1.16.14

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-20	CVE-2022-28327	The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. network low complexity golang fedoraproject	7.5
2022-03-05	CVE-2022-24921	Uncontrolled Recursion vulnerability in multiple products regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. network low complexity golang netapp debian CWE-674	7.5
2021-08-07	CVE-2021-29923	Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. network low complexity golang oracle fedoraproject	7.5
2020-12-14	CVE-2020-29511	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6
2020-12-14	CVE-2020-29509	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6