Vulnerability-Lookup

CVE-2025-68119 (GCVE-0-2025-68119)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-02-26 15:04

Title

Unexpected code execution when invoking toolchain in cmd/go

Summary

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

Severity

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

References

4 references

URL	Tags
https://go.dev/cl/736710
https://go.dev/issue/77099
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4338

Impacted products

1 product

Vendor	Product	Version
Go toolchain	cmd/go	Affected: 1.25.0 , < 1.25.6 (semver)

Credits

splitline (@splitline) from DEVCORE Research Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T04:55:55.432053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:45.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "cmd/go",
          "product": "cmd/go",
          "vendor": "Go toolchain",
          "versions": [
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "splitline (@splitline) from DEVCORE Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:30.704Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736710"
        },
        {
          "url": "https://go.dev/issue/77099"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4338"
        }
      ],
      "title": "Unexpected code execution when invoking toolchain in cmd/go"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68119",
    "datePublished": "2026-01-28T19:30:30.704Z",
    "dateReserved": "2025-12-15T16:48:04.450Z",
    "dateUpdated": "2026-02-26T15:04:45.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-68119",
      "date": "2026-06-28",
      "epss": "0.00335",
      "percentile": "0.25374"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68119\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-01-28T20:16:11.443\",\"lastModified\":\"2026-06-17T09:58:33.560\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.\"},{\"lang\":\"es\",\"value\":\"Descargar y construir m\u00f3dulos con cadenas de versi\u00f3n maliciosas puede causar la ejecuci\u00f3n de c\u00f3digo local. En sistemas con Mercurial (hg) instalado, descargar m\u00f3dulos de fuentes no est\u00e1ndar (por ejemplo, dominios personalizados) puede causar la ejecuci\u00f3n de c\u00f3digo inesperada debido a c\u00f3mo se construyen los comandos VCS externos. Este problema tambi\u00e9n puede ser provocado al proporcionar una cadena de versi\u00f3n maliciosa a la cadena de herramientas. En sistemas con Git instalado, descargar y construir m\u00f3dulos con cadenas de versi\u00f3n maliciosas puede permitir a un atacante escribir en archivos arbitrarios en el sistema de archivos. Esto solo puede ser provocado al proporcionar expl\u00edcitamente las cadenas de versi\u00f3n maliciosas a la cadena de herramientas y no afecta el uso de @latest o rutas de m\u00f3dulo bare.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go toolchain\",\"product\":\"cmd/go\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"cmd/go\",\"versions\":[{\"version\":\"1.25.0\",\"lessThan\":\"1.25.6\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-29T04:55:55.432053Z\",\"id\":\"CVE-2025-68119\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.12\",\"matchCriteriaId\":\"21FD9368-8AB3-404B-8599-BBF64EFE3C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.6\",\"matchCriteriaId\":\"A547E844-78D2-4B17-B7A9-73E7B503D2CE\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/736710\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77099\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4338\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68119\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T04:55:55.432053Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T16:16:35.294Z\"}}], \"cna\": {\"title\": \"Unexpected code execution when invoking toolchain in cmd/go\", \"credits\": [{\"lang\": \"en\", \"value\": \"splitline (@splitline) from DEVCORE Research Team\"}], \"affected\": [{\"vendor\": \"Go toolchain\", \"product\": \"cmd/go\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.6\", \"versionType\": \"semver\"}], \"packageName\": \"cmd/go\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://go.dev/cl/736710\"}, {\"url\": \"https://go.dev/issue/77099\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4338\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-01-28T19:30:30.704Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68119\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-29T16:16:38.174Z\", \"dateReserved\": \"2025-12-15T16:48:04.450Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-01-28T19:30:30.704Z\", \"assignerShortName\": \"Go\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

cleanstart-2026-yf74364

Vulnerability from cleanstart

Published

2026-04-15 00:54

Modified

2026-04-14 08:56

Summary

OpenTelemetry-Go is the Go implementation of OpenTelemetry

Details

Multiple security vulnerabilities affect the tempo package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-11065	WEB
	https://osv.dev/vulnerability/CVE-2025-22868	WEB
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61727	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-68119	WEB
	https://osv.dev/vulnerability/CVE-2026-24051	WEB
	https://osv.dev/vulnerability/CVE-2026-28377	WEB
	https://osv.dev/vulnerability/CVE-2026-32280	WEB
	https://osv.dev/vulnerability/CVE-2026-32281	WEB
	https://osv.dev/vulnerability/CVE-2026-32282	WEB
	https://osv.dev/vulnerability/CVE-2026-32283	WEB
	https://osv.dev/vulnerability/CVE-2026-32287	WEB
	https://osv.dev/vulnerability/CVE-2026-32289	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/CVE-2026-33810	WEB
	https://osv.dev/vulnerability/CVE-2026-39882	WEB
	https://osv.dev/vulnerability/CVE-2026-39883	WEB
	https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm	WEB
	https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq	WEB
	https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6	WEB
	https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv	WEB
	https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h	WEB
	https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx	WEB
	https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x	WEB
	https://osv.dev/vulnerability/ghsa-w8rr-5gcm-pp58	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-11065	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-22868	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61727	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68119	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24051	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-28377	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32280	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32282	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32283	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32287	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32289	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33810	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39882	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39883	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "tempo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.0-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the tempo package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YF74364",
  "modified": "2026-04-14T08:56:29Z",
  "published": "2026-04-15T00:54:10.649786Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YF74364.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-11065"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-22868"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61727"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-28377"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32287"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39882"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w8rr-5gcm-pp58"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11065"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28377"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39882"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenTelemetry-Go is the Go implementation of OpenTelemetry",
  "upstream": [
    "CVE-2025-11065",
    "CVE-2025-22868",
    "CVE-2025-61726",
    "CVE-2025-61727",
    "CVE-2025-61728",
    "CVE-2025-61729",
    "CVE-2025-61730",
    "CVE-2025-68119",
    "CVE-2026-24051",
    "CVE-2026-28377",
    "CVE-2026-32280",
    "CVE-2026-32281",
    "CVE-2026-32282",
    "CVE-2026-32283",
    "CVE-2026-32287",
    "CVE-2026-32289",
    "CVE-2026-33186",
    "CVE-2026-33810",
    "CVE-2026-39882",
    "CVE-2026-39883",
    "ghsa-2464-8j7c-4cjm",
    "ghsa-9h8m-3fm2-qjrq",
    "ghsa-cfpf-hrx2-8rv6",
    "ghsa-f6x5-jh6r-wrfv",
    "ghsa-fv92-fjc5-jj9h",
    "ghsa-hfvc-g4fc-pqhx",
    "ghsa-j5w8-q4qc-rx2x",
    "ghsa-w8rr-5gcm-pp58"
  ]
}

cleanstart-2026-yi36013

Vulnerability from cleanstart

Published

2026-04-10 00:41

Modified

2026-04-09 11:59

Summary

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Details

Multiple security vulnerabilities affect the prometheus-operator package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-61732	WEB
	https://osv.dev/vulnerability/CVE-2025-68119	WEB
	https://osv.dev/vulnerability/CVE-2025-68121	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-32280	WEB
	https://osv.dev/vulnerability/CVE-2026-32281	WEB
	https://osv.dev/vulnerability/CVE-2026-32282	WEB
	https://osv.dev/vulnerability/CVE-2026-32283	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61732	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68119	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32280	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32282	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32283	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "prometheus-operator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.87.1-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the prometheus-operator package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YI36013",
  "modified": "2026-04-09T11:59:42Z",
  "published": "2026-04-10T00:41:58.653078Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YI36013.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions",
  "upstream": [
    "CVE-2025-61726",
    "CVE-2025-61728",
    "CVE-2025-61730",
    "CVE-2025-61732",
    "CVE-2025-68119",
    "CVE-2025-68121",
    "CVE-2026-25679",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "CVE-2026-32280",
    "CVE-2026-32281",
    "CVE-2026-32282",
    "CVE-2026-32283"
  ]
}

cleanstart-2026-yl47233

Vulnerability from cleanstart

Published

2026-04-01 09:07

Modified

2026-03-28 10:27

Summary

Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 0.0.0_git20251231-r0, 0.0.0_git20251231-r1

Details

Multiple security vulnerabilities affect the envoy-ratelimit package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-47911	WEB
	https://osv.dev/vulnerability/CVE-2025-58190	WEB
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-61732	WEB
	https://osv.dev/vulnerability/CVE-2025-68119	WEB
	https://osv.dev/vulnerability/CVE-2025-68121	WEB
	https://osv.dev/vulnerability/CVE-2026-24051	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq	WEB
	https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47911	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61732	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68119	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24051	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "envoy-ratelimit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0_git20251231-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the envoy-ratelimit package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YL47233",
  "modified": "2026-03-28T10:27:12Z",
  "published": "2026-04-01T09:07:38.495100Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YL47233.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47911"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 0.0.0_git20251231-r0, 0.0.0_git20251231-r1",
  "upstream": [
    "CVE-2025-47911",
    "CVE-2025-58190",
    "CVE-2025-61726",
    "CVE-2025-61728",
    "CVE-2025-61730",
    "CVE-2025-61732",
    "CVE-2025-68119",
    "CVE-2025-68121",
    "CVE-2026-24051",
    "CVE-2026-25679",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "CVE-2026-33186",
    "ghsa-9h8m-3fm2-qjrq",
    "ghsa-p77j-4mvh-x3m3"
  ]
}

cleanstart-2026-yr14817

Vulnerability from cleanstart

Published

2026-04-01 09:21

Modified

2026-03-25 05:33

Summary

Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 1.3.2-r0

Details

Multiple security vulnerabilities affect the certificate-transparency-trillian-ctserver package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-68119	WEB
	https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv	WEB
	https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68119	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "certificate-transparency-trillian-ctserver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the certificate-transparency-trillian-ctserver package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YR14817",
  "modified": "2026-03-25T05:33:14Z",
  "published": "2026-04-01T09:21:38.480539Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YR14817.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 1.3.2-r0",
  "upstream": [
    "CVE-2025-61726",
    "CVE-2025-61728",
    "CVE-2025-61730",
    "CVE-2025-68119",
    "ghsa-f6x5-jh6r-wrfv",
    "ghsa-j5w8-q4qc-rx2x"
  ]
}

cleanstart-2026-ys46680

Vulnerability from cleanstart

Published

2026-04-01 10:04

Modified

2026-03-09 13:33

Summary

Security fixes for CVE-2019-25210, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, ghsa-q9hv-hpm4-hj6x applied in versions: 3.19.0-r0, 4.0.0-r0, 4.0.1-r0, 4.0.1-r1

Details

Multiple security vulnerabilities affect the helm package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2019-25210	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-61732	WEB
	https://osv.dev/vulnerability/CVE-2025-68119	WEB
	https://osv.dev/vulnerability/CVE-2025-68121	WEB
	https://osv.dev/vulnerability/CVE-2026-1229	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-27137	WEB
	https://osv.dev/vulnerability/CVE-2026-27138	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-25210	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61732	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68119	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1229	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27138	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "helm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.1-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the helm package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YS46680",
  "modified": "2026-03-09T13:33:56Z",
  "published": "2026-04-01T10:04:11.588541Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YS46680.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-25210"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25210"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2019-25210, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, ghsa-q9hv-hpm4-hj6x applied in versions: 3.19.0-r0, 4.0.0-r0, 4.0.1-r0, 4.0.1-r1",
  "upstream": [
    "CVE-2019-25210",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61726",
    "CVE-2025-61728",
    "CVE-2025-61729",
    "CVE-2025-61730",
    "CVE-2025-61732",
    "CVE-2025-68119",
    "CVE-2025-68121",
    "CVE-2026-1229",
    "CVE-2026-25679",
    "CVE-2026-27137",
    "CVE-2026-27138",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "ghsa-q9hv-hpm4-hj6x"
  ]
}

CNVD-2026-10650

Vulnerability from cnvd - Published: 2026-02-09

Title

Google Go代码执行漏洞（CNVD-2026-10650）

Description

Google Go是美国谷歌（Google）公司的一种静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go存在代码执行漏洞，该漏洞是由于在处理cmd/Go包中不受信任的模块源或恶意版本字符串时，外部VCS命令的不安全构造造成的。攻击者可利用该漏洞在系统上执行任意代码。

Severity

中

Patch Name

Google Go代码执行漏洞（CNVD-2026-10650）的补丁

Patch Description

Google Go是美国谷歌（Google）公司的一种静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go存在代码执行漏洞，该漏洞是由于在处理cmd/Go包中不受信任的模块源或恶意版本字符串时，外部VCS命令的不安全构造造成的。攻击者可利用该漏洞在系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://go.dev/dl/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-68119

Impacted products

Name
['Google GO >=1.25.0，<1.25.6', 'Google GO <1.24.12']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-68119",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    }
  },
  "description": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\n\nGoogle Go\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5904\u7406cmd/Go\u5305\u4e2d\u4e0d\u53d7\u4fe1\u4efb\u7684\u6a21\u5757\u6e90\u6216\u6076\u610f\u7248\u672c\u5b57\u7b26\u4e32\u65f6\uff0c\u5916\u90e8VCS\u547d\u4ee4\u7684\u4e0d\u5b89\u5168\u6784\u9020\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://go.dev/dl/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-10650",
  "openTime": "2026-02-09",
  "patchDescription": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nGoogle Go\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5904\u7406cmd/Go\u5305\u4e2d\u4e0d\u53d7\u4fe1\u4efb\u7684\u6a21\u5757\u6e90\u6216\u6076\u610f\u7248\u672c\u5b57\u7b26\u4e32\u65f6\uff0c\u5916\u90e8VCS\u547d\u4ee4\u7684\u4e0d\u5b89\u5168\u6784\u9020\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Go\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2026-10650\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google GO \u003e=1.25.0\uff0c\u003c1.25.6",
      "Google GO \u003c1.24.12"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
  "serverity": "\u4e2d",
  "submitTime": "2026-02-05",
  "title": "Google Go\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2026-10650\uff09"
}

FKIE_CVE-2025-68119

Vulnerability from fkie_nvd - Published: 2026-01-28 20:16 - Updated: 2026-06-17 09:58

Severity

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@golang.org	https://go.dev/cl/736710	Patch
security@golang.org	https://go.dev/issue/77099	Issue Tracking, Patch
security@golang.org	https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc	Mailing List, Release Notes
security@golang.org	https://pkg.go.dev/vuln/GO-2026-4338	Vendor Advisory

Impacted products

	Vendor	Product	Version
	golang	go	*
	golang	go	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "cmd/go",
          "product": "cmd/go",
          "vendor": "Go toolchain",
          "versions": [
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "security@golang.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FD9368-8AB3-404B-8599-BBF64EFE3C7B",
              "versionEndExcluding": "1.24.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A547E844-78D2-4B17-B7A9-73E7B503D2CE",
              "versionEndExcluding": "1.25.6",
              "versionStartIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths."
    },
    {
      "lang": "es",
      "value": "Descargar y construir m\u00f3dulos con cadenas de versi\u00f3n maliciosas puede causar la ejecuci\u00f3n de c\u00f3digo local. En sistemas con Mercurial (hg) instalado, descargar m\u00f3dulos de fuentes no est\u00e1ndar (por ejemplo, dominios personalizados) puede causar la ejecuci\u00f3n de c\u00f3digo inesperada debido a c\u00f3mo se construyen los comandos VCS externos. Este problema tambi\u00e9n puede ser provocado al proporcionar una cadena de versi\u00f3n maliciosa a la cadena de herramientas. En sistemas con Git instalado, descargar y construir m\u00f3dulos con cadenas de versi\u00f3n maliciosas puede permitir a un atacante escribir en archivos arbitrarios en el sistema de archivos. Esto solo puede ser provocado al proporcionar expl\u00edcitamente las cadenas de versi\u00f3n maliciosas a la cadena de herramientas y no afecta el uso de @latest o rutas de m\u00f3dulo bare."
    }
  ],
  "id": "CVE-2025-68119",
  "lastModified": "2026-06-17T09:58:33.560",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-68119",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-01-29T04:55:55.432053Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-01-28T20:16:11.443",
  "references": [
    {
      "source": "security@golang.org",
      "tags": [
        "Patch"
      ],
      "url": "https://go.dev/cl/736710"
    },
    {
      "source": "security@golang.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://go.dev/issue/77099"
    },
    {
      "source": "security@golang.org",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
    },
    {
      "source": "security@golang.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pkg.go.dev/vuln/GO-2026-4338"
    }
  ],
  "sourceIdentifier": "security@golang.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CM6P-QC7V-M3JW

Vulnerability from github – Published: 2026-01-28 21:31 – Updated: 2026-01-29 18:31

Details

Severity

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-68119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-28T20:16:11Z",
    "severity": "HIGH"
  },
  "details": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
  "id": "GHSA-cm6p-qc7v-m3jw",
  "modified": "2026-01-29T18:31:42Z",
  "published": "2026-01-28T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/736710"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/77099"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-4338"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

OPENSUSE-SU-2026:10063-1

Vulnerability from csaf_opensuse - Published: 2026-01-18 00:00 - Updated: 2026-01-18 00:00

Summary

go1.24-1.24.12-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: go1.24-1.24.12-1.1 on GA media

Description of the patch: These are all security issues fixed in the go1.24-1.24.12-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10063

CVE-2025-61726

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61728

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61730

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61731

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-68119

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-68121

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

20 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-61726/	self
https://www.suse.com/security/cve/CVE-2025-61728/	self
https://www.suse.com/security/cve/CVE-2025-61730/	self
https://www.suse.com/security/cve/CVE-2025-61731/	self
https://www.suse.com/security/cve/CVE-2025-68119/	self
https://www.suse.com/security/cve/CVE-2025-68121/	self
https://www.suse.com/security/cve/CVE-2025-61726	external
https://bugzilla.suse.com/1256817	external
https://www.suse.com/security/cve/CVE-2025-61728	external
https://bugzilla.suse.com/1256816	external
https://www.suse.com/security/cve/CVE-2025-61730	external
https://bugzilla.suse.com/1256821	external
https://www.suse.com/security/cve/CVE-2025-61731	external
https://bugzilla.suse.com/1256819	external
https://www.suse.com/security/cve/CVE-2025-68119	external
https://bugzilla.suse.com/1256820	external
https://www.suse.com/security/cve/CVE-2025-68121	external
https://bugzilla.suse.com/1256818	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "go1.24-1.24.12-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the go1.24-1.24.12-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10063",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10063-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61726 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61726/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61728 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61728/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61730 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61730/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61731 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61731/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-68119 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-68119/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-68121 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-68121/"
      }
    ],
    "title": "go1.24-1.24.12-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-01-18T00:00:00Z",
      "generator": {
        "date": "2026-01-18T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10063-1",
      "initial_release_date": "2026-01-18T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-01-18T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.24-1.24.12-1.1.aarch64",
                "product": {
                  "name": "go1.24-1.24.12-1.1.aarch64",
                  "product_id": "go1.24-1.24.12-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-doc-1.24.12-1.1.aarch64",
                "product": {
                  "name": "go1.24-doc-1.24.12-1.1.aarch64",
                  "product_id": "go1.24-doc-1.24.12-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-libstd-1.24.12-1.1.aarch64",
                "product": {
                  "name": "go1.24-libstd-1.24.12-1.1.aarch64",
                  "product_id": "go1.24-libstd-1.24.12-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-race-1.24.12-1.1.aarch64",
                "product": {
                  "name": "go1.24-race-1.24.12-1.1.aarch64",
                  "product_id": "go1.24-race-1.24.12-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.24-1.24.12-1.1.ppc64le",
                "product": {
                  "name": "go1.24-1.24.12-1.1.ppc64le",
                  "product_id": "go1.24-1.24.12-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-doc-1.24.12-1.1.ppc64le",
                "product": {
                  "name": "go1.24-doc-1.24.12-1.1.ppc64le",
                  "product_id": "go1.24-doc-1.24.12-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-libstd-1.24.12-1.1.ppc64le",
                "product": {
                  "name": "go1.24-libstd-1.24.12-1.1.ppc64le",
                  "product_id": "go1.24-libstd-1.24.12-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-race-1.24.12-1.1.ppc64le",
                "product": {
                  "name": "go1.24-race-1.24.12-1.1.ppc64le",
                  "product_id": "go1.24-race-1.24.12-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.24-1.24.12-1.1.s390x",
                "product": {
                  "name": "go1.24-1.24.12-1.1.s390x",
                  "product_id": "go1.24-1.24.12-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-doc-1.24.12-1.1.s390x",
                "product": {
                  "name": "go1.24-doc-1.24.12-1.1.s390x",
                  "product_id": "go1.24-doc-1.24.12-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-libstd-1.24.12-1.1.s390x",
                "product": {
                  "name": "go1.24-libstd-1.24.12-1.1.s390x",
                  "product_id": "go1.24-libstd-1.24.12-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-race-1.24.12-1.1.s390x",
                "product": {
                  "name": "go1.24-race-1.24.12-1.1.s390x",
                  "product_id": "go1.24-race-1.24.12-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.24-1.24.12-1.1.x86_64",
                "product": {
                  "name": "go1.24-1.24.12-1.1.x86_64",
                  "product_id": "go1.24-1.24.12-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-doc-1.24.12-1.1.x86_64",
                "product": {
                  "name": "go1.24-doc-1.24.12-1.1.x86_64",
                  "product_id": "go1.24-doc-1.24.12-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-libstd-1.24.12-1.1.x86_64",
                "product": {
                  "name": "go1.24-libstd-1.24.12-1.1.x86_64",
                  "product_id": "go1.24-libstd-1.24.12-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.24-race-1.24.12-1.1.x86_64",
                "product": {
                  "name": "go1.24-race-1.24.12-1.1.x86_64",
                  "product_id": "go1.24-race-1.24.12-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64"
        },
        "product_reference": "go1.24-1.24.12-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le"
        },
        "product_reference": "go1.24-1.24.12-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x"
        },
        "product_reference": "go1.24-1.24.12-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64"
        },
        "product_reference": "go1.24-1.24.12-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-doc-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64"
        },
        "product_reference": "go1.24-doc-1.24.12-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-doc-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le"
        },
        "product_reference": "go1.24-doc-1.24.12-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-doc-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x"
        },
        "product_reference": "go1.24-doc-1.24.12-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-doc-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64"
        },
        "product_reference": "go1.24-doc-1.24.12-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-libstd-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64"
        },
        "product_reference": "go1.24-libstd-1.24.12-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-libstd-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le"
        },
        "product_reference": "go1.24-libstd-1.24.12-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-libstd-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x"
        },
        "product_reference": "go1.24-libstd-1.24.12-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-libstd-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64"
        },
        "product_reference": "go1.24-libstd-1.24.12-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-race-1.24.12-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64"
        },
        "product_reference": "go1.24-race-1.24.12-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-race-1.24.12-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le"
        },
        "product_reference": "go1.24-race-1.24.12-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-race-1.24.12-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x"
        },
        "product_reference": "go1.24-race-1.24.12-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.24-race-1.24.12-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        },
        "product_reference": "go1.24-race-1.24.12-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61726",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61726"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61726",
          "url": "https://www.suse.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256817 for CVE-2025-61726",
          "url": "https://bugzilla.suse.com/1256817"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61726"
    },
    {
      "cve": "CVE-2025-61728",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61728"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61728",
          "url": "https://www.suse.com/security/cve/CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256816 for CVE-2025-61728",
          "url": "https://bugzilla.suse.com/1256816"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61728"
    },
    {
      "cve": "CVE-2025-61730",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61730"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61730",
          "url": "https://www.suse.com/security/cve/CVE-2025-61730"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256821 for CVE-2025-61730",
          "url": "https://bugzilla.suse.com/1256821"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61730"
    },
    {
      "cve": "CVE-2025-61731",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61731"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61731",
          "url": "https://www.suse.com/security/cve/CVE-2025-61731"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256819 for CVE-2025-61731",
          "url": "https://bugzilla.suse.com/1256819"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-61731"
    },
    {
      "cve": "CVE-2025-68119",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-68119"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-68119",
          "url": "https://www.suse.com/security/cve/CVE-2025-68119"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256820 for CVE-2025-68119",
          "url": "https://bugzilla.suse.com/1256820"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-68119"
    },
    {
      "cve": "CVE-2025-68121",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-68121"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
          "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-68121",
          "url": "https://www.suse.com/security/cve/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256818 for CVE-2025-68121",
          "url": "https://bugzilla.suse.com/1256818"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-doc-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-libstd-1.24.12-1.1.x86_64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.aarch64",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.s390x",
            "openSUSE Tumbleweed:go1.24-race-1.24.12-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-68121"
    }
  ]
}

OPENSUSE-SU-2026:10064-1

Vulnerability from csaf_opensuse - Published: 2026-01-18 00:00 - Updated: 2026-01-18 00:00

Summary

go1.25-1.25.6-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: go1.25-1.25.6-1.1 on GA media

Description of the patch: These are all security issues fixed in the go1.25-1.25.6-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10064

CVE-2025-61726

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61728

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61730

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61731

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-68119

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2025-68121

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

20 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-61726/	self
https://www.suse.com/security/cve/CVE-2025-61728/	self
https://www.suse.com/security/cve/CVE-2025-61730/	self
https://www.suse.com/security/cve/CVE-2025-61731/	self
https://www.suse.com/security/cve/CVE-2025-68119/	self
https://www.suse.com/security/cve/CVE-2025-68121/	self
https://www.suse.com/security/cve/CVE-2025-61726	external
https://bugzilla.suse.com/1256817	external
https://www.suse.com/security/cve/CVE-2025-61728	external
https://bugzilla.suse.com/1256816	external
https://www.suse.com/security/cve/CVE-2025-61730	external
https://bugzilla.suse.com/1256821	external
https://www.suse.com/security/cve/CVE-2025-61731	external
https://bugzilla.suse.com/1256819	external
https://www.suse.com/security/cve/CVE-2025-68119	external
https://bugzilla.suse.com/1256820	external
https://www.suse.com/security/cve/CVE-2025-68121	external
https://bugzilla.suse.com/1256818	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "go1.25-1.25.6-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the go1.25-1.25.6-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10064",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10064-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61726 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61726/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61728 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61728/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61730 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61730/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61731 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61731/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-68119 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-68119/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-68121 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-68121/"
      }
    ],
    "title": "go1.25-1.25.6-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-01-18T00:00:00Z",
      "generator": {
        "date": "2026-01-18T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10064-1",
      "initial_release_date": "2026-01-18T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-01-18T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.25-1.25.6-1.1.aarch64",
                "product": {
                  "name": "go1.25-1.25.6-1.1.aarch64",
                  "product_id": "go1.25-1.25.6-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-doc-1.25.6-1.1.aarch64",
                "product": {
                  "name": "go1.25-doc-1.25.6-1.1.aarch64",
                  "product_id": "go1.25-doc-1.25.6-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-libstd-1.25.6-1.1.aarch64",
                "product": {
                  "name": "go1.25-libstd-1.25.6-1.1.aarch64",
                  "product_id": "go1.25-libstd-1.25.6-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-race-1.25.6-1.1.aarch64",
                "product": {
                  "name": "go1.25-race-1.25.6-1.1.aarch64",
                  "product_id": "go1.25-race-1.25.6-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.25-1.25.6-1.1.ppc64le",
                "product": {
                  "name": "go1.25-1.25.6-1.1.ppc64le",
                  "product_id": "go1.25-1.25.6-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-doc-1.25.6-1.1.ppc64le",
                "product": {
                  "name": "go1.25-doc-1.25.6-1.1.ppc64le",
                  "product_id": "go1.25-doc-1.25.6-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-libstd-1.25.6-1.1.ppc64le",
                "product": {
                  "name": "go1.25-libstd-1.25.6-1.1.ppc64le",
                  "product_id": "go1.25-libstd-1.25.6-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-race-1.25.6-1.1.ppc64le",
                "product": {
                  "name": "go1.25-race-1.25.6-1.1.ppc64le",
                  "product_id": "go1.25-race-1.25.6-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.25-1.25.6-1.1.s390x",
                "product": {
                  "name": "go1.25-1.25.6-1.1.s390x",
                  "product_id": "go1.25-1.25.6-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-doc-1.25.6-1.1.s390x",
                "product": {
                  "name": "go1.25-doc-1.25.6-1.1.s390x",
                  "product_id": "go1.25-doc-1.25.6-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-libstd-1.25.6-1.1.s390x",
                "product": {
                  "name": "go1.25-libstd-1.25.6-1.1.s390x",
                  "product_id": "go1.25-libstd-1.25.6-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-race-1.25.6-1.1.s390x",
                "product": {
                  "name": "go1.25-race-1.25.6-1.1.s390x",
                  "product_id": "go1.25-race-1.25.6-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.25-1.25.6-1.1.x86_64",
                "product": {
                  "name": "go1.25-1.25.6-1.1.x86_64",
                  "product_id": "go1.25-1.25.6-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-doc-1.25.6-1.1.x86_64",
                "product": {
                  "name": "go1.25-doc-1.25.6-1.1.x86_64",
                  "product_id": "go1.25-doc-1.25.6-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-libstd-1.25.6-1.1.x86_64",
                "product": {
                  "name": "go1.25-libstd-1.25.6-1.1.x86_64",
                  "product_id": "go1.25-libstd-1.25.6-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.25-race-1.25.6-1.1.x86_64",
                "product": {
                  "name": "go1.25-race-1.25.6-1.1.x86_64",
                  "product_id": "go1.25-race-1.25.6-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64"
        },
        "product_reference": "go1.25-1.25.6-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le"
        },
        "product_reference": "go1.25-1.25.6-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x"
        },
        "product_reference": "go1.25-1.25.6-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64"
        },
        "product_reference": "go1.25-1.25.6-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-doc-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64"
        },
        "product_reference": "go1.25-doc-1.25.6-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-doc-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le"
        },
        "product_reference": "go1.25-doc-1.25.6-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-doc-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x"
        },
        "product_reference": "go1.25-doc-1.25.6-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-doc-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64"
        },
        "product_reference": "go1.25-doc-1.25.6-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-libstd-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64"
        },
        "product_reference": "go1.25-libstd-1.25.6-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-libstd-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le"
        },
        "product_reference": "go1.25-libstd-1.25.6-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-libstd-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x"
        },
        "product_reference": "go1.25-libstd-1.25.6-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-libstd-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64"
        },
        "product_reference": "go1.25-libstd-1.25.6-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-race-1.25.6-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64"
        },
        "product_reference": "go1.25-race-1.25.6-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-race-1.25.6-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le"
        },
        "product_reference": "go1.25-race-1.25.6-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-race-1.25.6-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x"
        },
        "product_reference": "go1.25-race-1.25.6-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.25-race-1.25.6-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        },
        "product_reference": "go1.25-race-1.25.6-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61726",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61726"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61726",
          "url": "https://www.suse.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256817 for CVE-2025-61726",
          "url": "https://bugzilla.suse.com/1256817"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61726"
    },
    {
      "cve": "CVE-2025-61728",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61728"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61728",
          "url": "https://www.suse.com/security/cve/CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256816 for CVE-2025-61728",
          "url": "https://bugzilla.suse.com/1256816"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61728"
    },
    {
      "cve": "CVE-2025-61730",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61730"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61730",
          "url": "https://www.suse.com/security/cve/CVE-2025-61730"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256821 for CVE-2025-61730",
          "url": "https://bugzilla.suse.com/1256821"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61730"
    },
    {
      "cve": "CVE-2025-61731",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61731"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61731",
          "url": "https://www.suse.com/security/cve/CVE-2025-61731"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256819 for CVE-2025-61731",
          "url": "https://bugzilla.suse.com/1256819"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-61731"
    },
    {
      "cve": "CVE-2025-68119",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-68119"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-68119",
          "url": "https://www.suse.com/security/cve/CVE-2025-68119"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256820 for CVE-2025-68119",
          "url": "https://bugzilla.suse.com/1256820"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-68119"
    },
    {
      "cve": "CVE-2025-68121",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-68121"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
          "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-68121",
          "url": "https://www.suse.com/security/cve/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256818 for CVE-2025-68121",
          "url": "https://bugzilla.suse.com/1256818"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-doc-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-libstd-1.25.6-1.1.x86_64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.aarch64",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.s390x",
            "openSUSE Tumbleweed:go1.25-race-1.25.6-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-68121"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-68119 (GCVE-0-2025-68119)

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature