Go Vulnerability Database

Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.

Search

Recent Reports

The golang.org/x/crypto/openpgp package is unsafe by design, has numerous known security issues, is not maintained, and should not be used. If you are required to interoperate with OpenPGP systems and need a maintained package, consider github.com/ProtonMail/go-crypto/openpgp which is a maintained fork that aims to be a drop-in replacement for this package.

Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder

Suspended Coder users retain access to AI Bridge LLM proxy endpoints in github.com/coder/coder

Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder

Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write in github.com/coder/coder

View all reports

If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL