CVE Archive

Go Vulnerability Archive

Recent and critical CVEs affecting Go packages. Kodem’s runtime-powered SCA identifies which are actually reachable in your applications.

Top affected packages

code.gitea.io/gitea 3 CVEs
github.com/openbao/openbao 2 CVEs
github.com/zitadel/zitadel 2 CVEs
github.com/axllent/mailpit 1 CVE
github.com/openfga/openfga 1 CVE
github.com/daytonaio/daytona 1 CVE
github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter 1 CVE
github.com/containers/podman/v5 1 CVE
github.com/gotenberg/gotenberg/v8 1 CVE
github.com/projectcapsule/capsule 1 CVE

Recent Go CVEs

CVE

Package / summary

Severity

CVE-2026-55776

github.com/openbao/openbao · OpenBao: Transit secrets engine crashes on key creation with `derived: true`…

Medium

CVE-2026-55770

github.com/openbao/openbao · OpenBao: LDAPi ldaputil (wrong escape func)

Medium

CVE-2026-55187

github.com/axllent/mailpit · Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition…

Medium

CVE-2026-55689

github.com/openfga/openfga · OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Medium

CVE-2026-54319

github.com/daytonaio/daytona · Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into…

Medium

CVE-2026-47256

github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter · opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry…

Medium

CVE-2026-55686

github.com/containers/podman/v5 · Podman: WORKDIR symlink traversal vulnerability

Medium

CVE-2026-55669

github.com/zitadel/zitadel · ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider

Medium

CVE-2026-55672

github.com/zitadel/zitadel · ZITADEL: Missing client_id binding in OIDC authorization code exchange and…

High

CVE-2026-55229

github.com/gotenberg/gotenberg/v8 · Gotenberg: SSRF via LibreOffice document processing

High

CVE-2026-55636

github.com/projectcapsule/capsule · Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves…

Medium

CVE-2026-28737

code.gitea.io/gitea · Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

High

CVE-2026-24791

code.gitea.io/gitea · Gitea: Public-only tokens bypass private-resource restrictions on…

High

CVE-2026-22555

code.gitea.io/gitea · Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration

High

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo

Go Vulnerability Archive

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.