There are several CVEs that are present in the current project's Go version (v1.25.9) in Go's standard library.
Updating to v1.25.10 fixes these:
NAME INSTALLED FIXED IN TYPE VULNERABILITY SEVERITY EPSS % RISK
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39820 High 17.07 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-42499 High 6.46 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39836 High 5.73 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-33814 High 5.08 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-33811 High 4.35 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39826 Medium 2.02 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39825 Medium 1.75 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-42501 High 0.78 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39823 Medium 1.24 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39819 Medium 0.87 < 0.1
stdlib go1.25.9 1.25.10, 1.26.3 go-module CVE-2026-39817 Medium 0.25 < 0.1
Also, updating a package clears another CVE:
NAME INSTALLED FIXED IN TYPE VULNERABILITY SEVERITY EPSS % RISK
golang.org/x/image v0.33.0 0.38.0 go-module GHSA-44p7-9xx4-hf2g Medium 2.16 < 0.1
There are several CVEs that are present in the current project's Go version (
v1.25.9) in Go's standard library.Updating to
v1.25.10fixes these:Also, updating a package clears another CVE:
NAME INSTALLED FIXED IN TYPE VULNERABILITY SEVERITY EPSS % RISK golang.org/x/image v0.33.0 0.38.0 go-module GHSA-44p7-9xx4-hf2g Medium 2.16 < 0.1