High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-06	CVE-2023-45285	Unspecified vulnerability in Golang GO Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. network low complexity golang	7.5
2023-12-05	CVE-2023-45287	Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. network low complexity golang CWE-203	7.5
2023-11-09	CVE-2023-45283	Path Traversal vulnerability in Golang GO The filepath package does not recognize paths with a \??\ prefix as special. network low complexity golang CWE-22	7.5
2023-10-11	CVE-2023-39325	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. network low complexity golang fedoraproject netapp CWE-770	7.5
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-10-05	CVE-2023-39323	Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. network high complexity golang fedoraproject	8.1
2023-09-08	CVE-2023-39321	Unspecified vulnerability in Golang GO 1.21.0/1.21.00 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. network low complexity golang	7.5
2023-09-08	CVE-2023-39322	Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0/1.21.00 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. network low complexity golang CWE-770	7.5
2023-06-08	CVE-2023-29403	Exposure of Resource to Wrong Sphere vulnerability in multiple products On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. local low complexity golang fedoraproject CWE-668	7.8
2023-05-11	CVE-2023-24539	Injection vulnerability in Golang GO Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. network low complexity golang CWE-74	7.3