VulnerableCode Package Details - pkg:deb/debian/golang-golang-x-oauth2@0.0~git20190604.0f29369-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/golang-golang-x-oauth2@0.0~git20190604.0f29369-2

Essentials
History (3)

purl	pkg:deb/debian/golang-golang-x-oauth2@0.0~git20190604.0f29369-2

Next non-vulnerable version	0.0~git20211104.d3ed0bb-1
Latest non-vulnerable version	0.15.0-1~bpo12+1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-nrrp-y243-bfa1 Aliases: CVE-2025-22868 GHSA-6v2p-p543-phr9	golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.	0.0~git20211104.d3ed0bb-1 Affected by 0 other vulnerabilities. 0.15.0-1~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-nrrp-y243-bfa1
Aliases:
CVE-2025-22868
GHSA-6v2p-p543-phr9

golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

0.0~git20211104.d3ed0bb-1
Affected by 0 other vulnerabilities.

0.15.0-1~bpo12+1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:06:05.436386+00:00	Debian Importer	Affected by	VCID-nrrp-y243-bfa1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:05:53.096377+00:00	Debian Importer	Affected by	VCID-nrrp-y243-bfa1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-04T17:56:17.718165+00:00	Debian Importer	Affected by	VCID-nrrp-y243-bfa1	https://security-tracker.debian.org/tracker/data/json	38.1.0