Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Go toolchain — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Go toolchain. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Go toolchain serves as a foundational development platform for building reliable, efficient software, particularly in cloud-native and distributed systems. Historically, common vulnerabilities include remote code execution in standard library packages, cross-site scripting in web frameworks, and privilege escalation through insecure default configurations. Notable security characteristics include strong memory safety features and built-in concurrency primitives, though dependency management remains a challenge. Major incidents have involved supply chain attacks through compromised third-party packages, highlighting risks in the ecosystem. With 22 CVEs on record, the toolchain's security posture reflects both robust design and potential weaknesses in package management and implementation, requiring vigilant dependency scanning and prompt updates to mitigate emerging threats.

Found 19 results / 22Clear Filters
Top products by Go toolchain: cmd/go cmd/compile cmd/cgo
CVE IDTitleCVSSSeverityPublished
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go — cmd/go 9.8AICriticalAI2026-05-07
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go — cmd/go 6.5AIMediumAI2026-05-07
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go — cmd/go 6.5AIMediumAI2026-05-07
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go — cmd/go 7.8AIHighAI2026-04-08
CVE-2025-61731 Arbitrary file write using cgo pkg-config directive in cmd/go — cmd/go 5.5AIMediumAI2026-01-28
CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go — cmd/go 9.8AICriticalAI2026-01-28
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go — cmd/go 9.8AICriticalAI2025-07-29
CVE-2025-22867 Arbitrary code execution during build on darwin in cmd/go — cmd/go 9.8 -2025-02-06
CVE-2024-45340 GOAUTH credential leak in cmd/go — cmd/go 9.1 -2025-01-28
CVE-2023-24531 Output of "go env" does not sanitize values in cmd/go — cmd/go 9.8AICriticalAI2024-07-02
CVE-2024-24787 Arbitrary code execution during build on Darwin in cmd/go — cmd/go 8.8AIHighAI2024-05-08
CVE-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go — cmd/go 9.1 -2023-12-06
CVE-2023-39323 Arbitrary code execution during build via line directives in cmd/go — cmd/go 7.4 -2023-10-05
CVE-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go — cmd/go 9.8 -2023-09-08
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go — cmd/go 9.8 -2023-06-08
CVE-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go — cmd/go 9.8 -2023-06-08
CVE-2023-29402 Code injection via go command with cgo in cmd/go — cmd/go 8.4 -2023-06-08
CVE-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo — cmd/go 8.0 -2020-11-18
CVE-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go — cmd/go 8.8 -2020-11-18

This page lists every published CVE security advisory associated with Go toolchain. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.