Skip to content

Issues: golang/go

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
34 Open 486 Closed
34 Open 486 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

security: fix CVE-2025-4673 [1.24 backport] CherryPickApproved Used during the release process for point releases Security
#73906 opened May 29, 2025 by gopherbot Go1.24.4
security: fix CVE-2025-4673 [1.23 backport] CherryPickApproved Used during the release process for point releases Security
#73905 opened May 29, 2025 by gopherbot Go1.23.10
security: fix CVE-2025-4673 release-blocker Security vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
#73816 opened May 21, 2025 by thatnealpatel Go1.25
@thatnealpatel
2
cmd/go: toolchain directive can point to file relative to go.mod with ADS on windows GoCommand cmd/go NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows Security
#71470 opened Jan 28, 2025 by rolandshoemaker
@matloob
os/exec: LookPath considers paths containing ":" to be absolute on windows NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows Security
#71469 opened Jan 28, 2025 by rolandshoemaker
net/http: Redirect hardening LibraryProposal Issues describing a requested change to the Go standard library or x/ libraries, but not to a tool NeedsFix The path to resolution is known, but the work has not been done. Security
#71161 opened Jan 7, 2025 by neild
@neild
5
x/website, x/pkgsite, x/build/cmd/relui, vscode-go, x/telemetry: vulnerability GHSA-3xgq-45jj-v275/CVE-2024-21538 in cross-spawn dependency version 7.0.3 NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
#71118 opened Jan 3, 2025 by pcreager23 Unreleased
9
path/filepath: Walk/WalkDir susceptible to symlink race Security
#70007 opened Oct 23, 2024 by neild
@neild
2
html/template: template Parse/Execute escaping race NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. Security
#69404 opened Sep 11, 2024 by rolandshoemaker Backlog
1
net/smtp: most fields are not validated or sanitized NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. Security
#66146 opened Mar 6, 2024 by rolandshoemaker Backlog
8
crypto/x509: TestPlatformVerifierLegacy failures NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
#65626 opened Feb 9, 2024 by gopherbot
6
crypto/x509: potentially anomalous path building results NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
#65085 opened Jan 12, 2024 by woodruffw Unplanned
@rolandshoemaker
24
crypto: post-quantum support roadmap NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security umbrella
#64537 opened Dec 4, 2023 by rolandshoemaker Backlog
28
runtime, syscall, x/sys/windows: unexpected DLL loading behavior compiler/runtime Issues related to the Go compiler and/or runtime. NeedsFix The path to resolution is known, but the work has not been done. OS-Windows Security
#64411 opened Nov 27, 2023 by rolandshoemaker Backlog
4
x/crypto/ssh: race in ListenUnix() causes forwarded socket to be rejected after client requests it help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
#64094 opened Nov 13, 2023 by spikecurtis Unreleased
9
crypto/tls: Large session tickets in Go 1.21 can cause Windows Schannel clients to be unable to connect NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Windows Security
#63763 opened Oct 27, 2023 by printfn Unplanned
4
doc/godebug: allow carve out for GODEBUGs introduced in security releases Proposal Proposal-Accepted Security
#63741 opened Oct 25, 2023 by rolandshoemaker Backlog
5
html/template: comment handling introduced in 1.21.1 breaks valid scripts NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
#63183 opened Sep 23, 2023 by jupenur Backlog
@rolandshoemaker
4
html/template: treatment of CDATA sections in foreign content diverges from browsers NeedsFix The path to resolution is known, but the work has not been done. Security
#62617 opened Sep 13, 2023 by rolandshoemaker Go1.25
x/website/_content/doc: refer that crypto/ecdsa.GenerateKey is no longer deterministic since Go 1.20 Documentation Issues describing a change to documentation. help wanted NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
#62255 opened Aug 24, 2023 by abread Backlog
2
proposal: net/http/cookiejar: Secure should not be checked on localhost Proposal Security
#60997 opened Jun 26, 2023 by zekroTJA Proposal
1
archive/tar, archive/zip: add ErrInsecurePath NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. Proposal Proposal-Accepted Security
#55356 opened Sep 22, 2022 by neild Backlog
@neild
31
crypto: set Data Independent Timing flag on arm64 arch-arm64 NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. Security
#49702 opened Nov 21, 2021 by FiloSottile Backlog
@FiloSottile
5
net/http/pprof: assess and document security implications of the goroutines endpoint compiler/runtime Issues related to the Go compiler and/or runtime. Documentation Issues describing a change to documentation. NeedsFix The path to resolution is known, but the work has not been done. Security
#46307 opened May 21, 2021 by FiloSottile Go1.25
3
proposal: x/net/xsrftoken: add new, less error-prone API Proposal Proposal-Hold Security
#42166 opened Oct 23, 2020 by empijei Proposal
17
ProTip! no:milestone will show everything without a milestone.