Browse all 8 CVE security advisories affecting golang.org/x/net. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The golang.org/x/net package provides essential networking libraries for Go applications, handling protocols like HTTP, DNS, and WebSocket implementations. Historically, vulnerabilities have commonly included remote code execution (RCE) through crafted inputs, cross-site scripting (XSS) in web components, and denial-of-service vulnerabilities via resource exhaustion. Notable security characteristics include its widespread use in critical infrastructure, which amplifies potential impact. While no major public incidents have been widely documented, the 8 recorded CVEs highlight ongoing security challenges in protocol implementations and input validation, particularly in web-related components that process untrusted data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58190 | Infinite parsing loop in golang.org/x/net — golang.org/x/net/html | 6.5AI | MediumAI | 2026-02-05 |
| CVE-2025-47911 | Quadratic parsing complexity in golang.org/x/net/html — golang.org/x/net/html | 6.5AI | MediumAI | 2026-02-05 |
| CVE-2025-22872 | Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net — golang.org/x/net/html | 5.0AI | MediumAI | 2025-04-16 |
| CVE-2024-45338 | Non-linear parsing of case-insensitive content in golang.org/x/net/html — golang.org/x/net/html | 7.5 | - | 2024-12-18 |
| CVE-2023-3978 | Improper rendering of text nodes in golang.org/x/net/html — golang.org/x/net/html | 6.1 | - | 2023-08-02 |
This page lists every published CVE security advisory associated with golang.org/x/net. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.