Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS02djJwLXA1NDMtcGhyOc4ABKRz

High EPSS: 0.00065% (0.20634 Percentile) EPSS:
Permalink JSON

golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

Affected Packages Affected Versions Fixed Versions
go:golang.org/x/oauth2 < 0.27.0 0.27.0
36,322 Dependent packages
163,003 Dependent repositories

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0

All unaffected versions

0.27.0, 0.28.0, 0.29.0, 0.30.0

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

References:

Identifiers

GHSA-6v2p-p543-phr9

CVE-2025-22868

Risk

Severity

High

EPSS

EPSS Percentage: 0.00065

EPSS Percentile: 0.20634

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

11 days ago

Updated

11 days ago

API

JSON