golang.org/x/net/html
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting golang.org/x/net/htmlpage 1 of 1
- CVE-2024-45338MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.33.02024-12-18
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
- CVE-2025-47911MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.45.02026-02-05
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Check whether golang.org/x/net/html is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for golang.org/x/net/html CVEs against the assets you own.
Start Free Scan →