Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Go Number Of NVD 140 CRITICAL 16 HIGH 84 MEDIUM 38 LOW 2
URL https://golang.org/
Explanation It is a programming language developed by Google.
It has a simple syntax and can be coded by anyone to look the same.
It has been adopted by many companies because it is good at parallel processing and can perform well on multi-core systems.
Since it is cross-compatible, it can be run in a variety of environments including Windows, Linux, Mac, and Android.

As a result of prioritizing simplicity, there are some disadvantages such as the lack of exception handling (there are alternative functions), which is common in other languages.
This may be implemented in the future.

A major release is made about every 6 months.
If a critical bug or security issue is fixed during the major release, a minor release is made.

The last two major releases are supported and covered.
Since major releases are made about every six months, the major version a year ago will no longer be supported.
Tag
  • オープンソース
  • BSD License

Add Information URL
No Type Name URL
1 https://github.com/golang/go/wiki/Go-Release-Cycle
2 https://golang.org/doc/devel/release.html
3 https://github.com/golang/go/wiki/MinorReleases
4 https://golang.org/security
5 https://golang.org/doc/copyright.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
81 New!! Go 1.26 1.26.5 July 7, 2026 Feb. 10, 2026 0 10 8 1
82 go 1.21 1.21.13 Aug. 6, 2024 June 16, 2023 2 15 13 1
83 go 1.20 1.20.7 Aug. 1, 2023 Feb. 1, 2023 6 23 15 1
84 go 1.19 1.19.13 Sept. 6, 2023 Aug. 2, 2022 6 30 16 1
85 Go 1.18 1.18.10 Jan. 10, 2023 March 15, 2022 6 42 20 2
86 Go 1.17 1.17.13 Aug. 1, 2022 Aug. 16, 2021 8 48 21 2
87 Go 1.16 1.16.15 March 3, 2022 Feb. 16, 2021 8 54 28 2
88 Go 1.15 1.15.15 Aug. 4, 2021 Aug. 11, 2020 8 59 30 2
89 Go 1.14 1.14.15 Feb. 4, 2021 Feb. 25, 2020 8 59 32 2
90 Go 1.13 1.13.15 Aug. 6, 2020 Sept. 3, 2019 8 63 32 2
91 Go 1.12 1.12.17 Feb. 12, 2020 Feb. 25, 2019 10 64 32 2
92 go 1.9 1.9.7 11 67 33 2
93 go 1.8 1.8.7 11 67 34 2
94 go 1.7 1.7.6 11 70 34 2
95 go 1.6 1.6.4 11 72 34 2
96 go 1.5 1.5.4 11 73 34 2
97 go 1.4 1.4.3 14 71 34 2
98 go 1.3 1.3.3 14 71 35 2
99 go 1.2 1.20.7 Aug. 1, 2023 14 72 36 2
100 go 1.12 1.12.9 10 64 32 2
101 go 1.11 1.11.9 10 64 33 2
102 go 1.10 1.10.8 10 67 32 2
103 go 1.1 1.19.13 Sept. 6, 2023 14 73 36 2
104 go 1.0 1.0.3 15 71 34 2
105 go 0.0 0.0.0-20201203163018-be400aefbc4c 14 70 34 2
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
81 7.5
5.0
HIGH
Network
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able… CWE-436
 Interpretation Conflict
CVE-2022-23773 cpe:2.3:a:golang:go:*:* 1.17.0


1.17.7
1.16.14
2024-11-21 15:49
2022-02-11
Show GitHub Exploit DB Packet Storm
82 7.5
7.8
HIGH
Network
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CWE-190
 Integer Overflow or Wraparound
CVE-2022-23772 cpe:2.3:a:golang:go:*:* 1.17.0


1.17.7
1.16.14
2024-11-21 15:49
2022-02-11
Show GitHub Exploit DB Packet Storm
83 7.5
5.0
HIGH
Network
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exi… CWE-770
 Allocation of Resources Without Limits or Throttling
CVE-2021-39293 cpe:2.3:a:golang:go:*:* 1.17.0


1.17.1
1.16.8
2024-11-21 15:19
2022-01-24
Show GitHub Exploit DB Packet Storm
84 4.8
5.8
MEDIUM
Network
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file… CWE-404
 Improper Resource Shutdown or Release
CVE-2021-44717 cpe:2.3:a:golang:go:*:*
1.17.0


1.16.12
1.17.5
2024-11-21 15:31
2022-01-1
Show GitHub Exploit DB Packet Storm
85 7.5
5.0
HIGH
Network
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. CWE-400
 Uncontrolled Resource Consumption
CVE-2021-44716 cpe:2.3:a:golang:go:*:*
1.17.0


1.16.12
1.17.5
2024-11-21 15:31
2022-01-1
Show GitHub Exploit DB Packet Storm
86 7.5
5.0
HIGH
Network
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. CWE-20
 Improper Input Validation 
CVE-2021-41772 cpe:2.3:a:golang:go:*:*
1.17.0


1.16.10
1.17.3
2024-11-21 15:26
2021-11-8
Show GitHub Exploit DB Packet Storm
87 7.5
5.0
HIGH
Network
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2021-41771 cpe:2.3:a:golang:go:*:*
1.17.0


1.16.10
1.17.3
2024-11-21 15:26
2021-11-8
Show GitHub Exploit DB Packet Storm
88 9.8
7.5
CRITICAL
Network
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. CWE-120
Classic Buffer Overflow
CVE-2021-38297 cpe:2.3:a:golang:go:*:* 1.17.0


1.17.2
1.16.9
2024-11-21 15:16
2021-10-18
Show GitHub Exploit DB Packet Storm
89 5.9
4.3
MEDIUM
Network
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. CWE-362
Race Condition
CVE-2021-36221 cpe:2.3:a:golang:go:*:* 1.16.0


1.16.7
1.15.15
2024-11-21 15:13
2021-08-8
Show GitHub Exploit DB Packet Storm
90 7.5
5.0
HIGH
Network
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP … NVD-CWE-noinfo
CVE-2021-29923 cpe:2.3:a:golang:go:*:* 1.17 2024-11-21 15:01
2021-08-8
Show GitHub Exploit DB Packet Storm