6d ago Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html golang
CVE-2026-42502 medium 6.1 6.1 6d ago Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html golang
CVE-2026-27136 medium 6.1 6.1 6d ago Invoking duplicate attributes can cause XSS in golang.org/x/net/html golang
CVE-2026-25681 medium 6.1 6.1 6d ago Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html golang
CVE-2023-3978 medium 5.5 3y ago Moderate: container-tools:rhel8 security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-41723 medium 5.5 3y ago Moderate: toolbox security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-41717 medium 5.5 3y ago Moderate: container-tools:4.0 security and bug fix update rockylinuxredhatsusedebian+1
CVE-2022-27664 medium 5.5 3y ago Moderate: git-lfs security and bug fix update rockylinuxredhatsusedebian+1
CVE-2021-31525 medium 5.5 4y ago Moderate: go-toolset:rhel8 security, bug fix, and enhancement update archsusedebianrockylinux+1
CVE-2026-27141 unknown 3mo ago Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic debiansusegolang
CVE-2025-47911 unknown 3mo ago The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted H… debiansusegolang
CVE-2025-58190 unknown 4mo ago The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML … debiansusegolang
CVE-2025-22872 unknown 1y ago The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly… debiansusegolang
CVE-2025-22870 unknown 1y ago Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::… debiansusegolang
CVE-2024-45338 unknown 2y ago An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. debiansusegolang
CVE-2018-17846 unknown 3y ago Infinite loop due to improper handling of "select" tags in golang.org/x/net/html golang
CVE-2022-41721 unknown 3y ago A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from th… debiangolang
CVE-2021-33194 unknown 4y ago golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. susedebiangolang
CVE-2018-17848 unknown 4y ago Panic when parsing certain inputs in golang.org/x/net/html golang
CVE-2018-17847 unknown 4y ago Panic when parsing certain inputs in golang.org/x/net/html golang
CVE-2018-17143 unknown 4y ago Panic on unconsidered isindex and template combination in golang.org/x/net/html golang
CVE-2018-17142 unknown 4y ago Incorrect parsing of nested templates in golang.org/x/net/html golang
CVE-2018-17075 unknown 4y ago Panic when parsing malformed HTML in golang.org/x/net/html golang