| Bug | stretch | Description |
|---|
| CVE-2020-7919 | vulnerable (no DSA, postponed) | Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ... |
| CVE-2020-24553 | vulnerable | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ... |
| CVE-2020-16845 | vulnerable (no DSA, postponed) | Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ... |
| CVE-2020-15586 | vulnerable (no DSA, postponed) | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ... |
| CVE-2019-9741 | vulnerable (no DSA, ignored) | An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ... |
| CVE-2019-9514 | vulnerable (no DSA, ignored) | Some HTTP/2 implementations are vulnerable to a reset flood, potential ... |
| CVE-2019-9512 | vulnerable (no DSA, ignored) | Some HTTP/2 implementations are vulnerable to ping floods, potentially ... |
| CVE-2019-17596 | vulnerable (no DSA, ignored) | Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ... |
| CVE-2019-16276 | vulnerable (no DSA, ignored) | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smugglin ... |
| CVE-2019-14809 | vulnerable (no DSA, ignored) | net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ... |
| CVE-2017-8932 | vulnerable (no DSA, ignored) | A bug in the standard library ScalarMult implementation of curve P-256 ... |
| CVE-2017-15042 | vulnerable (no DSA, ignored) | An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ... |
| CVE-2017-15041 | vulnerable (no DSA, ignored) | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ... |