| Bug | trixie | forky | sid | Description |
|---|
| CVE-2025-61729 | vulnerable | vulnerable | vulnerable | Within HostnameError.Error(), when constructing an error string, there ... |
| CVE-2025-61727 | vulnerable | vulnerable | vulnerable | An excluded subdomain constraint in a certificate chain does not restr ... |
| CVE-2025-61725 | vulnerable (no DSA) | fixed | fixed | The ParseAddress function constructs domain-literal address components ... |
| CVE-2025-61724 | vulnerable (no DSA) | fixed | fixed | The Reader.ReadResponse function constructs a response string through ... |
| CVE-2025-61723 | vulnerable (no DSA) | fixed | fixed | The processing time for parsing some invalid inputs scales non-linearl ... |
| CVE-2025-58189 | vulnerable (no DSA) | fixed | fixed | When Conn.Handshake fails during ALPN negotiation the error contains a ... |
| CVE-2025-58188 | vulnerable (no DSA) | fixed | fixed | Validating certificate chains which contain DSA public keys can cause ... |
| CVE-2025-58187 | vulnerable (no DSA) | fixed | fixed | Due to the design of the name constraint checking algorithm, the proce ... |
| CVE-2025-58186 | vulnerable (no DSA) | fixed | fixed | Despite HTTP headers having a default limit of 1MB, the number of cook ... |
| CVE-2025-58185 | vulnerable (no DSA) | fixed | fixed | Parsing a maliciously crafted DER payload could allocate large amounts ... |
| CVE-2025-58183 | vulnerable (no DSA) | fixed | fixed | tar.Reader does not set a maximum size on the number of sparse region ... |
| CVE-2025-47912 | vulnerable (no DSA) | fixed | fixed | The Parse function permits values other than IPv6 addresses to be incl ... |
| CVE-2025-47907 | vulnerable (no DSA) | fixed | fixed | Cancelling a query (e.g. by cancelling the context passed to one of th ... |
| CVE-2025-47906 | vulnerable (no DSA) | fixed | fixed | If the PATH environment variable contains paths which are executables ... |
| CVE-2025-4674 | vulnerable (no DSA) | fixed | fixed | The go command may execute unexpected commands when operating in untru ... |
| CVE-2024-8244 | vulnerable (no DSA) | vulnerable | vulnerable | The filepath.Walk and filepath.WalkDir functions are documented as not ... |
| Bug | Description |
|---|
| CVE-2025-47910 | When using http.CrossOriginProtection, the AddInsecureBypassPattern me ... |
| CVE-2025-22874 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsag ... |
| CVE-2025-22873 | |
| CVE-2025-22871 | The net/http package improperly accepts a bare LF as a line terminator ... |
| CVE-2025-22870 | Matching of hosts against proxy patterns can improperly treat an IPv6 ... |
| CVE-2025-22867 | On Darwin, building a Go module which contains CGO can trigger arbitra ... |
| CVE-2025-22866 | Due to the usage of a variable time instruction in the assembly implem ... |
| CVE-2025-22865 | Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT ... |
| CVE-2025-4673 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross- ... |
| CVE-2025-0913 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and ... |
| CVE-2024-45341 | A certificate with a URI which has a IPv6 address with a zone ID may i ... |
| CVE-2024-45340 | Credentials provided via the new GOAUTH feature were not being properl ... |
| CVE-2024-45336 | The HTTP client drops sensitive headers after following a cross-domain ... |