Search CVE reports

Toggle filters

1231 – 1240 of 36525 results

Status is adjusted based on your filters.

CVE-2026-39825

Medium priority
Needs evaluation

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-39823

Medium priority
Needs evaluation

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute,...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-39820

Medium priority
Needs evaluation

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-39819

Medium priority
Needs evaluation

The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-39817

Medium priority
Needs evaluation

The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-33814

Medium priority
Vulnerable

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

7 affected packages

containerd, golang-golang-x-net, google-guest-agent, golang-golang-x-net-dev, adsys...

Package 24.04 LTS
containerd Vulnerable
golang-golang-x-net Vulnerable
google-guest-agent Needs evaluation
golang-golang-x-net-dev Not in release
adsys Needs evaluation
juju-core Not in release
lxd Not in release
Show all 7 packages Show less packages

CVE-2026-33811

Medium priority
Needs evaluation

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-42284

Medium priority
Fixed

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main...

1 affected package

python-git

Package 24.04 LTS
python-git Fixed
Show less packages

CVE-2026-42215

Medium priority
Fixed

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent...

1 affected package

python-git

Package 24.04 LTS
python-git Fixed
Show less packages

CVE-2026-42011

Medium priority
Fixed

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this...

1 affected package

gnutls28

Package 24.04 LTS
gnutls28 Fixed
Show less packages
  1. Previous page
  2. 122
  3. 123
  4. 124
  5. 125
  6. 126
  7. Next page
Export to JSON