Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Go Number Of NVD 140 CRITICAL 16 HIGH 84 MEDIUM 38 LOW 2
URL https://golang.org/
Explanation It is a programming language developed by Google.
It has a simple syntax and can be coded by anyone to look the same.
It has been adopted by many companies because it is good at parallel processing and can perform well on multi-core systems.
Since it is cross-compatible, it can be run in a variety of environments including Windows, Linux, Mac, and Android.

As a result of prioritizing simplicity, there are some disadvantages such as the lack of exception handling (there are alternative functions), which is common in other languages.
This may be implemented in the future.

A major release is made about every 6 months.
If a critical bug or security issue is fixed during the major release, a minor release is made.

The last two major releases are supported and covered.
Since major releases are made about every six months, the major version a year ago will no longer be supported.
Tag
  • BSD License
  • オープンソース

Add Information URL
No Type Name URL
1 https://github.com/golang/go/wiki/Go-Release-Cycle
2 https://golang.org/doc/devel/release.html
3 https://github.com/golang/go/wiki/MinorReleases
4 https://golang.org/security
5 https://golang.org/doc/copyright.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
1 New!! Go 1.26 1.26.5 July 7, 2026 Feb. 10, 2026 0 10 8 1
2 go 1.21 1.21.13 Aug. 6, 2024 June 16, 2023 2 15 13 1
3 go 1.20 1.20.7 Aug. 1, 2023 Feb. 1, 2023 6 23 15 1
4 go 1.19 1.19.13 Sept. 6, 2023 Aug. 2, 2022 6 30 16 1
5 Go 1.18 1.18.10 Jan. 10, 2023 March 15, 2022 6 42 20 2
6 Go 1.17 1.17.13 Aug. 1, 2022 Aug. 16, 2021 8 48 21 2
7 Go 1.16 1.16.15 March 3, 2022 Feb. 16, 2021 8 54 28 2
8 Go 1.15 1.15.15 Aug. 4, 2021 Aug. 11, 2020 8 59 30 2
9 Go 1.14 1.14.15 Feb. 4, 2021 Feb. 25, 2020 8 59 32 2
10 Go 1.13 1.13.15 Aug. 6, 2020 Sept. 3, 2019 8 63 32 2
11 Go 1.12 1.12.17 Feb. 12, 2020 Feb. 25, 2019 10 64 32 2
12 go 1.9 1.9.7 11 67 33 2
13 go 1.8 1.8.7 11 67 34 2
14 go 1.7 1.7.6 11 70 34 2
15 go 1.6 1.6.4 11 72 34 2
16 go 1.5 1.5.4 11 73 34 2
17 go 1.4 1.4.3 14 71 34 2
18 go 1.3 1.3.3 14 71 35 2
19 go 1.2 1.20.7 Aug. 1, 2023 14 72 36 2
20 go 1.12 1.12.9 10 64 32 2
21 go 1.11 1.11.9 10 64 33 2
22 go 1.10 1.10.8 10 67 32 2
23 go 1.1 1.19.13 Sept. 6, 2023 14 73 36 2
24 go 1.0 1.0.3 15 71 34 2
25 go 0.0 0.0.0-20201203163018-be400aefbc4c 14 70 34 2
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
1 5.3
-
MEDIUM
Network
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello. CWE-201
 Insertion of Sensitive Information Into Sent Data
CVE-2026-42505 cpe:2.3:a:golang:go:1.27:rc1
cpe:2.3:a:golang:go:*:*

1.26.0


1.25.12
1.26.5
2026-07-14 02:05
2026-07-9
Show GitHub Exploit DB Packet Storm
2 7.8
-
HIGH
Local
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For e… CWE-61
 UNIX Symbolic Link (Symlink) Following
CVE-2026-39822 cpe:2.3:a:golang:go:1.27:rc1
cpe:2.3:a:golang:go:*:*

1.26.0


1.25.12
1.26.5
2026-07-13 23:54
2026-07-9
Show GitHub Exploit DB Packet Storm
3 7.5
-
HIGH
Network
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr… CWE-347
 Improper Verification of Cryptographic Signature
CVE-2026-42501 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 01:59
2026-05-8
Show GitHub Exploit DB Packet Storm
4 7.5
-
HIGH
Network
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. NVD-CWE-noinfo
CVE-2026-42499 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 01:59
2026-05-8
Show GitHub Exploit DB Packet Storm
5 7.5
-
HIGH
Network
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). CWE-476
 NULL Pointer Dereference
CVE-2026-39836 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 00:11
2026-05-8
Show GitHub Exploit DB Packet Storm
6 6.1
-
MEDIUM
Network
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a… CWE-116
 Improper Encoding or Escaping of Output
CVE-2026-39826 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 01:59
2026-05-8
Show GitHub Exploit DB Packet Storm
7 5.3
-
MEDIUM
Network
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize… NVD-CWE-noinfo
CVE-2026-39825 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 01:58
2026-05-8
Show GitHub Exploit DB Packet Storm
8 6.1
-
MEDIUM
Network
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins… CWE-79
Cross-site Scripting
CVE-2026-39823 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 01:58
2026-05-8
Show GitHub Exploit DB Packet Storm
9 7.5
-
HIGH
Network
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. CWE-770
 Allocation of Resources Without Limits or Throttling
CVE-2026-39820 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 00:10
2026-05-8
Show GitHub Exploit DB Packet Storm
10 5.3
-
MEDIUM
Local
The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one… CWE-59
Link Following
CVE-2026-39819 cpe:2.3:a:golang:go:*:*
1.26.0


1.25.10
1.26.3
2026-05-14 00:05
2026-05-8
Show GitHub Exploit DB Packet Storm