The Go Vulnerability Database

Clone this repo:


  1. f485fa0 cmd/vulnreport: set vulnerable_at field TODO in "vulnreport create" by Damien Neil · 3 days ago master
  2. 1a4afe2 cmd/vulnreport: use git tool for "vulnreport commit" by Damien Neil · 3 days ago
  3. 82f5116 x/vulndb: cleanup unchecked errors by Tatiana Bradley · 2 weeks ago
  4. f76caa2 cmd/vulnreport: check for presence of symbols in fix by Damien Neil · 2 weeks ago
  5. 8a80fd9 doc: update triage documentation for "vulnreport commit" by Damien Neil · 2 weeks ago

The Go Vulnerability Database

This repository contains the reports for the Go Vulnerability Database.

If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.

Reporting a vulnerability

We are not accepting new vulnerability reports at this time. We will update this once we are ready to receive reports.


Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY 4.0 license. See x/vuln for information on how to access these entries.