golang.org/x/net/html (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package golang.org/x/net/html, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2024-45338 — CVSS 5.3 (medium): An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in…
CVE-2025-47911 — CVSS 5.3 (medium): The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial…