🚨 最新安全公告

• 🔴 GHSA-x527-x647-q7gg [critical] (2026-06-25)

golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement

详情

• 🔴 GHSA-5cgq-3rg8-m6cv [critical] (2026-06-25)

golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status

详情

• 🔴 GHSA-rm3j-f69w-wqmq [critical] (2026-06-25)

golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes

详情

• 🔴 GHSA-89gr-r52h-f8rx [critical] (2026-06-25)

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed

详情

• 🟠 GHSA-w879-237q-wc7r [high] (2026-06-25)

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS

详情

• 🔴 GHSA-vgwf-h737-ff37 [critical] (2026-06-25)

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses

详情

• ⚪ GHSA-qpw4-5x99-6vjp [medium] (2026-06-25)

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS

详情

• ⚪ GHSA-78mq-xcr3-xm33 [medium] (2026-06-25)

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

详情

• ⚪ GHSA-45gg-vh54-h5m9 [medium] (2026-06-25)

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions

详情

• 🟠 GHSA-q4h4-gmj2-qvw2 [high] (2026-06-25)

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic

详情

---

📡 数据来源: GitHub Security Advisories · 由 PingSec 安全日报自动生成