Search for packages
| purl | pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2zj9-xmsh-xbcn | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-44717
|
| VCID-35du-rm88-k7bw | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-33195
|
| VCID-3vjm-2r63-afbr | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-27919
|
| VCID-4pue-fbre-zfcf | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2022-23806
|
| VCID-5q9b-a7c4-1yht | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip |
CVE-2025-61728
|
| VCID-5wtx-278c-nycq | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-33198
|
| VCID-6189-d1tw-bfcp | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2022-30630
|
| VCID-6a6z-bq7m-c3gf | crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509 |
CVE-2026-27138
|
| VCID-6rkv-zkwa-mqhf | os: os: Information disclosure via path traversal using specially crafted filenames |
CVE-2025-22873
|
| VCID-7ahs-f1qh-g7an | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-3114
|
| VCID-7e1n-pvrt-g3fy | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2022-24921
|
| VCID-835d-4cep-d3ff | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2022-23772
|
| VCID-8c9g-rytj-z3g7 | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-3115
|
| VCID-aya4-n4ch-3ydm | golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) |
CVE-2021-39293
|
| VCID-ayxa-s9j4-k7hd | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-34558
|
| VCID-bhax-mgs9-t3ga | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-27918
|
| VCID-ce67-xmrt-yfd1 | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2020-28367
|
| VCID-cr7c-xuh8-guhy | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-31525
GHSA-h86h-8ppg-mxmh |
| VCID-dwge-3up7-yyaq | Withdrawn Advisory: Infinite loop in xz ### Withdrawn Advisory This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time. ### Original Description Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. |
CVE-2020-16845
GHSA-q6gq-997w-f55g |
| VCID-gtys-5r5h-p7ht |
CVE-2026-33810
|
|
| VCID-h2xu-3fm4-hkap | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. |
CVE-2024-24787
|
| VCID-h3bw-m2us-cbgz | Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. |
CVE-2022-32190
|
| VCID-j7b3-yz47-pbdp | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. |
CVE-2022-30634
|
| VCID-jsz8-cdt5-27f6 | crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509 |
CVE-2025-22874
|
| VCID-kd6v-aemf-3khm | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-33196
|
| VCID-kjf2-r6zt-zqg9 | net/http: CrossOriginProtection bypass in net/http |
CVE-2025-47910
|
| VCID-kysh-ukcw-tbcj | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. |
CVE-2022-29804
|
| VCID-ncjz-1n22-vuax | golang: math/big: panic during recursive division of very large numbers |
CVE-2020-28362
|
| VCID-njxh-yaq5-gbf8 | In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. |
CVE-2020-14039
|
| VCID-nwsd-53hk-ffhr | crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509 |
CVE-2025-22865
|
| VCID-pcez-y67t-8yg3 | net/url: Incorrect parsing of IPv6 host literals in net/url |
CVE-2026-25679
|
| VCID-qemj-x1bx-h7gp | Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. |
CVE-2024-24788
|
| VCID-qn4v-xah4-fya7 | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-36221
|
| VCID-rmev-jnbb-2yat | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-38297
|
| VCID-skce-3sxx-h3cy | golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS |
CVE-2020-24553
|
| VCID-thkn-q21m-kyfr | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-41771
|
| VCID-urf8-3h24-2fgu | golang: os/exec: Code injection in Cmd.Start |
CVE-2022-30580
|
| VCID-vw9d-f7d1-gkhh | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2020-28366
|
| VCID-w53f-uad6-gqdn | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-44716
GHSA-vc3p-29h2-gpcp |
| VCID-w9qm-pwnh-4ydj | golang: data race in certain net/http servers including ReverseProxy can lead to DoS |
CVE-2020-15586
|
| VCID-wrkj-pngh-rybx | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-41772
|
| VCID-x5ub-bfb7-nbbr | crypto/x509: Incorrect enforcement of email constraints in crypto/x509 |
CVE-2026-27137
|
| VCID-xjm1-yec3-mkc6 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. |
CVE-2025-0913
|
| VCID-z1ct-cecz-mqer | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2021-33197
|
| VCID-z5x6-xqtc-q3at | Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. |
CVE-2022-23773
|