Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.
Search
Recent Reports
- Affects: golang.org/x/crypto
- Published: Jul 07, 2026
The golang.org/x/crypto/openpgp package is unsafe by design, has numerous known security issues, is not maintained, and should not be used. If you are required to interoperate with OpenPGP systems and need a maintained package, consider github.com/ProtonMail/go-crypto/openpgp which is a maintained fork that aims to be a drop-in replacement for this package.
- CVE-2026-55432, GHSA-x9qq-2qh5-8rxf
- Affects: github.com/coder/coder, github.com/coder/coder/v2
- Published: Jul 07, 2026
- Unreviewed
Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder
- CVE-2026-55435, GHSA-wqxv-w64v-5wh6
- Affects: github.com/coder/coder, github.com/coder/coder/v2
- Published: Jul 07, 2026
- Unreviewed
Suspended Coder users retain access to AI Bridge LLM proxy endpoints in github.com/coder/coder
- CVE-2026-55431, GHSA-v54h-cp2w-9x4g
- Affects: github.com/coder/coder, github.com/coder/coder/v2
- Published: Jul 07, 2026
- Unreviewed
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
- GHSA-qrwj-vh9x-gw5v
- Affects: github.com/coder/coder, github.com/coder/coder/v2
- Published: Jul 07, 2026
- Unreviewed
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write in github.com/coder/coder
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.