What is the Go CNA?
Go is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 162 CVE records since 2020.
How many CVEs has Go published?
Go has published 162 CVE records, including 68 in the last two years.
What is Go's CVE data quality grade?
RadicalNotion.AI grades Go's CVE data quality as F, with an overall completeness score of 53.7%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (0%), and CWE (14.8%) information.
What products does Go publish CVEs for?
Go most frequently publishes CVEs for go, golang, stdlib, cmd/go, net/http.
Which vendors does Go cover?
Go publishes CVEs across 47 distinct vendors, most often golang, Go standard library, Go, Bitnami, golang.org.
Is Go actively publishing CVEs?
Go is currently active, based on 68 CVEs in the last two years.
How many critical CVEs has Go published?
Go has published 30 critical-severity CVEs and 86 high-severity CVEs.
Are any of Go's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Go's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Go's CVEs?
Go's CVEs most often map to these CWE weakness types: CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-94 (Improper Control of Generation of Code ('Code Injection')), CWE-674 (Uncontrolled Recursion), CWE-400 (Uncontrolled Resource Consumption).
How does Go rank among CNAs?
By total CVE volume, Go ranks #95 of 370 CNAs, and it reports more complete CVE records than 8% of all CNAs.
