Every CVE whose affected-product data names Golang Net, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2026-39821 — CVSS 9.6 (critical): The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example…
CVE-2018-17142 — CVSS 7.5 (high): The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error"…
CVE-2018-17143 — CVSS 7.5 (high): The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime…
CVE-2018-17846 — CVSS 7.5 (high): The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite…
CVE-2018-17847 — CVSS 7.5 (high): The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic…
CVE-2018-17848 — CVSS 7.5 (high): The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime…
CVE-2018-17075 — CVSS 7.5 (high): The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for…
CVE-2026-27136 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2026-25681 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2026-42502 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…
CVE-2026-42506 — CVSS 6.1 (medium): Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS…