seankhliao
commented
2 months ago cc @golang/security
Open FiloSottile opened 2 months ago
seankhliao
commented
2 months ago cc @golang/security
rolandshoemaker
commented
2 months ago Seems like a reasonable addition.
tatianab
commented
2 months ago Agree that this would be nice!
As a workaround, you can use the following searches to get something close:
https://pkg.go.dev/search?q=stdlib&m=vuln https://pkg.go.dev/search?q=toolchain&m=vuln https://pkg.go.dev/search?q=golang.org&m=vuln
There is no page that lists all the CVEs that were fixed in Go, as far as I know, and the CVE database is kinda hard to map to packages and Go releases. It feels like it would be an easy addition to doc/devel/release, at least going forward.