Go Vulnerability Database

• CVE-2025-14764, GHSA-3g75-q268-r9r6
• Affects: github.com/aws/amazon-s3-encryption-client-go, github.com/aws/amazon-s3-encryption-client-go/v3, and 1 more
• Published: Dec 22, 2025
• Unreviewed

Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go

• CVE-2025-13352, GHSA-jf5h-xfw4-p8gp
• Affects: github.com/mattermost/mattermost, github.com/mattermost/mattermost-plugin-github, and 4 more
• Published: Dec 22, 2025
• Unreviewed

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/mattermost/mattermost before v10.11.7-0.20251106103514-3b05384dd014; github.com/mattermost/mattermost-server before v10.11.7-0.20251106103514-3b05384dd014.

• CVE-2025-68156, GHSA-cfpf-hrx2-8rv6
• Affects: github.com/expr-lang/expr
• Published: Dec 22, 2025

Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr

• CVE-2025-68274, GHSA-c623-f998-8hhv
• Affects: github.com/emiago/sipgo
• Published: Dec 22, 2025
• Unreviewed

SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference in github.com/emiago/sipgo

• GHSA-wh6m-h6f4-rjf4
• Affects: github.com/abhinavxd/libredesk
• Published: Dec 22, 2025
• Unreviewed

Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk