Vulnerabilities > Golang > GO > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-24790 Unspecified vulnerability in Golang GO
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
network
low complexity
golang
critical
9.8
2023-09-08 CVE-2023-39320 Code Injection vulnerability in Golang GO 1.21.0/1.21.00
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module.
network
low complexity
golang CWE-94
critical
9.8
2023-06-08 CVE-2023-29405 Injection vulnerability in multiple products
The go command may execute arbitrary code at build time when using cgo.
network
low complexity
golang fedoraproject CWE-74
critical
9.8
2023-06-08 CVE-2023-29404 Code Injection vulnerability in multiple products
The go command may execute arbitrary code at build time when using cgo.
network
low complexity
golang fedoraproject CWE-94
critical
9.8
2023-06-08 CVE-2023-29402 Code Injection vulnerability in multiple products
The go command may generate unexpected code at build time when using cgo.
network
low complexity
golang fedoraproject CWE-94
critical
9.8
2023-05-11 CVE-2023-24540 Unspecified vulnerability in Golang GO
Not all valid JavaScript whitespace characters are considered to be whitespace.
network
low complexity
golang
critical
9.8
2023-04-06 CVE-2023-24538 Code Injection vulnerability in Golang GO
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.
network
low complexity
golang CWE-94
critical
9.8
2022-02-11 CVE-2022-23806 Unchecked Return Value vulnerability in multiple products
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
network
low complexity
golang netapp debian CWE-252
critical
9.1
2021-10-18 CVE-2021-38297 Classic Buffer Overflow vulnerability in multiple products
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
network
low complexity
golang fedoraproject CWE-120
critical
9.8
2021-07-09 CVE-2012-2666 Insecure Temporary File vulnerability in Golang GO 1.0.2
golang/go in 1.0.2 fixes all.bash on shared machines.
network
low complexity
golang CWE-377
critical
9.8