[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2026:20496-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":62,"epss":9,"epss_history":63,"metrics":64,"affected":65},"OPENSUSE-SU-2026:20496-1","Security update for go1.25\n\nThis update for go1.25 fixes the following issues:\n\nUpdate to go1.25.8 (bsc#1244485):\n\n- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).\n- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).\n- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).\n\nChangelog:\n\n* go#77253 cmd/compile: miscompile of global array initialization\n* go#77406 os: Go 1.25.x regression on RemoveAll for windows\n* go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd\n* go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in\n  pkg-config\n* go#77531 net/smtp: expiry date of localhostCert for testing is too short\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2026-25679",{"_key":17},"CVE-2026-27139",{"_key":19},"CVE-2026-27142",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2026-04-16T07:24:09Z","2026-04-22T18:26:27.879469Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,41,45,49,54,58],{"url":32,"sources":33,"tags":35},"https://bugzilla.suse.com/1244485",[34],"osv_opensuse",[36],"REPORT",{"url":38,"sources":39,"tags":40},"https://bugzilla.suse.com/1259264",[34],[36],{"url":42,"sources":43,"tags":44},"https://bugzilla.suse.com/1259265",[34],[36],{"url":46,"sources":47,"tags":48},"https://bugzilla.suse.com/1259268",[34],[36],{"url":50,"sources":51,"tags":52},"https://www.suse.com/security/cve/CVE-2026-25679",[34],[53],"WEB",{"url":55,"sources":56,"tags":57},"https://www.suse.com/security/cve/CVE-2026-27139",[34],[53],{"url":59,"sources":60,"tags":61},"https://www.suse.com/security/cve/CVE-2026-27142",[34],[53],[],[],[],[66],{"ecosystem":67,"name":68,"vendor":69,"product":70,"cpe_part":9,"purl_type":71,"purl_namespace":69,"purl_name":70,"source":9,"versions":72},"openSUSE","go1.25","opensuse","go1.25&distro=openSUSE Leap 16.0","rpm",[73],{"version":74,"is_range":75,"range_type":76,"version_start":9,"version_start_type":9,"version_end":77,"version_end_type":78,"fixed_in":9},"lt1_25_8_160000_1_1",true,"ecosystem","1.25.8-160000.1.1","excluding"]