Golang.Org X Net Golang.Org X Net Html vulnerabilities

CVE-2025-58190 [MEDIUM] CWE-835 CVE-2025-58190: The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certai The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

CVE-2025-47911 [MEDIUM] CVE-2025-47911: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing ce The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

CVE-2025-22872 [MEDIUM] CVE-2025-22872: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus cha The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM

CVE-2024-45338 [MEDIUM] CWE-1333 CVE-2024-45338: An attacker can craft an input to the Parse functions that would be processed non-linearly with resp An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

CVE-2023-3978 [MEDIUM] CWE-79 CVE-2023-3978: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should b Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.