| Bug | Description |
|---|
| CVE-2023-24538 | Templates do not properly consider backticks (`) as Javascript string ... |
| CVE-2023-24537 | Calling any of the Parse functions on Go source code which contains // ... |
| CVE-2023-24536 | Multipart form parsing can consume large amounts of CPU and memory whe ... |
| CVE-2023-24534 | HTTP and MIME header parsing can allocate large amounts of memory, eve ... |
| CVE-2023-24532 | The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ... |
| CVE-2022-41725 | A denial of service is possible from excessive resource consumption in ... |
| CVE-2022-41724 | Large handshake records may cause panics in crypto/tls. Both clients a ... |
| CVE-2022-41723 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ... |
| CVE-2022-41722 | A path traversal vulnerability exists in filepath.Clean on Windows. On ... |
| CVE-2022-41720 | On Windows, restricted files can be accessed via os.DirFS and http.Dir ... |
| CVE-2022-41717 | An attacker can cause excessive memory growth in a Go server accepting ... |
| CVE-2022-41716 | Due to unsanitized NUL values, attackers may be able to maliciously se ... |
| CVE-2022-41715 | Programs which compile regular expressions from untrusted sources may ... |
| CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to ... |
| CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and R ... |
| CVE-2022-32148 | Improper exposure of client IP addresses in net/http before Go 1.17.12 ... |
| CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ... |
| CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 ... |
| CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and ... |
| CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17. ... |
| CVE-2022-30630 | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18. ... |
| CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ... |
| CVE-2022-2880 | Requests forwarded by ReverseProxy include the raw query parameters fr ... |
| CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. ... |
| CVE-2022-1962 | Uncontrolled recursion in the Parse functions in go/parser before Go 1 ... |
| CVE-2022-1705 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ... |