Search for packages
| purl | pkg:alpm/archlinux/go@1.24.3-1 |
| Next non-vulnerable version | 1.24.4-1 |
| Latest non-vulnerable version | 2:1.24.3-1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2hrd-ctwd-zkau
Aliases: CVE-2025-0913 |
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. | There are no reported fixed by versions. |
|
VCID-cyre-w5g7-hfcj
Aliases: CVE-2025-4673 |
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. |
Affected by 0 other vulnerabilities. |
|
VCID-qypz-u9nr-buf1
Aliases: CVE-2025-22874 |
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-05T22:58:18.807170+00:00 | Arch Linux Importer | Affected by | VCID-2hrd-ctwd-zkau | https://security.archlinux.org/AVG-2896 | 36.1.0 |
| 2025-06-05T22:58:18.795457+00:00 | Arch Linux Importer | Affected by | VCID-qypz-u9nr-buf1 | https://security.archlinux.org/AVG-2896 | 36.1.0 |
| 2025-06-05T22:58:18.782758+00:00 | Arch Linux Importer | Affected by | VCID-cyre-w5g7-hfcj | https://security.archlinux.org/AVG-2896 | 36.1.0 |