VIR Vulnerability Intelligence Relay

Package impact

golang Go / toolchain

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-15041 critical 9.8 9.8 9y ago Remote command execution via "go get" in cmd/go archdebianredhatgolang
CVE-2023-29405 critical 9.5 3y ago Critical: go-toolset and golang security update redhatdebianrockylinuxgolang
CVE-2023-29402 critical 9.5 3y ago Critical: go-toolset and golang security update redhatdebianrockylinuxgolang
CVE-2023-29404 critical 9.5 3y ago Critical: go-toolset and golang security update redhatdebianrockylinuxgolang
CVE-2026-27143 high 8.0 1mo ago Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading … redhatdebiansusegolang+1
CVE-2026-27144 high 8.0 1mo ago The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves… redhatdebiansusegolang+1
CVE-2026-27140 high 8.0 1mo ago SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. redhatdebiansusegolang+1
CVE-2025-61731 high 8.0 2mo ago Important: golang security update rockylinuxredhatdebiansuse+2
CVE-2025-61732 high 8.0 3mo ago Important: golang security update rockylinuxredhatdebiansuse+2
CVE-2025-4674 high 8.0 9mo ago Important: golang security update redhatrockylinuxdebiansuse+2
CVE-2018-6574 high 8.0 4y ago Remote command execution via "go get" command with cgo in cmd/go archgolang
CVE-2018-16873 high 8.0 4y ago Remote command execution via "go get" with "-u" flag in cmd/go archsusegolang
CVE-2018-16874 high 8.0 4y ago Directory traversal via "go get" command in cmd/go archsusegolang
CVE-2020-28367 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. archsusedebiangolang
CVE-2020-28366 high 8.0 4y ago Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. archsusedebiangolang
CVE-2026-42501 high 7.5 7.5 21d ago A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr… debiansusegolang