Go Vulnerability Database

Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.

Search

Recent Reports

GO-2025-4198

  • CVE-2017-18883, GHSA-w8cc-3h7q-jhc3
  • Affects: github.com/mattermost/mattermost-server
  • Published: Dec 08, 2025

Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider in github.com/mattermost/mattermost-server

GO-2025-4197

  • CVE-2017-18884, GHSA-876j-jfqf-m7j7
  • Affects: github.com/mattermost/mattermost-server
  • Published: Dec 08, 2025

Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server

GO-2025-4193

  • CVE-2025-66506, GHSA-f83f-xpx7-ffpw
  • Affects: github.com/sigstore/fulcio
  • Published: Dec 08, 2025

Fulcio allocates excessive memory during token parsing in github.com/sigstore/fulcio

GO-2025-4192

  • CVE-2025-66564, GHSA-4qg8-fj49-pxjh
  • Affects: github.com/sigstore/timestamp-authority, github.com/sigstore/timestamp-authority/v2
  • Published: Dec 08, 2025

Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority

GO-2025-4190

  • CVE-2017-18877, GHSA-9x8x-w6g5-hx4w
  • Affects: github.com/mattermost/mattermost-server
  • Published: Dec 08, 2025

Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page in github.com/mattermost/mattermost-server

View all reports

If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.