golang (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package golang, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-25679 — CVSS 7.5 (high): url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
CVE-2026-27137 — CVSS 7.5 (high): When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local…
CVE-2024-45336 — CVSS 6.1 (medium): The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an…
CVE-2024-45341 — CVSS 6.1 (medium): A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the…
CVE-2025-22866 — CVSS 4.0 (medium): Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret…