Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/golang-1.24@1.24.4-1?distro=trixie
purl pkg:deb/debian/golang-1.24@1.24.4-1?distro=trixie
Next non-vulnerable version 1.24.7-1
Latest non-vulnerable version 1.24.13-2
Risk 3.9
Vulnerabilities affecting this package (22)
Vulnerability Summary Fixed by
VCID-1aty-87pz-5yb8
Aliases:
CVE-2025-47907
database/sql: Postgres Scan Race Condition
1.24.7-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-254d-pjst-c7hx
Aliases:
CVE-2025-58186
golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-3nqb-6mna-jyb4
Aliases:
CVE-2025-61724
net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-5n8q-zcds-gyen
Aliases:
CVE-2025-4674
cmd/go: Go VCS Command Execution Vulnerability
1.24.7-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-5q9b-a7c4-1yht
Aliases:
CVE-2025-61728
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-7n3z-vwk2-3ydr
Aliases:
CVE-2025-58188
crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-9ky3-s2vk-cuge
Aliases:
CVE-2025-61727
golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-br2f-7ux9-hkhg
Aliases:
CVE-2025-61723
encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-bv1f-bee8-cbek
Aliases:
CVE-2025-61725
net/mail: Excessive CPU consumption in ParseAddress in net/mail
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-csmt-e61b-tued
Aliases:
CVE-2025-61731
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-dp1t-v58b-43du
Aliases:
CVE-2025-68121
crypto/tls: Unexpected session resumption in crypto/tls
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-dtt9-gmqf-nbaf
Aliases:
CVE-2025-61726
golang: net/url: Memory exhaustion in query parameter parsing in net/url
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-eyev-qpgs-hfbx
Aliases:
CVE-2025-61732
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
1.24.13-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-hay4-q9m3-ekdj
Aliases:
CVE-2025-61729
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-je6z-v5qw-ufew
Aliases:
CVE-2025-61730
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
1.24.12-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-mvsr-c2yh-mbdq
Aliases:
CVE-2025-58183
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-q9yj-ze4x-qyfr
Aliases:
CVE-2025-58187
crypto/x509: Quadratic complexity when checking name constraints in crypto/x509
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-rvbr-nser-sfe7
Aliases:
CVE-2025-47906
os/exec: Unexpected paths returned from LookPath in os/exec
1.24.7-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-sb3w-x3yv-ffft
Aliases:
CVE-2025-47912
net/url: Insufficient validation of bracketed IPv6 hostnames in net/url
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-t2dr-6dz3-7qgt
Aliases:
CVE-2025-58185
encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-usyf-s559-pkgx
Aliases:
CVE-2025-58189
crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
1.24.8-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
VCID-wchc-as62-1fae
Aliases:
CVE-2025-68119
cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings
1.24.13-1
Affected by 0 other vulnerabilities.
1.24.13-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (17)
Vulnerability Summary Aliases
VCID-1jxb-fv1g-2kdu golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341
VCID-6a6z-bq7m-c3gf crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509 CVE-2026-27138
VCID-6rkv-zkwa-mqhf os: os: Information disclosure via path traversal using specially crafted filenames CVE-2025-22873
VCID-7y8a-8can-nba1 RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency The net/http package dependency used by RoadRunner improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. CVE-2025-22871
GHSA-g9pc-8g42-g6vq
VCID-7ym3-nkc7-93dw net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673
VCID-apff-aff9-eueq HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. CVE-2025-22870
GHSA-qxp5-gwg8-xv66
VCID-evq7-jzj3-6bhu cmd/go: Arbitrary code execution during build on darwin in cmd/go CVE-2025-22867
VCID-fk74-ghxp-w3g9 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect CVE-2024-45336
VCID-gtys-5r5h-p7ht CVE-2026-33810
VCID-jsz8-cdt5-27f6 crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509 CVE-2025-22874
VCID-kjf2-r6zt-zqg9 net/http: CrossOriginProtection bypass in net/http CVE-2025-47910
VCID-nwsd-53hk-ffhr crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509 CVE-2025-22865
VCID-pcez-y67t-8yg3 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679
VCID-tnrm-85fu-ufhb crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec CVE-2025-22866
VCID-x5ub-bfb7-nbbr crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137
VCID-xjm1-yec3-mkc6 os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. CVE-2025-0913
VCID-zhp6-uum6-eyc9 cmd/go: golang: GOAUTH credential leak in cmd/go CVE-2024-45340

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:26:11.314764+00:00 Debian Importer Fixing VCID-fk74-ghxp-w3g9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:21:44.930842+00:00 Debian Importer Fixing VCID-tnrm-85fu-ufhb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:38:38.791283+00:00 Debian Importer Fixing VCID-6rkv-zkwa-mqhf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:20:35.096151+00:00 Debian Importer Fixing VCID-1jxb-fv1g-2kdu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:40:03.998070+00:00 Debian Importer Fixing VCID-x5ub-bfb7-nbbr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:32:04.431164+00:00 Debian Importer Fixing VCID-kjf2-r6zt-zqg9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:23:59.406705+00:00 Debian Importer Fixing VCID-nwsd-53hk-ffhr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:20:44.506312+00:00 Debian Importer Fixing VCID-6a6z-bq7m-c3gf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:19:10.472945+00:00 Debian Importer Fixing VCID-xjm1-yec3-mkc6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:07:32.059912+00:00 Debian Importer Fixing VCID-pcez-y67t-8yg3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:06:18.998906+00:00 Debian Importer Fixing VCID-apff-aff9-eueq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:04:59.662238+00:00 Debian Importer Fixing VCID-zhp6-uum6-eyc9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:01:07.934355+00:00 Debian Importer Fixing VCID-gtys-5r5h-p7ht https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:01:02.126950+00:00 Debian Importer Fixing VCID-evq7-jzj3-6bhu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:54:16.868306+00:00 Debian Importer Fixing VCID-7ym3-nkc7-93dw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:49:13.819996+00:00 Debian Importer Fixing VCID-jsz8-cdt5-27f6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:16:07.402886+00:00 Debian Importer Fixing VCID-7y8a-8can-nba1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:16:08.132366+00:00 Debian Importer Fixing VCID-fk74-ghxp-w3g9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:27:30.712674+00:00 Debian Importer Fixing VCID-tnrm-85fu-ufhb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:56:02.287233+00:00 Debian Importer Fixing VCID-6rkv-zkwa-mqhf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:43:15.143076+00:00 Debian Importer Fixing VCID-1jxb-fv1g-2kdu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:12:53.177121+00:00 Debian Importer Fixing VCID-x5ub-bfb7-nbbr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:06:40.453740+00:00 Debian Importer Fixing VCID-kjf2-r6zt-zqg9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:00:36.049282+00:00 Debian Importer Fixing VCID-nwsd-53hk-ffhr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:57:59.027463+00:00 Debian Importer Fixing VCID-6a6z-bq7m-c3gf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:56:46.283238+00:00 Debian Importer Fixing VCID-xjm1-yec3-mkc6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:48:00.760680+00:00 Debian Importer Fixing VCID-pcez-y67t-8yg3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:47:04.598399+00:00 Debian Importer Fixing VCID-apff-aff9-eueq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:46:00.127498+00:00 Debian Importer Fixing VCID-zhp6-uum6-eyc9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:43:04.617752+00:00 Debian Importer Fixing VCID-gtys-5r5h-p7ht https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:43:00.531976+00:00 Debian Importer Fixing VCID-evq7-jzj3-6bhu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:37:40.008932+00:00 Debian Importer Fixing VCID-7ym3-nkc7-93dw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:33:43.306510+00:00 Debian Importer Fixing VCID-jsz8-cdt5-27f6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:11:44.258420+00:00 Debian Importer Fixing VCID-7y8a-8can-nba1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-09T17:36:41.876294+00:00 Debian Importer Fixing VCID-gtys-5r5h-p7ht https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:40.076781+00:00 Debian Importer Fixing VCID-6a6z-bq7m-c3gf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:40.050095+00:00 Debian Importer Fixing VCID-x5ub-bfb7-nbbr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:40.023284+00:00 Debian Importer Fixing VCID-pcez-y67t-8yg3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.981883+00:00 Debian Importer Affected by VCID-dp1t-v58b-43du https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.951015+00:00 Debian Importer Affected by VCID-wchc-as62-1fae https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.918430+00:00 Debian Importer Affected by VCID-eyev-qpgs-hfbx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.887308+00:00 Debian Importer Affected by VCID-csmt-e61b-tued https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.856473+00:00 Debian Importer Affected by VCID-je6z-v5qw-ufew https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.825925+00:00 Debian Importer Affected by VCID-hay4-q9m3-ekdj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.794642+00:00 Debian Importer Affected by VCID-5q9b-a7c4-1yht https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.764387+00:00 Debian Importer Affected by VCID-9ky3-s2vk-cuge https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.730946+00:00 Debian Importer Affected by VCID-dtt9-gmqf-nbaf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.700153+00:00 Debian Importer Affected by VCID-bv1f-bee8-cbek https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.671885+00:00 Debian Importer Affected by VCID-3nqb-6mna-jyb4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.643959+00:00 Debian Importer Affected by VCID-br2f-7ux9-hkhg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.615759+00:00 Debian Importer Affected by VCID-usyf-s559-pkgx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.588031+00:00 Debian Importer Affected by VCID-7n3z-vwk2-3ydr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.560279+00:00 Debian Importer Affected by VCID-q9yj-ze4x-qyfr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.532904+00:00 Debian Importer Affected by VCID-254d-pjst-c7hx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.505641+00:00 Debian Importer Affected by VCID-t2dr-6dz3-7qgt https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.478187+00:00 Debian Importer Affected by VCID-mvsr-c2yh-mbdq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.450005+00:00 Debian Importer Affected by VCID-sb3w-x3yv-ffft https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.436217+00:00 Debian Importer Fixing VCID-kjf2-r6zt-zqg9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.394200+00:00 Debian Importer Affected by VCID-1aty-87pz-5yb8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.362436+00:00 Debian Importer Affected by VCID-rvbr-nser-sfe7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.330309+00:00 Debian Importer Affected by VCID-5n8q-zcds-gyen https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.313721+00:00 Debian Importer Fixing VCID-7ym3-nkc7-93dw https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.290228+00:00 Debian Importer Fixing VCID-jsz8-cdt5-27f6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.265597+00:00 Debian Importer Fixing VCID-6rkv-zkwa-mqhf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.240887+00:00 Debian Importer Fixing VCID-7y8a-8can-nba1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.213499+00:00 Debian Importer Fixing VCID-apff-aff9-eueq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.185833+00:00 Debian Importer Fixing VCID-evq7-jzj3-6bhu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.159172+00:00 Debian Importer Fixing VCID-tnrm-85fu-ufhb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.130644+00:00 Debian Importer Fixing VCID-nwsd-53hk-ffhr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.103827+00:00 Debian Importer Fixing VCID-xjm1-yec3-mkc6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.063531+00:00 Debian Importer Fixing VCID-1jxb-fv1g-2kdu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:39.036037+00:00 Debian Importer Fixing VCID-zhp6-uum6-eyc9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:25:38.999467+00:00 Debian Importer Fixing VCID-fk74-ghxp-w3g9 https://security-tracker.debian.org/tracker/data/json 38.1.0