Goxmldsig Project Goxmldsig — known CVE vulnerabilities
Every CVE whose affected-product data names Goxmldsig Project Goxmldsig, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-7711 — CVSS 7.5 (high): This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending…
CVE-2026-33487 — CVSS 7.5 (high): goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes…
CVE-2020-15216 — CVSS 5.3 (medium): In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can…