VulnerableCode Package Details - pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie

Essentials
History (73)

purl	pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (39)

Vulnerability	Summary	Aliases
VCID-1aty-87pz-5yb8	database/sql: Postgres Scan Race Condition	CVE-2025-47907
VCID-1jxb-fv1g-2kdu	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints	CVE-2024-45341
VCID-254d-pjst-c7hx	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http	CVE-2025-58186
VCID-3nqb-6mna-jyb4	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto	CVE-2025-61724
VCID-5n8q-zcds-gyen	cmd/go: Go VCS Command Execution Vulnerability	CVE-2025-4674
VCID-5q9b-a7c4-1yht	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip	CVE-2025-61728
VCID-6a6z-bq7m-c3gf	crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509	CVE-2026-27138
VCID-6rkv-zkwa-mqhf	os: os: Information disclosure via path traversal using specially crafted filenames	CVE-2025-22873
VCID-7n3z-vwk2-3ydr	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509	CVE-2025-58188
VCID-7y8a-8can-nba1	RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency The net/http package dependency used by RoadRunner improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.	CVE-2025-22871 GHSA-g9pc-8g42-g6vq
VCID-7ym3-nkc7-93dw	net/http: Sensitive headers not cleared on cross-origin redirect in net/http	CVE-2025-4673
VCID-9ky3-s2vk-cuge	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs	CVE-2025-61727
VCID-apff-aff9-eueq	HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.	CVE-2025-22870 GHSA-qxp5-gwg8-xv66
VCID-br2f-7ux9-hkhg	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem	CVE-2025-61723
VCID-bv1f-bee8-cbek	net/mail: Excessive CPU consumption in ParseAddress in net/mail	CVE-2025-61725
VCID-csmt-e61b-tued	cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive	CVE-2025-61731
VCID-dp1t-v58b-43du	crypto/tls: Unexpected session resumption in crypto/tls	CVE-2025-68121
VCID-dtt9-gmqf-nbaf	golang: net/url: Memory exhaustion in query parameter parsing in net/url	CVE-2025-61726
VCID-evq7-jzj3-6bhu	cmd/go: Arbitrary code execution during build on darwin in cmd/go	CVE-2025-22867
VCID-eyev-qpgs-hfbx	cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy	CVE-2025-61732
VCID-fk74-ghxp-w3g9	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect	CVE-2024-45336
VCID-gtys-5r5h-p7ht		CVE-2026-33810
VCID-hay4-q9m3-ekdj	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate	CVE-2025-61729
VCID-je6z-v5qw-ufew	During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.	CVE-2025-61730
VCID-jsz8-cdt5-27f6	crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509	CVE-2025-22874
VCID-kjf2-r6zt-zqg9	net/http: CrossOriginProtection bypass in net/http	CVE-2025-47910
VCID-mvsr-c2yh-mbdq	golang: archive/tar: Unbounded allocation when parsing GNU sparse map	CVE-2025-58183
VCID-nwsd-53hk-ffhr	crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509	CVE-2025-22865
VCID-pcez-y67t-8yg3	net/url: Incorrect parsing of IPv6 host literals in net/url	CVE-2026-25679
VCID-q9yj-ze4x-qyfr	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509	CVE-2025-58187
VCID-rvbr-nser-sfe7	os/exec: Unexpected paths returned from LookPath in os/exec	CVE-2025-47906
VCID-sb3w-x3yv-ffft	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url	CVE-2025-47912
VCID-t2dr-6dz3-7qgt	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1	CVE-2025-58185
VCID-tnrm-85fu-ufhb	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec	CVE-2025-22866
VCID-usyf-s559-pkgx	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information	CVE-2025-58189
VCID-wchc-as62-1fae	cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings	CVE-2025-68119
VCID-x5ub-bfb7-nbbr	crypto/x509: Incorrect enforcement of email constraints in crypto/x509	CVE-2026-27137
VCID-xjm1-yec3-mkc6	os.OpenFile(path, os.O_CREATE\|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.	CVE-2025-0913
VCID-zhp6-uum6-eyc9	cmd/go: golang: GOAUTH credential leak in cmd/go	CVE-2024-45340

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:26:11.319848+00:00	Debian Importer	Fixing	VCID-fk74-ghxp-w3g9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:21:44.936086+00:00	Debian Importer	Fixing	VCID-tnrm-85fu-ufhb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:38:38.798326+00:00	Debian Importer	Fixing	VCID-6rkv-zkwa-mqhf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:20:35.100528+00:00	Debian Importer	Fixing	VCID-1jxb-fv1g-2kdu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:40:04.003053+00:00	Debian Importer	Fixing	VCID-x5ub-bfb7-nbbr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:32:04.436419+00:00	Debian Importer	Fixing	VCID-kjf2-r6zt-zqg9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:23:59.409418+00:00	Debian Importer	Fixing	VCID-nwsd-53hk-ffhr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:20:44.511448+00:00	Debian Importer	Fixing	VCID-6a6z-bq7m-c3gf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:19:10.478912+00:00	Debian Importer	Fixing	VCID-xjm1-yec3-mkc6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:07:32.065025+00:00	Debian Importer	Fixing	VCID-pcez-y67t-8yg3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:06:19.003859+00:00	Debian Importer	Fixing	VCID-apff-aff9-eueq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:04:59.667405+00:00	Debian Importer	Fixing	VCID-zhp6-uum6-eyc9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:01:07.939327+00:00	Debian Importer	Fixing	VCID-gtys-5r5h-p7ht	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:01:02.131931+00:00	Debian Importer	Fixing	VCID-evq7-jzj3-6bhu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:54:16.876733+00:00	Debian Importer	Fixing	VCID-7ym3-nkc7-93dw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:49:13.825854+00:00	Debian Importer	Fixing	VCID-jsz8-cdt5-27f6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:16:07.407759+00:00	Debian Importer	Fixing	VCID-7y8a-8can-nba1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:16:08.138000+00:00	Debian Importer	Fixing	VCID-fk74-ghxp-w3g9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:27:30.717858+00:00	Debian Importer	Fixing	VCID-tnrm-85fu-ufhb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:56:02.291057+00:00	Debian Importer	Fixing	VCID-6rkv-zkwa-mqhf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:43:15.148224+00:00	Debian Importer	Fixing	VCID-1jxb-fv1g-2kdu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:12:53.182263+00:00	Debian Importer	Fixing	VCID-x5ub-bfb7-nbbr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:06:40.459613+00:00	Debian Importer	Fixing	VCID-kjf2-r6zt-zqg9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:00:36.054388+00:00	Debian Importer	Fixing	VCID-nwsd-53hk-ffhr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:57:59.032417+00:00	Debian Importer	Fixing	VCID-6a6z-bq7m-c3gf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:56:46.288737+00:00	Debian Importer	Fixing	VCID-xjm1-yec3-mkc6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:48:00.766421+00:00	Debian Importer	Fixing	VCID-pcez-y67t-8yg3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:47:04.603968+00:00	Debian Importer	Fixing	VCID-apff-aff9-eueq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:46:00.132938+00:00	Debian Importer	Fixing	VCID-zhp6-uum6-eyc9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:43:04.623446+00:00	Debian Importer	Fixing	VCID-gtys-5r5h-p7ht	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:43:00.537965+00:00	Debian Importer	Fixing	VCID-evq7-jzj3-6bhu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:37:40.016373+00:00	Debian Importer	Fixing	VCID-7ym3-nkc7-93dw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:33:43.312993+00:00	Debian Importer	Fixing	VCID-jsz8-cdt5-27f6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:11:44.263475+00:00	Debian Importer	Fixing	VCID-7y8a-8can-nba1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-09T17:36:41.862293+00:00	Debian Importer	Fixing	VCID-gtys-5r5h-p7ht	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:40.063472+00:00	Debian Importer	Fixing	VCID-6a6z-bq7m-c3gf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:40.036730+00:00	Debian Importer	Fixing	VCID-x5ub-bfb7-nbbr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:40.009916+00:00	Debian Importer	Fixing	VCID-pcez-y67t-8yg3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.985778+00:00	Debian Importer	Fixing	VCID-dp1t-v58b-43du	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.954960+00:00	Debian Importer	Fixing	VCID-wchc-as62-1fae	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.922384+00:00	Debian Importer	Fixing	VCID-eyev-qpgs-hfbx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.891073+00:00	Debian Importer	Fixing	VCID-csmt-e61b-tued	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.860374+00:00	Debian Importer	Fixing	VCID-je6z-v5qw-ufew	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.829895+00:00	Debian Importer	Fixing	VCID-hay4-q9m3-ekdj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.798604+00:00	Debian Importer	Fixing	VCID-5q9b-a7c4-1yht	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.768168+00:00	Debian Importer	Fixing	VCID-9ky3-s2vk-cuge	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.735024+00:00	Debian Importer	Fixing	VCID-dtt9-gmqf-nbaf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.704171+00:00	Debian Importer	Fixing	VCID-bv1f-bee8-cbek	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.675931+00:00	Debian Importer	Fixing	VCID-3nqb-6mna-jyb4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.647993+00:00	Debian Importer	Fixing	VCID-br2f-7ux9-hkhg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.619777+00:00	Debian Importer	Fixing	VCID-usyf-s559-pkgx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.592054+00:00	Debian Importer	Fixing	VCID-7n3z-vwk2-3ydr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.564266+00:00	Debian Importer	Fixing	VCID-q9yj-ze4x-qyfr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.536819+00:00	Debian Importer	Fixing	VCID-254d-pjst-c7hx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.509573+00:00	Debian Importer	Fixing	VCID-t2dr-6dz3-7qgt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.482115+00:00	Debian Importer	Fixing	VCID-mvsr-c2yh-mbdq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.453889+00:00	Debian Importer	Fixing	VCID-sb3w-x3yv-ffft	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.422626+00:00	Debian Importer	Fixing	VCID-kjf2-r6zt-zqg9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.398111+00:00	Debian Importer	Fixing	VCID-1aty-87pz-5yb8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.366320+00:00	Debian Importer	Fixing	VCID-rvbr-nser-sfe7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.334175+00:00	Debian Importer	Fixing	VCID-5n8q-zcds-gyen	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.305656+00:00	Debian Importer	Fixing	VCID-7ym3-nkc7-93dw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.282141+00:00	Debian Importer	Fixing	VCID-jsz8-cdt5-27f6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.257427+00:00	Debian Importer	Fixing	VCID-6rkv-zkwa-mqhf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.226897+00:00	Debian Importer	Fixing	VCID-7y8a-8can-nba1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.199386+00:00	Debian Importer	Fixing	VCID-apff-aff9-eueq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.172580+00:00	Debian Importer	Fixing	VCID-evq7-jzj3-6bhu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.144337+00:00	Debian Importer	Fixing	VCID-tnrm-85fu-ufhb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.117353+00:00	Debian Importer	Fixing	VCID-nwsd-53hk-ffhr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.089239+00:00	Debian Importer	Fixing	VCID-xjm1-yec3-mkc6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.049944+00:00	Debian Importer	Fixing	VCID-1jxb-fv1g-2kdu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:39.021886+00:00	Debian Importer	Fixing	VCID-zhp6-uum6-eyc9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:38.984387+00:00	Debian Importer	Fixing	VCID-fk74-ghxp-w3g9	https://security-tracker.debian.org/tracker/data/json	38.1.0