pkg:Go/golang.org/x/net

All known vulnerabilities

• MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
  from 0, < 0.17.0
• CRITICAL9.6CVE-2026-39821Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
  from 0, < 0.55.0
• HIGH7.5CVE-2026-33814Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
  from 0, < 0.53.0
• HIGH7.5CVE-2026-27141Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
  >= 0.50.0, < 0.51.0
• HIGH7.5CVE-2023-39325HTTP/2 rapid reset can cause excessive work in net/http
  from 0, < 0.17.0
• HIGH7.5CVE-2023-39325HTTP/2 rapid reset can cause excessive work in net/http
  from 0, < 0.17.0
• HIGH7.5CVE-2018-17846x/net/html Vulnerable to DoS During HTML Parsing
  from 0, < 0.0.0-20190125091013-d26f9f9a57f3
• HIGH7.5CVE-2018-17846x/net/html Vulnerable to DoS During HTML Parsing
  from 0, < 0.0.0-20190125091013-d26f9f9a57f3
• HIGH7.5CVE-2022-41723Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
  from 0, < 0.7.0
• HIGH7.5CVE-2022-41723Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
  from 0, < 0.7.0
• HIGH7.5CVE-2022-41721Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
  >= 0.0.0-20220524220425-1d687d428aca, < 0.1.1-0.20221104162952-702349b0e862
• HIGH7.5CVE-2022-41721Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
  >= 0.0.0-20220524220425-1d687d428aca, < 0.1.1-0.20221104162952-702349b0e862
• HIGH7.5CVE-2022-27664Denial of service in net/http and golang.org/x/net/http2
  from 0, < 0.0.0-20220906165146-f3363e06e74c
• HIGH7.5CVE-2022-27664Denial of service in net/http and golang.org/x/net/http2
  from 0, < 0.0.0-20220906165146-f3363e06e74c
• HIGH7.5CVE-2021-33194Infinite loop when parsing inputs in golang.org/x/net/html
  from 0, < 0.0.0-20210520170846-37e1c6afe023
• HIGH7.5CVE-2021-33194Infinite loop when parsing inputs in golang.org/x/net/html
  from 0, < 0.0.0-20210520170846-37e1c6afe023
• HIGH7.5CVE-2019-9512golang.org/x/net/http vulnerable to a reset flood
  from 0, < 0.0.0-20190813141303-74dc4d7220e7
• HIGH7.5CVE-2019-9512golang.org/x/net/http vulnerable to a reset flood
  from 0, < 0.0.0-20190813141303-74dc4d7220e7
• HIGH7.5CVE-2019-9512golang.org/x/net/http vulnerable to a reset flood
  from 0, < 0.0.0-20190813141303-74dc4d7220e7
• HIGH7.5CVE-2018-17847Panic when parsing certain inputs in golang.org/x/net/html
  from 0, < 0.0.0-20190125002852-4b62a64f59f7
• HIGH7.5CVE-2018-17847Panic when parsing certain inputs in golang.org/x/net/html
  from 0, < 0.0.0-20190125002852-4b62a64f59f7
• HIGH7.5CVE-2018-17847Panic when parsing certain inputs in golang.org/x/net/html
  from 0, < 0.0.0-20190125002852-4b62a64f59f7
• HIGH7.5CVE-2018-17143golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
  from 0, < 0.0.0-20180921000356-2f5d2388922f
• HIGH7.5CVE-2018-17142golang.org/x/net/html NULL Pointer Dereference vulnerability
  from 0, < 0.0.0-20180925071336-cf3bd585ca2a
• HIGH7.5CVE-2018-17143golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
  from 0, < 0.0.0-20180921000356-2f5d2388922f
• HIGH7.5CVE-2018-17142golang.org/x/net/html NULL Pointer Dereference vulnerability
  from 0, < 0.0.0-20180925071336-cf3bd585ca2a
• HIGH7.5CVE-2018-17075golang.org/x/net/html NULL Pointer Dereference vulnerability
  from 0, < 0.0.0-20180816102801-aaf60122140d
• HIGH7.5CVE-2018-17075golang.org/x/net/html NULL Pointer Dereference vulnerability
  from 0, < 0.0.0-20180816102801-aaf60122140d
• HIGH7.5CVE-2021-44716Unbounded memory growth in net/http and golang.org/x/net/http2
  from 0, < 0.0.0-20211209124913-491a49abca63
• MEDIUM6.5CVE-2026-25680Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
  from 0, < 0.55.0
• MEDIUM6.5CVE-2025-22872Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
  from 0, < 0.38.0
• MEDIUM6.5CVE-2025-22872Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
  from 0, < 0.38.0
• MEDIUM6.1CVE-2026-25681Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
  from 0, < 0.55.0
• MEDIUM6.1CVE-2026-42506Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
  from 0, < 0.55.0
• MEDIUM6.1CVE-2026-27136Invoking duplicate attributes can cause XSS in golang.org/x/net/html
  from 0, < 0.55.0
• MEDIUM6.1CVE-2026-42502Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
  from 0, < 0.55.0
• MEDIUM6.1CVE-2023-3978Improper rendering of text nodes in golang.org/x/net/html
  from 0, < 0.13.0
• MEDIUM6.1CVE-2023-3978Improper rendering of text nodes in golang.org/x/net/html
  from 0, < 0.13.0
• MEDIUM5.9CVE-2021-31525golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
  from 0, < 0.0.0-20210428140749-89ef3d95e781
• MEDIUM5.9CVE-2021-31525golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
  from 0, < 0.0.0-20210428140749-89ef3d95e781
• MEDIUM5.3CVE-2025-47911Quadratic parsing complexity in golang.org/x/net/html
  from 0, < 0.45.0
• MEDIUM5.3CVE-2025-58190Infinite parsing loop in golang.org/x/net
  from 0, < 0.45.0
• MEDIUM5.3CVE-2024-45338Non-linear parsing of case-insensitive content in golang.org/x/net/html
  from 0, < 0.33.0
• MEDIUM5.3CVE-2023-45288HTTP/2 CONTINUATION flood in net/http
  from 0, < 0.23.0
• MEDIUM5.3CVE-2023-45288HTTP/2 CONTINUATION flood in net/http
  from 0, < 0.23.0
• MEDIUM5.3CVE-2022-41717Excessive memory growth in net/http and golang.org/x/net/http2
  from 0, < 0.4.0
• MEDIUM5.3CVE-2022-41717Excessive memory growth in net/http and golang.org/x/net/http2
  from 0, < 0.4.0
• MEDIUM4.4CVE-2025-22870HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
  from 0, < 0.36.0
• MEDIUM4.4CVE-2025-22870HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
  from 0, < 0.36.0