| CVE-2017-15041 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Remote command execution via "go get" in cmd/go |
| CVE-2023-29405 |
critical |
— |
9.5 |
|
|
|
3y ago |
Critical: go-toolset and golang security update |
| CVE-2023-29402 |
critical |
— |
9.5 |
|
|
|
3y ago |
Critical: go-toolset and golang security update |
| CVE-2023-29404 |
critical |
— |
9.5 |
|
|
|
3y ago |
Critical: go-toolset and golang security update |
| CVE-2026-27143 |
high |
— |
8.0 |
|
|
|
1mo ago |
Important: golang security update |
| CVE-2026-27144 |
high |
— |
8.0 |
|
|
|
1mo ago |
Important: golang security update |
| CVE-2026-27140 |
high |
— |
8.0 |
|
|
|
1mo ago |
Important: golang security update |
| CVE-2025-61731 |
high |
— |
8.0 |
|
|
|
2mo ago |
Important: golang security update |
| CVE-2025-61732 |
high |
— |
8.0 |
|
|
|
3mo ago |
Important: golang security update |
| CVE-2025-4674 |
high |
— |
8.0 |
|
|
|
10mo ago |
Important: golang security update |
| CVE-2018-6574 |
high |
— |
8.0 |
|
|
|
4y ago |
Remote command execution via "go get" command with cgo in cmd/go |
| CVE-2018-16873 |
high |
— |
8.0 |
|
|
|
4y ago |
Remote command execution via "go get" with "-u" flag in cmd/go |
| CVE-2018-16874 |
high |
— |
8.0 |
|
|
|
4y ago |
Directory traversal via "go get" command in cmd/go |
| CVE-2020-28367 |
high |
— |
8.0 |
|
|
|
4y ago |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. |
| CVE-2020-28366 |
high |
— |
8.0 |
|
|
|
4y ago |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. |
| CVE-2026-42501 |
high |
7.5 |
7.5 |
|
|
|
22d ago |
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr… |