Browse all 22 CVE security advisories affecting Go toolchain. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Go toolchain serves as a foundational development platform for building reliable, efficient software, particularly in cloud-native and distributed systems. Historically, common vulnerabilities include remote code execution in standard library packages, cross-site scripting in web frameworks, and privilege escalation through insecure default configurations. Notable security characteristics include strong memory safety features and built-in concurrency primitives, though dependency management remains a challenge. Major incidents have involved supply chain attacks through compromised third-party packages, highlighting risks in the ecosystem. With 22 CVEs on record, the toolchain's security posture reflects both robust design and potential weaknesses in package management and implementation, requiring vigilant dependency scanning and prompt updates to mitigate emerging threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27144 | Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile — cmd/compile | 8.4AI | HighAI | 2026-04-08 |
| CVE-2026-27143 | Missing bound checks can lead to memory corruption in safe Go in cmd/compile — cmd/compile | 8.4AI | HighAI | 2026-04-08 |
This page lists every published CVE security advisory associated with Go toolchain. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.