Search for packages
| purl | pkg:deb/debian/golang-1.15@0?distro=bullseye |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3vjm-2r63-afbr | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-27919
|
| VCID-5q9b-a7c4-1yht | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip |
CVE-2025-61728
|
| VCID-6189-d1tw-bfcp | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2022-30630
|
| VCID-6a6z-bq7m-c3gf | crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509 |
CVE-2026-27138
|
| VCID-6rkv-zkwa-mqhf | os: os: Information disclosure via path traversal using specially crafted filenames |
CVE-2025-22873
|
| VCID-gtys-5r5h-p7ht |
CVE-2026-33810
|
|
| VCID-h2xu-3fm4-hkap | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. |
CVE-2024-24787
|
| VCID-h3bw-m2us-cbgz | Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. |
CVE-2022-32190
|
| VCID-j7b3-yz47-pbdp | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. |
CVE-2022-30634
|
| VCID-jsz8-cdt5-27f6 | crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509 |
CVE-2025-22874
|
| VCID-kjf2-r6zt-zqg9 | net/http: CrossOriginProtection bypass in net/http |
CVE-2025-47910
|
| VCID-kysh-ukcw-tbcj | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. |
CVE-2022-29804
|
| VCID-njxh-yaq5-gbf8 | In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. |
CVE-2020-14039
|
| VCID-nwsd-53hk-ffhr | crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509 |
CVE-2025-22865
|
| VCID-pcez-y67t-8yg3 | net/url: Incorrect parsing of IPv6 host literals in net/url |
CVE-2026-25679
|
| VCID-qemj-x1bx-h7gp | Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. |
CVE-2024-24788
|
| VCID-urf8-3h24-2fgu | golang: os/exec: Code injection in Cmd.Start |
CVE-2022-30580
|
| VCID-wrkj-pngh-rybx | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-41772
|
| VCID-x5ub-bfb7-nbbr | crypto/x509: Incorrect enforcement of email constraints in crypto/x509 |
CVE-2026-27137
|
| VCID-xjm1-yec3-mkc6 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. |
CVE-2025-0913
|