Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Go Number Of NVD 140 CRITICAL 16 HIGH 84 MEDIUM 38 LOW 2
URL https://golang.org/
Explanation It is a programming language developed by Google.
It has a simple syntax and can be coded by anyone to look the same.
It has been adopted by many companies because it is good at parallel processing and can perform well on multi-core systems.
Since it is cross-compatible, it can be run in a variety of environments including Windows, Linux, Mac, and Android.

As a result of prioritizing simplicity, there are some disadvantages such as the lack of exception handling (there are alternative functions), which is common in other languages.
This may be implemented in the future.

A major release is made about every 6 months.
If a critical bug or security issue is fixed during the major release, a minor release is made.

The last two major releases are supported and covered.
Since major releases are made about every six months, the major version a year ago will no longer be supported.
Tag
  • オープンソース
  • BSD License

Add Information URL
No Type Name URL
1 https://github.com/golang/go/wiki/Go-Release-Cycle
2 https://golang.org/doc/devel/release.html
3 https://github.com/golang/go/wiki/MinorReleases
4 https://golang.org/security
5 https://golang.org/doc/copyright.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
91 New!! Go 1.26 1.26.5 July 7, 2026 Feb. 10, 2026 0 10 8 1
92 go 1.21 1.21.13 Aug. 6, 2024 June 16, 2023 2 15 13 1
93 go 1.20 1.20.7 Aug. 1, 2023 Feb. 1, 2023 6 23 15 1
94 go 1.19 1.19.13 Sept. 6, 2023 Aug. 2, 2022 6 30 16 1
95 Go 1.18 1.18.10 Jan. 10, 2023 March 15, 2022 6 42 20 2
96 Go 1.17 1.17.13 Aug. 1, 2022 Aug. 16, 2021 8 48 21 2
97 Go 1.16 1.16.15 March 3, 2022 Feb. 16, 2021 8 54 28 2
98 Go 1.15 1.15.15 Aug. 4, 2021 Aug. 11, 2020 8 59 30 2
99 Go 1.14 1.14.15 Feb. 4, 2021 Feb. 25, 2020 8 59 32 2
100 Go 1.13 1.13.15 Aug. 6, 2020 Sept. 3, 2019 8 63 32 2
101 Go 1.12 1.12.17 Feb. 12, 2020 Feb. 25, 2019 10 64 32 2
102 go 1.9 1.9.7 11 67 33 2
103 go 1.8 1.8.7 11 67 34 2
104 go 1.7 1.7.6 11 70 34 2
105 go 1.6 1.6.4 11 72 34 2
106 go 1.5 1.5.4 11 73 34 2
107 go 1.4 1.4.3 14 71 34 2
108 go 1.3 1.3.3 14 71 35 2
109 go 1.2 1.20.7 Aug. 1, 2023 14 72 36 2
110 go 1.12 1.12.9 10 64 32 2
111 go 1.11 1.11.9 10 64 33 2
112 go 1.10 1.10.8 10 67 32 2
113 go 1.1 1.19.13 Sept. 6, 2023 14 73 36 2
114 go 1.0 1.0.3 15 71 34 2
115 go 0.0 0.0.0-20201203163018-be400aefbc4c 14 70 34 2
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
91 7.5
5.0
HIGH
Network
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. NVD-CWE-noinfo
CVE-2021-33198 cpe:2.3:a:golang:go:*:* 1.16.0


1.16.5
1.15.13
2024-11-21 15:08
2021-08-3
Show GitHub Exploit DB Packet Storm
92 5.3
4.3
MEDIUM
Network
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. CWE-862
 Missing Authorization
CVE-2021-33197 cpe:2.3:a:golang:go:*:* 1.16.0


1.16.5
1.15.13
2024-11-21 15:08
2021-08-3
Show GitHub Exploit DB Packet Storm
93 7.5
5.0
HIGH
Network
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. CWE-20
 Improper Input Validation 
CVE-2021-33196 cpe:2.3:a:golang:go:*:* 1.16.0


1.16.5
1.15.13
2024-11-21 15:08
2021-08-3
Show GitHub Exploit DB Packet Storm
94 7.3
7.5
HIGH
Network
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does n… CWE-74
Injection
CVE-2021-33195 cpe:2.3:a:golang:go:*:* 1.16.0


1.16.5
1.15.13
2024-11-21 15:08
2021-08-3
Show GitHub Exploit DB Packet Storm
95 6.5
2.6
MEDIUM
Network
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a mali… CWE-295
Improper Certificate Validation 
CVE-2021-34558 cpe:2.3:a:golang:go:*:*
1.16.0


1.15.14
1.16.6
2024-11-21 15:10
2021-07-15
Show GitHub Exploit DB Packet Storm
96 9.8
7.5
CRITICAL
Network
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. - CVE-2012-2666 cpe:2.3:a:golang:go:1.0.2:* 2024-11-21 10:39
2021-07-9
Show GitHub Exploit DB Packet Storm
97 5.9
2.6
MEDIUM
Network
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client ca… CWE-674
 Uncontrolled Recursion
CVE-2021-31525 cpe:2.3:a:golang:go:*:* 1.16.0


1.16.4
1.15.12
2024-11-21 15:05
2021-05-27
Show GitHub Exploit DB Packet Storm
98 7.5
5.0
HIGH
Network
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-33194 cpe:2.3:a:golang:go:*:* 1.16.0
1.16.4
1.15.12


2024-11-21 15:08
2021-05-27
Show GitHub Exploit DB Packet Storm
99 5.5
4.3
MEDIUM
Local
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… NVD-CWE-noinfo
CVE-2021-27919 cpe:2.3:a:golang:go:*:* 1.16.0 1.16.1 2024-11-21 14:58
2021-03-11
Show GitHub Exploit DB Packet Storm
100 7.5
5.0
HIGH
Network
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-27918 cpe:2.3:a:golang:go:*:*
1.16.0


1.15.9
1.16.1
2024-11-21 14:58
2021-03-11
Show GitHub Exploit DB Packet Storm