| Bug | Description |
|---|
| CVE-2023-29405 | cmd/go: improper sanitization of LDFLAGS |
| CVE-2023-29404 | cmd/go: improper sanitization of LDFLAGS |
| CVE-2023-29403 | runtime: unexpected behavior of setuid/setgid binaries |
| CVE-2023-29402 | cmd/go: cgo code injection |
| CVE-2023-29400 | Templates containing actions in unquoted HTML attributes (e.g. "attr={ ... |
| CVE-2023-24540 | Not all valid JavaScript whitespace characters are considered to be wh ... |
| CVE-2023-24539 | Angle brackets (<>) are not considered dangerous characters when inser ... |
| CVE-2023-24538 | Templates do not properly consider backticks (`) as Javascript string ... |
| CVE-2023-24537 | Calling any of the Parse functions on Go source code which contains // ... |
| CVE-2023-24536 | Multipart form parsing can consume large amounts of CPU and memory whe ... |
| CVE-2023-24534 | HTTP and MIME header parsing can allocate large amounts of memory, eve ... |
| CVE-2023-24532 | The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ... |
| CVE-2022-41725 | A denial of service is possible from excessive resource consumption in ... |
| CVE-2022-41724 | Large handshake records may cause panics in crypto/tls. Both clients a ... |
| CVE-2022-41723 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ... |
| CVE-2022-41722 | A path traversal vulnerability exists in filepath.Clean on Windows. On ... |