Go
Skip to Main Content
  • Why Go submenu dropdown icon
    • Case Studies

      Common problems companies solve with Go

    • Use Cases

      Stories about how and why companies use Go

    • Security

      How Go can help keep you secure by default

  • Learn
  • Docs submenu dropdown icon
    • Effective Go

      Tips for writing clear, performant, and idiomatic Go code

    • Go User Manual

      A complete introduction to building software with Go

    • Standard library

      Reference documentation for Go's standard library

    • Release Notes

      Learn what's new in each Go release

    • API

      Reference documentation for the pkg.go.dev API

  • Packages
  • Community submenu dropdown icon
    • Recorded Talks

      Videos from prior events

    • Meetups

      Meet other local Go developers

    • Conferences

      Learn and network with Go developers from around the world

    • Go blog

      The Go project's official blog.

    • Go project

      Get help and stay informed from Go

    • Get connected

Go.
  • Why Go
    Why Go
    • Case Studies
    • Use Cases
    • Security
  • Learn
  • Docs
    Docs
    • Effective Go
    • Go User Manual
    • Standard library
    • Release Notes
    • API
  • Packages
  • Community
    Community
    • Recorded Talks
    • Meetups
    • Conferences
    • Go blog
    • Go project
    • Get connected
Alert  Affected by GO-2022-0540 and 55 other vulnerabilities
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2025-3380: Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server
Alert  GO-2025-4031: Guest user can discover active public channels in github.com/mattermost/mattermost-server
Alert  GO-2025-4047: Mattermost Server: initial_load API exposes unnecessary information in github.com/mattermost/mattermost-server
Alert  GO-2025-4061: Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server
Alert  GO-2025-4126: Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
Alert  GO-2025-4128: Mattermost does not enforce MFA on WebSocket connections in github.com/mattermost/mattermost-server
Alert  GO-2025-4131: Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
Alert  GO-2025-4146: Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server
Alert  GO-2025-4168: Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication in github.com/mattermost/mattermost-server
Alert  GO-2025-4169: Mattermost fails to sanitize team email addresses in github.com/mattermost/mattermost-server
Alert  GO-2025-4170: Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server
Alert  GO-2025-4172: Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
Alert  GO-2025-4178: Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
Alert  GO-2025-4183: CVE-2017-18870 in github.com/mattermost/mattermost-server
Alert  GO-2025-4248: Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
Alert  GO-2025-4256: Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
Alert  GO-2026-4275: Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira
Alert  GO-2026-4304: CVE-2017-18901 in github.com/mattermost/mattermost-server
Alert  GO-2026-4478: Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server
Alert  GO-2026-4487: Mattermost Server allows an attacker to specify a full pathname of a log file in github.com/mattermost/mattermost-server
Alert  GO-2026-4520: Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server
Alert  GO-2026-4520: Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server
Alert  GO-2026-4520: Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server
Alert  GO-2026-4520: Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server
Alert  GO-2026-4521: Mattermost fails to properly validate team membership when processing channel mentions in github.com/mattermost/mattermost-server
Alert  GO-2026-4521: Mattermost fails to properly validate team membership when processing channel mentions in github.com/mattermost/mattermost-server
Alert  GO-2026-4521: Mattermost fails to properly validate team membership when processing channel mentions in github.com/mattermost/mattermost-server
Alert  GO-2026-4521: Mattermost fails to properly validate team membership when processing channel mentions in github.com/mattermost/mattermost-server
Alert  GO-2026-4523: Mattermost fails to enforce invite permissions when updating team settings in github.com/mattermost/mattermost-server