| CVE-2017-15041 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Remote command execution via "go get" in cmd/go |
| CVE-2023-29404 |
critical |
— |
9.5 |
|
|
|
3y ago |
Critical: go-toolset and golang security update |
| CVE-2023-29402 |
critical |
— |
9.5 |
|
|
|
3y ago |
Critical: go-toolset and golang security update |
| CVE-2023-29405 |
critical |
— |
9.5 |
|
|
|
3y ago |
Critical: go-toolset and golang security update |
| CVE-2026-39817 |
medium |
5.9 |
5.9 |
|
|
|
21d ago |
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su… |
| CVE-2023-45285 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moderate: golang security update |
| CVE-2022-23773 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: go-toolset:rhel8 security and bug fix update |
| CVE-2021-38297 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: go-toolset:rhel8 security and bug fix update |
| CVE-2021-3115 |
medium |
— |
5.5 |
|
|
|
5y ago |
Moderate: go-toolset:rhel8 security, bug fix, and enhancement update |
| CVE-2026-39819 |
medium |
5.3 |
5.3 |
|
|
|
21d ago |
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one… |