GO-2021-0068: Arbitrary code injection via the go command with cgo on Windows in cmd/go

  GO-2022-0177: Remote command execution via "go get" in cmd/go

  GO-2022-0201: Remote command execution via "go get" command with cgo in cmd/go

  GO-2022-0203: Remote command execution via "go get" command with "-insecure" option in cmd/go

  GO-2022-0475: Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo

  GO-2022-0476: Arbitrary code execution via the go command with cgo in cmd/go

  GO-2023-1839: Code injection via go command with cgo in cmd/go

  GO-2023-1841: Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go

  GO-2023-1842: Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go

  GO-2023-2095: Arbitrary code execution during build via line directives in cmd/go

  GO-2023-2383: Command 'go get' may unexpectedly fallback to insecure git in cmd/go

  GO-2024-2825: Arbitrary code execution during build on Darwin in cmd/go

  GO-2024-2962: Output of "go env" does not sanitize values in cmd/go

  GO-2025-3828: Unexpected command execution in untrusted VCS repositories in cmd/go

  GO-2026-4339: Arbitrary file write using cgo pkg-config directive in cmd/go