Search CVE reports

1 – 10 of 12 results

Detailed view

Sort by:

CVE-2026-27141

Medium priority

Not affected

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-net	Not affected	Not affected	—	—
google-guest-agent	Not affected	Not affected	Not affected	Not affected
containerd	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net-dev	Not in release	Not in release	Not affected	Not affected
adsys	Not affected	Not affected	Not affected	—
juju-core	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not affected	Not affected

CVE-2025-58190

Medium priority

Some fixes available 2 of 9

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

7 affected packages

google-guest-agent, containerd, golang-golang-x-net-dev, adsys, juju-core...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
google-guest-agent	Not affected	Not affected	Not affected	Not affected
containerd	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
adsys	Not affected	Not affected	Not affected	—
juju-core	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not affected	Vulnerable
golang-golang-x-net	Fixed	Fixed	—	—

CVE-2025-47911

Medium priority

Some fixes available 2 of 9

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

7 affected packages

google-guest-agent, containerd, golang-golang-x-net-dev, adsys, juju-core...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
google-guest-agent	Not affected	Not affected	Not affected	Not affected
containerd	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
adsys	Not affected	Not affected	Not affected	—
juju-core	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not affected	Vulnerable
golang-golang-x-net	Fixed	Fixed	—	—

CVE-2025-22872

Medium priority

Some fixes available 2 of 14

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-net	Fixed	Fixed	Not in release	Not in release
google-guest-agent	Not affected	Not affected	Not affected	Not affected
containerd	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
adsys	Not affected	Not affected	Not affected	—
juju-core	—	—	—	—
lxd	—	—	Not affected	Vulnerable

CVE-2023-0092

Medium priority

Not affected

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

2 affected packages

juju-core, juju

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
juju-core	Not in release	Not in release	Not in release	—
juju	—	—	—	—

CVE-2024-45338

Medium priority

Some fixes available 12 of 15

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

7 affected packages

lxd, adsys, golang-golang-x-net, golang-golang-x-net-dev, juju-core...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lxd	Not in release	Not in release	Not affected	Not affected
adsys	Fixed	Fixed	Fixed	—
golang-golang-x-net	Fixed	Fixed	Not in release	—
golang-golang-x-net-dev	Not in release	Not in release	Fixed	Fixed
juju-core	Not in release	Not in release	Not in release	—
containerd	Not affected	Not affected	Not affected	Not affected
google-guest-agent	Not affected	Not affected	Not affected	Not affected

CVE-2023-3978

Medium priority

Some fixes available 1 of 12

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-net	Not affected	Fixed	Not in release	Ignored
google-guest-agent	Not affected	Not affected	Not affected	Not affected
containerd	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
adsys	Not affected	Not affected	Vulnerable	—
juju-core	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not affected	Vulnerable

CVE-2022-41723

Medium priority

Some fixes available 15 of 38

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

20 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang, golang-1.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-net	Not affected	Fixed	Not in release	Not in release
google-guest-agent	Fixed	Fixed	Fixed	Fixed
containerd	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release
golang-1.16	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.17	Not in release	Fixed	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release
adsys	Not affected	Not affected	Vulnerable	—
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
juju-core	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not affected	Vulnerable

CVE-2022-27664

Medium priority

Some fixes available 18 of 36

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

17 affected packages

golang-1.13, golang-1.14, golang-1.16, golang-1.17, golang-1.18...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.13	Not in release	Fixed	Fixed	Fixed
golang-1.14	—	Not in release	Vulnerable	Not in release
golang-1.16	—	Not in release	Fixed	Fixed
golang-1.17	—	Vulnerable	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed
golang-1.6	—	Not in release	Not in release	Not in release
golang-1.8	—	Not in release	Not in release	Vulnerable
golang-1.9	—	Not in release	Not in release	Vulnerable
golang	—	Not in release	Not in release	Not in release
golang-1.10	—	Not in release	Not in release	Vulnerable
golang-golang-x-net	Not affected	Fixed	Not in release	Not in release
google-guest-agent	Fixed	Fixed	Fixed	Ignored
containerd	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
adsys	Not affected	Not affected	Vulnerable	—
juju-core	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not affected	Vulnerable

CVE-2020-26160

Medium priority

Needs evaluation

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....

4 affected packages

golang-github-dgrijalva-jwt-go, telegraf, golang-github-coreos-discovery-etcd-io, juju-core

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-dgrijalva-jwt-go	Not in release	Not affected	Needs evaluation	Needs evaluation
telegraf	Not in release	Not affected	Not in release	Not in release
golang-github-coreos-discovery-etcd-io	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
juju-core	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: