Vulnerabilities > Golang > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-24790 | Unspecified vulnerability in Golang GO The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | 9.8 |
| 2023-09-08 | CVE-2023-39320 | Code Injection vulnerability in Golang GO 1.21.0/1.21.00 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. | 9.8 |
| 2023-06-08 | CVE-2023-29402 | Code Injection vulnerability in multiple products The go command may generate unexpected code at build time when using cgo. | 9.8 |
| 2023-06-08 | CVE-2023-29404 | Code Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-06-08 | CVE-2023-29405 | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
| 2023-05-11 | CVE-2023-24540 | Unspecified vulnerability in Golang GO Not all valid JavaScript whitespace characters are considered to be whitespace. | 9.8 |
| 2023-04-06 | CVE-2023-24538 | Code Injection vulnerability in Golang GO Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2022-02-11 | CVE-2022-23806 | Unchecked Return Value vulnerability in multiple products Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | 9.1 |
| 2021-10-18 | CVE-2021-38297 | Classic Buffer Overflow vulnerability in multiple products Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | 9.8 |
| 2021-07-09 | CVE-2012-2666 | Insecure Temporary File vulnerability in Golang GO 1.0.2 golang/go in 1.0.2 fixes all.bash on shared machines. | 9.8 |