github.com/osrg/gobgp/v4 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/osrg/gobgp/v4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2026-41643 — CVSS 7.5 (high): GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote…
CVE-2026-37461 — CVSS 7.5 (high): An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS)…
CVE-2026-41642 — CVSS 7.5 (high): GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of…
CVE-2026-30405 — CVSS 7.5 (high): An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
CVE-2026-42285 — CVSS 7.5 (high): GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated…
CVE-2026-7736 — CVSS 7.3 (high): A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file…
CVE-2026-7734 — CVSS 5.3 (medium): A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file…