Go Vulnerability Database

Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.

Search

Recent Reports

GO-2026-4293

  • CVE-2026-22687, GHSA-pcwc-3fw3-8cqv
  • Affects: github.com/Tencent/WeKnora
  • Published: Jan 12, 2026
  • Unreviewed

WeKnora vulnerable to SQL Injection in github.com/Tencent/WeKnora

GO-2026-4292

  • CVE-2026-22688, GHSA-78h3-63c4-5fqc
  • Affects: github.com/Tencent/WeKnora
  • Published: Jan 12, 2026
  • Unreviewed

WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora

GO-2026-4290

  • CVE-2026-22253, GHSA-6jm8-x3g6-r33j
  • Affects: github.com/charmbracelet/soft-serve
  • Published: Jan 12, 2026
  • Unreviewed

Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve

GO-2026-4289

  • CVE-2025-68151, GHSA-527x-5wrf-22m2
  • Affects: github.com/coredns/coredns
  • Published: Jan 12, 2026
  • Unreviewed

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns

GO-2026-4287

  • CVE-2026-21885, GHSA-xwh2-742g-w3wp
  • Affects: miniflux.app, miniflux.app/v2
  • Published: Jan 12, 2026
  • Unreviewed

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app

View all reports

If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.