The Go Vulnerability Database

Clone this repo:

Branches

  1. ce32ae6 data/reports: review 1 report by Neal Patel · 78 minutes ago master
  2. ac95f99 all: bump github.com/go-git/go-git/v5 to v5.19.1 by Neal Patel · 3 hours ago
  3. 99dec70 data/reports: add GO-2026-5932 by Roland Shoemaker · 25 hours ago
  4. ceb8cd2 data/reports: add 2 first-party reports by Neal Patel · 21 hours ago
  5. 428212e data/reports: update GO-2026-5812 by Nicholas S. Husin · 24 hours ago

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Warning: Packages here are internal to the Go Security Team and its needs; Some may be modified arbitrarily or even disappear altogether. In short, code in this repository is NOT subject to the Go 1 Compatibility Promise.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.