Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
is:issue state:open label:Security
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
golang
/
go
Public
Notifications
You must be signed in to change notification settings
Fork
18.7k
Star
132k
Code
Issues
5k+
Pull requests
363
Discussions
Actions
Projects
5
Wiki
Security
Uh oh!
There was an error while loading.
Please reload this page
.
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Wiki
Security
Insights
Go team quiet weeks Dec 22–Jan 2: issue tracker responses will be delayed
#76921 ·
aclements
opened
on Dec 19, 2025
1
Issues
Search Issues
is
:
issue
state
:
open
label
:
Security
is:issue state:open label:Security
Search
Labels
Milestones
New issue
Search results
Open
Closed
html/template: provide JS variable population helper, disable arbitrary template actions inside of <script> contexts
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Security
Thinking
Status: Open.
#77031
In golang/go;
·
rolandshoemaker
opened
on Dec 29, 2025
·
Backlog
crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Security
Status: Open.
#76935
In golang/go;
·
zzachattack2
opened
on Dec 19, 2025
crypto/tls: initial handshake messages can include additional messages in TLS 1.3 [1.25 backport]
CherryPickApproved
Used during the release process for point releases
Used during the release process for point releases
Security
Status: Open.
#76855
In golang/go;
·
gopherbot
opened
on Dec 16, 2025
·
Go1.25.6
crypto/tls: initial handshake messages can include additional messages in TLS 1.3 [1.24 backport]
CherryPickApproved
Used during the release process for point releases
Used during the release process for point releases
Security
Status: Open.
#76854
In golang/go;
·
gopherbot
opened
on Dec 16, 2025
·
Go1.24.12
cmd/go: potential code smuggling using doc comments (CVE-2025-61732)
BugReport
Issues describing a possible bug in the Go implementation.
Issues describing a possible bug in the Go implementation.
Security
Status: Open.
#76697
In golang/go;
·
thatnealpatel
opened
on Dec 4, 2025
proposal: support dependency cooldown in Go tooling
Proposal
Security
ToolProposal
Issues describing a requested change to a Go tool or command-line program.
Issues describing a requested change to a Go tool or command-line program.
Status: Open.
#76485
In golang/go;
·
dbohdan
opened
on Nov 27, 2025
·
Proposal
time: DLL side-loading vulnerability on non-English Windows systems
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
OS-Windows
Security
Status: Open.
#75648
In golang/go;
·
ozanh
opened
on Sep 29, 2025
proposal: crypto/tls: support getting the TLS configuration from Windows
LibraryProposal
Issues describing a requested change to the Go standard library or x/ libraries, but not to a tool
Issues describing a requested change to the Go standard library or x/ libraries, but not to a tool
OS-Windows
Proposal
Security
Status: Open.
#75086
In golang/go;
·
qmuntal
opened
on Aug 19, 2025
·
Proposal
cmd/go: defensively unset dangerous VCS configuration options
GoCommand
cmd/go
cmd/go
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Security
Status: Open.
#74520
In golang/go;
·
rolandshoemaker
opened
on Jul 8, 2025
cmd/go: toolchain directive can point to file relative to go.mod with ADS on windows
GoCommand
cmd/go
cmd/go
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
OS-Windows
Security
Status: Open.
#71470
In golang/go;
·
rolandshoemaker
opened
on Jan 28, 2025
os/exec: LookPath considers paths containing ":" to be absolute on windows
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
OS-Windows
Security
Status: Open.
#71469
In golang/go;
·
rolandshoemaker
opened
on Jan 28, 2025
net/http: Redirect hardening
LibraryProposal
Issues describing a requested change to the Go standard library or x/ libraries, but not to a tool
Issues describing a requested change to the Go standard library or x/ libraries, but not to a tool
NeedsFix
The path to resolution is known, but the work has not been done.
The path to resolution is known, but the work has not been done.
Security
Status: Open.
#71161
In golang/go;
·
neild
opened
on Jan 7, 2025
·
Go1.26
You can’t perform that action at this time.