Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

golang.org/x/net — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting golang.org/x/net. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The golang.org/x/net package provides essential networking libraries for Go applications, handling protocols like HTTP, DNS, and WebSocket implementations. Historically, vulnerabilities have commonly included remote code execution (RCE) through crafted inputs, cross-site scripting (XSS) in web components, and denial-of-service vulnerabilities via resource exhaustion. Notable security characteristics include its widespread use in critical infrastructure, which amplifies potential impact. While no major public incidents have been widely documented, the 8 recorded CVEs highlight ongoing security challenges in protocol implementations and input validation, particularly in web-related components that process untrusted data.

Top products by golang.org/x/net: golang.org/x/net/html golang.org/x/net/http2 golang.org/x/net/http2/h2c
CVE IDTitleCVSSSeverityPublished
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net — golang.org/x/net/http2 7.5AIHighAI2026-05-07
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net — golang.org/x/net/http2 7.5AIHighAI2026-02-26
CVE-2025-58190 Infinite parsing loop in golang.org/x/net — golang.org/x/net/html 6.5AIMediumAI2026-02-05
CVE-2025-47911 Quadratic parsing complexity in golang.org/x/net/html — golang.org/x/net/html 6.5AIMediumAI2026-02-05
CVE-2025-22872 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net — golang.org/x/net/html 5.0AIMediumAI2025-04-16
CVE-2024-45338 Non-linear parsing of case-insensitive content in golang.org/x/net/html — golang.org/x/net/html 7.5 -2024-12-18
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html — golang.org/x/net/html 6.1 -2023-08-02
CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c — golang.org/x/net/http2/h2c 7.5 -2023-01-13

This page lists every published CVE security advisory associated with golang.org/x/net. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.