Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more atgo.dev/security/vuln.
Search
Recent Reports
- CVE-2025-9081, GHSA-f72g-52v7-mg3p
- Affects: github.com/mattermost/mattermost-plugin-boards, github.com/mattermost/mattermost-server, and 3 more
- Published: Sep 24, 2025
- Unreviewed
Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards
- CVE-2025-9079, GHSA-qx3f-6vq3-8j8m
- Affects: github.com/mattermost/mattermost-server, github.com/mattermost/mattermost-server/v5, and 2 more
- Published: Sep 24, 2025
- Unreviewed
Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
- CVE-2025-10630, GHSA-g4rr-88fc-26fj
- Affects: github.com/alexanderzobnin/grafana-zabbix
- Published: Sep 24, 2025
- Unreviewed
Grafana-Zabbix ReDoS vulnerability in github.com/alexanderzobnin/grafana-zabbix.NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)The additional affected modules and versions are: github.com/alexanderzobnin/grafana-zabbix before v6.0.0.
- CVE-2025-59410, GHSA-mcvp-rpgg-9273
- Affects: d7y.io/dragonfly/v2, github.com/dragonflyoss/dragonfly
- Published: Sep 24, 2025
- Unreviewed
DragonFly's tiny file download uses hard coded HTTP protocol in d7y.io/dragonfly
- CVE-2025-59354, GHSA-hx2h-vjw2-8r54
- Affects: d7y.io/dragonfly/v2, github.com/dragonflyoss/dragonfly
- Published: Sep 24, 2025
- Unreviewed
DragonFly has weak integrity checks for downloaded files in d7y.io/dragonfly
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.