Vulnerabilities > Golang > GO > 1.18.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-08 | CVE-2023-39319 | Cross-site Scripting vulnerability in Golang GO The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. | 6.1 |
| 2023-08-02 | CVE-2023-29409 | Resource Exhaustion vulnerability in Golang GO Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. | 5.3 |
| 2023-07-11 | CVE-2023-29406 | Interpretation Conflict vulnerability in Golang GO The HTTP/1 client does not fully validate the contents of the Host header. | 6.5 |
| 2023-06-08 | CVE-2023-29402 | Code Injection vulnerability in multiple products The go command may generate unexpected code at build time when using cgo. | 9.8 |
| 2023-06-08 | CVE-2023-29403 | Exposure of Resource to Wrong Sphere vulnerability in multiple products On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. | 7.8 |
| 2023-06-08 | CVE-2023-29404 | Code Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-05-11 | CVE-2023-24539 | Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. | 7.3 |
| 2023-05-11 | CVE-2023-24540 | Unspecified vulnerability in Golang GO Not all valid JavaScript whitespace characters are considered to be whitespace. | 9.8 |
| 2023-05-11 | CVE-2023-29400 | Injection vulnerability in Golang GO Templates containing actions in unquoted HTML attributes (e.g. | 7.3 |