Open FiloSottile opened 2 months ago
cc @golang/security
Seems like a reasonable addition.
Agree that this would be nice!
As a workaround, you can use the following searches to get something close:
https://pkg.go.dev/search?q=stdlib&m=vuln https://pkg.go.dev/search?q=toolchain&m=vuln https://pkg.go.dev/search?q=golang.org&m=vuln
There is no page that lists all the CVEs that were fixed in Go, as far as I know, and the CVE database is kinda hard to map to packages and Go releases. It feels like it would be an easy addition to doc/devel/release, at least going forward.