Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Golang
Http2

golang http2 Vulnerabilities: CVEs, CISA KEV & Security Advisories

6 CVEs

1 in CISA KEV

golang http2 Vulnerabilities

CVE security advisories and vulnerability history for http2 by golang.

6

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

1

Public exploits

With known exploit

7.5

Avg CVSS

2022–2026

Last updated May 7, 2026

Overview

golang http2 has 6 published CVE records since 2022, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 1 have a known public exploit. The average CVSS base score across scored CVEs is 7.5.

This page aggregates every publicly disclosed vulnerability (CVE) affecting golang http2, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of golang http2's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High4

Medium0

Low0

2 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of golang http2's CVEs is confirmed exploited in the wild.

Public exploits

1

One of golang http2's CVEs has a known public exploit available.

Affected versions and CVEs

Browse every golang http2 version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

0.17.02 CVEs
0.23.01 CVE
0.4.01 CVE
0.53.01 CVE
0.7.01 CVE

Find a version

6 CVEs

Sort

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
CVE-2026-33814
Patch
High · CVSS 7.5
EPSS 0.0% (5th pct)2026-05-07
HTTP/2 CONTINUATION flood in net/http
CVE-2023-45288
Patch
High · CVSS 7.5
EPSS 64.9% (98th pct)2024-04-04
HTTP/2 rapid reset can cause excessive work in net/http
CVE-2023-39325
Patch
Unscored
EPSS 0.1% (35th pct)2023-10-11
High vulnerability · 2023-10-10
CVE-2023-44487
CISA KEV
Public exploit
Patch
CWE-400
Added to CISA KEV 2023-10-10
High · CVSS 7.5
EPSS 94.4% (100th pct)2023-10-10
High vulnerability · 2023-02-28
CVE-2022-41723
Patch
High · CVSS 7.5
EPSS 0.2% (45th pct)2023-02-28
Vulnerability · 2022-12-08
CVE-2022-41717
Patch
Unscored
EPSS 0.3% (56th pct)2022-12-08

Common weakness types

The CWE weakness categories most often found in golang http2 CVEs. Follow any weakness for its full explanation.

CWE-400Uncontrolled Resource Consumption1 CVE

Disclosure activity by year

How many golang http2 CVEs were published each year.

2022

1

2023

3

2024

1

2026

1

Other golang products

Browse vulnerabilities for other products by golang.

go175 CVEs crypto21 CVEs net13 CVEs image6 CVEs text4 CVEs ssh3 CVEs networking2 CVEs tiff2 CVEs

All golang vulnerabilities

Frequently asked questions

Common questions about golang http2 vulnerabilities.

How many CVEs does golang http2 have?

golang http2 has 6 published CVE records since 2022.

How many golang http2 CVEs are in CISA KEV?

Yes — 1 of golang http2's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Are there public exploits for golang http2 vulnerabilities?

Yes — 1 of golang http2's CVEs have a known public exploit.

Which versions of golang http2 are affected?

5 distinct golang http2 versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in golang http2 CVEs?

golang http2's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption).

What is the average severity of golang http2 CVEs?

The average CVSS base score across golang http2's scored CVEs is 7.5.

References

All golang vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track golang http2 vulnerabilities

Monitor new golang http2 vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References