| Bug | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2025-22872 | vulnerable | vulnerable | vulnerable | vulnerable | The tokenizer incorrectly interprets tags with unquoted attribute valu ... |
| CVE-2024-45338 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable | vulnerable | An attacker can craft an input to the Parse functions that would be pr ... |
| CVE-2023-45288 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ... |
| CVE-2023-3978 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Text nodes not in the HTML namespace are incorrectly literally rendere ... |
| CVE-2022-41723 | vulnerable (no DSA) | fixed | fixed | fixed | A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ... |
| CVE-2022-41717 | vulnerable (no DSA) | fixed | fixed | fixed | An attacker can cause excessive memory growth in a Go server accepting ... |
| CVE-2022-27664 | vulnerable (no DSA) | fixed | fixed | fixed | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ... |
| CVE-2021-44716 | vulnerable (no DSA) | fixed | fixed | fixed | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ... |