Browse all 4 CVE security advisories affecting Golang. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Go is primarily used for building high-performance network services and distributed systems. Historically, common vulnerabilities include remote code execution in web servers, deserialization flaws, and privilege escalation through improper input validation. Notable security characteristics include its strong typing and built-in concurrency features, which reduce certain classes of bugs. While currently having only 4 CVEs, past incidents have included vulnerabilities in the standard library's net/http package and third-party dependencies. The language's minimal attack surface compared to some alternatives is a security advantage, though developers must still carefully validate inputs and manage dependencies to prevent common web vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-29509 | Google Go encoding 安全漏洞 — GoCWE-115 | 9.8 | Critical | 2020-12-14 |
| CVE-2020-29511 | Google Go encoding 安全漏洞 — GoCWE-115 | 9.8 | Critical | 2020-12-14 |
| CVE-2020-29510 | Google Golang 安全漏洞 — GoCWE-115 | 9.8 | Critical | 2020-12-14 |
| CVE-2018-1002207 | mholt/archiver golang包路径遍历漏洞 — archiverCWE-22 | 5.5 | - | 2018-07-25 |
This page lists every published CVE security advisory associated with Golang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.