products / go

Go

Go uses cpe:2.3:a:golang:go in NVD. CVE volume has grown since the Go security team formalised CVE assignments; HTTP/2 rapid reset class issues are representative of modern exposure. Verify non-sentinel count with scripts/test_nvd.py.

api usage

Querying Go

product sluggo

version format1.20.0, 1.23.0, semver

bash

curl "https://api.attestd.io/v1/check?product=go&version=1.20.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

json

{
  "product": "go",
  "version": "1.20.0",
  "supported": true,
  "risk_state": "high",
  "risk_factors": [
    "denial_of_service",
    "patch_available",
    "internet_exposed_service"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "1.20.10",
  "confidence": 0.78,
  "cve_ids": ["CVE-2023-39325", "CVE-2024-24790"],
  "last_updated": "2026-05-13T18:00:00Z",
  "supply_chain": null
}

safe version

bash

curl "https://api.attestd.io/v1/check?product=go&version=1.23.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	CVSS
`CVE-2023-39325`	HTTP/2 rapid reset / stream exhaustion class issue in net/http.	7.5
`CVE-2024-24790`	Incorrect parsing of IPv4-in-IPv6 addresses in net/netip.	9.8

All products Rust Node.js Response Field Reference