Package impact

Go / toolchain

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-27143	high	—	8.0	1mo ago	Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading …	+1
CVE-2026-27144	high	—	8.0	1mo ago	The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves…	+1
CVE-2026-27140	high	—	8.0	1mo ago	SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.	+1
CVE-2025-61731	high	—	8.0	2mo ago	Important: golang security update	+2
CVE-2025-61732	high	—	8.0	3mo ago	Important: golang security update	+2
CVE-2025-4674	high	—	8.0	9mo ago	Important: golang security update	+2
CVE-2018-6574	high	—	8.0	4y ago	Remote command execution via "go get" command with cgo in cmd/go
CVE-2018-16873	high	—	8.0	4y ago	Remote command execution via "go get" with "-u" flag in cmd/go
CVE-2018-16874	high	—	8.0	4y ago	Directory traversal via "go get" command in cmd/go
CVE-2020-28367	high	—	8.0	4y ago	Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
CVE-2020-28366	high	—	8.0	4y ago	Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
CVE-2026-42501	high	7.5	7.5	21d ago	A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr…