Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Go Number Of NVD 140 CRITICAL 16 HIGH 84 MEDIUM 38 LOW 2
URL https://golang.org/
Explanation It is a programming language developed by Google.
It has a simple syntax and can be coded by anyone to look the same.
It has been adopted by many companies because it is good at parallel processing and can perform well on multi-core systems.
Since it is cross-compatible, it can be run in a variety of environments including Windows, Linux, Mac, and Android.

As a result of prioritizing simplicity, there are some disadvantages such as the lack of exception handling (there are alternative functions), which is common in other languages.
This may be implemented in the future.

A major release is made about every 6 months.
If a critical bug or security issue is fixed during the major release, a minor release is made.

The last two major releases are supported and covered.
Since major releases are made about every six months, the major version a year ago will no longer be supported.
Tag
  • BSD License
  • オープンソース

Add Information URL
No Type Name URL
1 https://github.com/golang/go/wiki/Go-Release-Cycle
2 https://golang.org/doc/devel/release.html
3 https://github.com/golang/go/wiki/MinorReleases
4 https://golang.org/security
5 https://golang.org/doc/copyright.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
101 New!! Go 1.26 1.26.5 July 7, 2026 Feb. 10, 2026 0 10 8 1
102 go 1.21 1.21.13 Aug. 6, 2024 June 16, 2023 2 15 13 1
103 go 1.20 1.20.7 Aug. 1, 2023 Feb. 1, 2023 6 23 15 1
104 go 1.19 1.19.13 Sept. 6, 2023 Aug. 2, 2022 6 30 16 1
105 Go 1.18 1.18.10 Jan. 10, 2023 March 15, 2022 6 42 20 2
106 Go 1.17 1.17.13 Aug. 1, 2022 Aug. 16, 2021 8 48 21 2
107 Go 1.16 1.16.15 March 3, 2022 Feb. 16, 2021 8 54 28 2
108 Go 1.15 1.15.15 Aug. 4, 2021 Aug. 11, 2020 8 59 30 2
109 Go 1.14 1.14.15 Feb. 4, 2021 Feb. 25, 2020 8 59 32 2
110 Go 1.13 1.13.15 Aug. 6, 2020 Sept. 3, 2019 8 63 32 2
111 Go 1.12 1.12.17 Feb. 12, 2020 Feb. 25, 2019 10 64 32 2
112 go 1.9 1.9.7 11 67 33 2
113 go 1.8 1.8.7 11 67 34 2
114 go 1.7 1.7.6 11 70 34 2
115 go 1.6 1.6.4 11 72 34 2
116 go 1.5 1.5.4 11 73 34 2
117 go 1.4 1.4.3 14 71 34 2
118 go 1.3 1.3.3 14 71 35 2
119 go 1.2 1.20.7 Aug. 1, 2023 14 72 36 2
120 go 1.12 1.12.9 10 64 32 2
121 go 1.11 1.11.9 10 64 33 2
122 go 1.10 1.10.8 10 67 32 2
123 go 1.1 1.19.13 Sept. 6, 2023 14 73 36 2
124 go 1.0 1.0.3 15 71 34 2
125 go 0.0 0.0.0-20201203163018-be400aefbc4c 14 70 34 2
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
101 7.5
5.1
HIGH
Network
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, … CWE-427
 Uncontrolled Search Path Element
CVE-2021-3115 cpe:2.3:a:golang:go:*:*
1.15


1.14.14
1.15.7
2024-11-21 15:20
2021-01-27
Show GitHub Exploit DB Packet Storm
102 6.5
6.4
MEDIUM
Network
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 fiel… CWE-682
 Incorrect Calculation
CVE-2021-3114 cpe:2.3:a:golang:go:*:*
1.15


1.14.14
1.15.7
2024-11-21 15:20
2021-01-27
Show GitHub Exploit DB Packet Storm
103 7.5
5.0
HIGH
Network
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language … CWE-129
 Improper Validation of Array Index
CVE-2020-28851 cpe:2.3:a:golang:go:1.15.4:* 2024-11-21 14:23
2021-01-2
Show GitHub Exploit DB Packet Storm
104 5.6
6.8
MEDIUM
Network
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be… NVD-CWE-Other
CVE-2020-29511 cpe:2.3:a:golang:go:*:* 1.17 2024-11-21 14:24
2020-12-15
Show GitHub Exploit DB Packet Storm
105 5.6
6.8
MEDIUM
Network
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave … NVD-CWE-Other
CVE-2020-29510 cpe:2.3:a:golang:go:*:* 1.15 2024-11-21 14:24
2020-12-15
Show GitHub Exploit DB Packet Storm
106 5.6
6.8
MEDIUM
Network
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … NVD-CWE-Other
CVE-2020-29509 cpe:2.3:a:golang:go:*:* 1.17 2024-11-21 14:24
2020-12-15
Show GitHub Exploit DB Packet Storm
107 7.5
5.1
HIGH
Network
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. CWE-94
Code Injection
CVE-2020-28367 cpe:2.3:a:golang:go:*:*
1.15


1.14.12
1.15.5
2024-11-21 14:22
2020-11-19
Show GitHub Exploit DB Packet Storm
108 7.5
5.1
HIGH
Network
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. CWE-94
Code Injection
CVE-2020-28366 cpe:2.3:a:golang:go:*:*
1.15


1.14.12
1.15.5
2024-11-21 14:22
2020-11-19
Show GitHub Exploit DB Packet Storm
109 7.5
5.0
HIGH
Network
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CWE-295
Improper Certificate Validation 
CVE-2020-28362 cpe:2.3:a:golang:go:*:*
1.15


1.14.12
1.15.5
2024-11-21 14:22
2020-11-19
Show GitHub Exploit DB Packet Storm
110 6.1
4.3
MEDIUM
Network
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CWE-79
Cross-site Scripting
CVE-2020-24553 cpe:2.3:a:golang:go:*:* 1.15.0


1.15.1
1.14.8
2024-11-21 14:14
2020-09-3
Show GitHub Exploit DB Packet Storm