Golang Vulnerabilities
Comprehensive security vulnerability database for Golang products
3
0
8
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2022-32148 | 6.5 | This vulnerability allows an attacker to manipulate the X-Forwarded-For header, potentially exposing the true client IP address when using the Go ReverseProxy feature. It occurs if the header is set to a nil value, which can happen in certain configurations before specific versions of Go are used. | golanggo | Exploit Available | over 3 years agoAug 10, 2022 |
| CVE-2022-1962 | 5.5 | An attacker can exploit this vulnerability to crash a Go application by sending it deeply nested types or declarations, which can overwhelm the system's memory. This issue affects specific versions of Go before updates were released, so using an outdated version increases the risk. | golanggo | Exploit Available | over 3 years agoAug 10, 2022 |
| CVE-2022-1705 | 6.5 | This vulnerability allows an attacker to sneak malicious requests past a server by exploiting certain invalid headers in HTTP requests, but it only works if there’s an intermediate server that also fails to properly reject those headers. To be successful, the attacker needs to carefully craft the requests and rely on the misconfiguration of the servers involved. | golanggo | Exploit Available | over 3 years agoAug 10, 2022 |
About Golang Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Golang products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.