Go: Security Vulnerabilities
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-05
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-05
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-30
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-13
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-26
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-02-26