| Bug | Description |
|---|
| CVE-2025-22871 | The net/http package improperly accepts a bare LF as a line terminator ... |
| CVE-2025-22870 | Matching of hosts against proxy patterns can improperly treat an IPv6 ... |
| CVE-2025-22867 | On Darwin, building a Go module which contains CGO can trigger arbitra ... |
| CVE-2025-22866 | Due to the usage of a variable time instruction in the assembly implem ... |
| CVE-2025-22865 | Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT ... |
| CVE-2025-0913 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and ... |
| CVE-2024-45341 | A certificate with a URI which has a IPv6 address with a zone ID may i ... |
| CVE-2024-45340 | Credentials provided via the new GOAUTH feature were not being properl ... |
| CVE-2024-45336 | The HTTP client drops sensitive headers after following a cross-domain ... |