Search CVE reports

Toggle filters

1 – 10 of 18 results

CVE-2026-27141

Medium priority
Not affected

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not affected
google-guest-agent Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Not affected Not affected
adsys Not affected Not affected Not affected
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Not affected
Show all 7 packages Show less packages

CVE-2025-58190

Medium priority

Some fixes available 2 of 9

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

7 affected packages

google-guest-agent, containerd, golang-golang-x-net-dev, adsys, juju-core...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
google-guest-agent Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Not affected
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
golang-golang-x-net Fixed Fixed
Show all 7 packages Show less packages

CVE-2025-47911

Medium priority

Some fixes available 2 of 9

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

7 affected packages

google-guest-agent, containerd, golang-golang-x-net-dev, adsys, juju-core...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
google-guest-agent Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Not affected
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
golang-golang-x-net Fixed Fixed
Show all 7 packages Show less packages

CVE-2025-22872

Medium priority

Some fixes available 2 of 14

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Fixed Fixed Not in release Not in release
google-guest-agent Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Not affected
juju-core
lxd Not affected Vulnerable
Show all 7 packages Show less packages

CVE-2024-45338

Medium priority

Some fixes available 12 of 15

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

7 affected packages

lxd, adsys, golang-golang-x-net, golang-golang-x-net-dev, juju-core...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not affected Not affected
adsys Fixed Fixed Fixed
golang-golang-x-net Fixed Fixed Not in release
golang-golang-x-net-dev Not in release Not in release Fixed Fixed
juju-core Not in release Not in release Not in release
containerd Not affected Not affected Not affected Not affected
google-guest-agent Not affected Not affected Not affected Not affected
Show all 7 packages Show less packages

CVE-2023-3978

Medium priority

Some fixes available 1 of 12

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Fixed Not in release Ignored
google-guest-agent Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Vulnerable
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show all 7 packages Show less packages

CVE-2022-41723

Medium priority

Some fixes available 15 of 38

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

20 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Fixed Not in release Not in release
google-guest-agent Fixed Fixed Fixed Fixed
containerd Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.16 Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Fixed Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release
golang-1.21 Not affected Not affected Not affected Not in release
adsys Not affected Not affected Vulnerable
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show all 20 packages Show less packages

CVE-2022-41721

Medium priority
Ignored

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead...

2 affected packages

golang-golang-x-net, google-guest-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not in release Not in release
google-guest-agent Not affected Not affected Not affected
Show less packages

CVE-2022-27664

Medium priority

Some fixes available 18 of 36

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

17 affected packages

golang-1.13, golang-1.14, golang-1.16, golang-1.17, golang-1.18...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.14 Not in release Vulnerable Not in release
golang-1.16 Not in release Fixed Fixed
golang-1.17 Vulnerable Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Vulnerable
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Vulnerable
golang-golang-x-net Not affected Fixed Not in release Not in release
google-guest-agent Fixed Fixed Fixed Ignored
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Vulnerable
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show all 17 packages Show less packages

CVE-2021-44716

Medium priority

Some fixes available 7 of 23

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.17, golang-1.7, golang-1.8, golang-golang-x-net...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.17 Not in release Vulnerable Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-golang-x-net Not affected Not affected Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
google-guest-agent Fixed Fixed Fixed Vulnerable
golang-1.15 Not in release Not in release
Show all 8 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON