Search CVE reports

Toggle filters

351 – 360 of 26567 results

Status is adjusted based on your filters.

CVE-2026-39836

Medium priority
Needs evaluation

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39826

Medium priority
Needs evaluation

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39825

Medium priority
Needs evaluation

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39823

Medium priority
Needs evaluation

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute,...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39820

Medium priority
Needs evaluation

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39819

Medium priority
Needs evaluation

The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-39817

Medium priority
Needs evaluation

The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-33814

Medium priority
Needs evaluation

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 26.04 LTS
golang-golang-x-net Needs evaluation
google-guest-agent Needs evaluation
containerd Needs evaluation
golang-golang-x-net-dev Not in release
adsys Needs evaluation
juju-core Not in release
lxd Not in release
Show all 7 packages Show less packages

CVE-2026-33811

Medium priority
Needs evaluation

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 26.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Not in release
golang-1.22 Not in release
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Needs evaluation
Show all 16 packages Show less packages

CVE-2026-42284

Medium priority
Needs evaluation

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main...

1 affected package

python-git

Package 26.04 LTS
python-git Needs evaluation
Show less packages
  1. Previous page
  2. 34
  3. 35
  4. 36
  5. 37
  6. 38
  7. Next page
Export to JSON