Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
202
security advisorymoderateupdateopenSUSE 2026 gosec Moderate Update for CVE-2025-22891 Available Now
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for gosec ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0167-1 Rating: moderate References: Cross-References: CVE-2025-22891 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gosec fixes the following issues: - Update to version 2.26.1: * Update cosign to v3.0.6 (#1659) * Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658) * Update all dependencies (#1657) * Add G710 rule for open redirect via taint analysis (#1654) * Fix formatting * Update the default models use by autofix and phase out the older models * Format and clean-up the README * Add HTTP file-serving function to the skins of pathtraversal analyzer (#1647) * Skip flaging the TLS min version for go 1.18+ (#1646) * chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (#1645) * Added filepath.Abs as a sanitizer (#1643) * Allow rune to byte conversion (#1642) * Allow platform specific conversions (#1641) * chore(deps): update all dependencies (#1639) * chore(deps): update all dependencies (#1634) * chore(go): update supported Go versions to 1.25.9 and 1.26.2 (#1633) * Fix: Bump go-version: 1.25.8 to 1.25.9 in ci (#1632) * fix(taint): gate *http.Request auto-taint on entry-point detection (#1630) * chore(deps): update all dependencies (#1631) * Added a visited cycle-detection guard in the *ssa.Phi case (#1626) * chore(deps): update all dependencies (#1625) * fix(G706): scope slog sinks to msg arg only to prevent false positives on structured attributes (#1623) * Gate the AI security review by thesecurity-review environment (#1621) * Fix anthropic autofix after dependencies update (#1620) * chore(deps): update all dependencies (#1619) * chore(action): bump gosec to 2.25.0 (#1618) - Update to version 2.25.0: * chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617) * fix: allow barry action to access secrets on fork PRs (#1616) * fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615) * Add barry security scanner as a step in the CI (#1612) * chore(deps): update all dependencies (#1611) * fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610) * Add some skills for claude code to automate some tasks (#1609) * Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606) * fix: skip SSA analysis on ill-typed packages to prevent panic (#1607) * Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605) * fix(G118): eliminate false positive for package-level cancel variables (#1602) * feat: add G124 rule for insecure HTTP cookie configuration (#1599) * feat: add G709 rule for unsafe deserialization of untrusted data (#1598) * feat: add G708 rule for server-side template injection via text/template (#1597) * fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596) * Fix infinite recursion in interprocedural taint analysis (#1594) * Fix G118 false positive when cancel is stored in returned struct field (#1593) * Fix G118 false positive on cancel called inside goroutine closure (#1592) * fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589) * chore(deps): update all dependencies (#1588) * fix(G118): treat returned cancel func as called (fixes #1584) (#1585) * chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583) * Updatethe README with the correct version of the Github action for gosec (#1582) * chore(deps): update all dependencies (#1579) * Fix G115 false positives for guarded int64-to-byte conversions (#1578) * Update the container image migration notice (#1576) * chore(action): bump gosec to 2.24.7 (#1575) - Update to version 2.24.7: * Ignore nosec comments in action integration workflow to generate some warnings (#1573) * Add a workflow for action integration test (#1571) * fix(sarif): avoid invalid null relationships in SARIF output (#1569) * chore: migrate gosec container image references to GHCR (#1567) * Update gorelease to use the latest cosign bundle argument (#1565) * Migrate goreleaser to use the proper cosign arguments (#1564) * Update the cosing to version v3.0.5 (#1563) * fix(release): use existing cosign-installer action version (#1562) * chore(prompts): add skill and prompt to update supported Go versions (#1561) * chore(prompts): add action version update skill and prompt (#1560) * fix(analyzers): avoid SSA dependency cycle blowups in issue #1555 paths (#1559) * Add a SKILL and PROMPT for fixing a GitHub issue (#1558) * Add a SKILL and PROMPT for generating rules with AI (#1557) * fix(G120): prevent hang-like analysis blowup in wrapper protection checks (#1556) * fix(G705): eliminate false positive when guard type cannot be resolved (#1554) * Remove gcmurphy from funding list * Extend the release workflow to push the container images also to GHCR * Update to gosec to v2.24.0 in the action and fix the docker image signing (#1552) - Update to version 2.24.0: * fix: G704 false positive on const URL (#1551) * fix(G705): eliminate false positive for non-HTTP io.Writer (#1550) * G120: avoid false positive when MaxBytesReader is applied in middleware (#1547) * Fix G602 regression coverage for issue #1545 and stabilize G117TOML test dependency (#1546) * taint: skip `context.Context` arguments during taint propagation to fix false positives (#1543) * test: add missing rules to formatter report tests (#1540) * chore(deps): update all dependencies (#1541) * Regenrate the TLS config rule (#1539) * Improve documentation (#1538) * Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537) * Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536) * Add G707 taint analyzer for SMTP command/header injection (#1535) * Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534) * Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532) * fix(G602): avoid false positives for range-over-array indexing (#1531) * Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530) * fix: taint analysis false positives with G703,G705 (#1522) * Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529) * Fix the G117 rule to take the JSON serialization into account (#1528) * (docs) fix justification format (#1524) * Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521) * Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520) * Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519) * Fix G115 false positives and negatives (Issue #1501) (#1518) * chore(deps): update all dependencies (#1517) * Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516) * Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515) * Add G408: SSH PublicKeyCallback Authentication BypassAnalyzer (#1513) * Add more unit tests to improve coverage (#1512) * Improve test coverage in various areas (#1511) * Imprve the test coverage (#1510) * Fix incorrect detection of fixed iv in G407 (#1509) * Add support for go 1.26.x and removed support for go 1.24.x (#1508) * Fix the sonar report to follow the latest schema (#1507) * fix: broken taint analysis causing false positives (#1506) * fix: panic on float constants in overflow analyzer (#1505) * fix: panic when scanning multi-module repos from root (#1504) * fix: G602 false positive for array element access (#1499) * Update gosec to version v2.23.0 in the Github action (#1496) - Update to version 2.23.0: * feat: Support for adding taint analysis engine (#1486) * chore(deps): update all dependencies (#1494) * chore(deps): update all dependencies (#1494) * chore(deps): update all dependencies (#1488) * Fix G602 analyzer panic that kills gosec process (#1491) * update go version to 1.25.7 (#1492) * Fix URL regexp and remove redundant Google regex patterns (#1485) * feat: implement global cache usage in rules (#1480) * chore(deps): update module google.golang.org/genai to v1.43.0 (#1484) * refactor: optimize nosec parsing and reduce allocations (#1478) * Fix SARIF artifactChanges null validation error (#1483) * feat: optimize GetCallInfo with per-package sync.Pool caching (#1481) * feat: implement entropy pre-filtering to optimize secret detection (#1479) * feat: ensure GoVersion is cached using sync.Once (#1477) * Fix #1240: nosec comments now work with trailing open brackets (#1475) * Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476) * Update the go version to 1.25.6 and 1.24.12 (#1474) * G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470) * chore(deps): update all dependencies (#1473) * feat: supportpath-based rule exclusions via exclude-rules (#1465) * Optimize analyzer with parallel package processing (#1466) * feat: add goanalysis package for nogo (#1449) * Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464) * Optimize G115, G602, G407 analyzers to reduce allocations and memory (#1463) * refactor(g115): improve coverage (#1462) * Refine G407 to improve detection and coverage of hardcoded nonces (#1460) * chore(deps): update all dependencies (#1461) * Refactor rules to use callListRule base structure (#1458) * feat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457) * remove deprecated ast.Object (#1455) * feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454) * feat(rules): enhance subprocess variable checks (#1453) * feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452) * feat: add secrets serialization G117 (#1451) * feat(rules): add support for detecting high entropy strings in composite literals (#1447) * whitelist crypto/rand Read from error checks (#1446) * chore(deps): update all dependencies (#1443) * Improve slice bound check (#1442) * docs: add documentation for using gosec with private modules (#1441) * chore(deps): update all dependencies (#1440) * docs: add G116 rule description to README (#1439) * Update GitHub action to gosec 2.22.11 (#1438) - Update to version 2.22.11: * feature: add rule for trojan source (#1431) * feat(ai): add OpenAI and custom API provider support (#1424) * chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437) * chore(deps): update module google.golang.org/genai to v1.37.0 (#1435) * refactor: simplify report functions in main.go (#1434) * Update go to 1.25.5 and 1.24.11 in CI (#1433) * chore(deps): update all dependencies (#1425) * feat(ai): addsupport for latest Claude models and update provider flags (#1423) * Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427) * chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428) * fix: correct schema with temporary placeholder (#1418) * perf: skip SSA analysis if no analyzers are loaded (#1419) * test: add sarif validation (#1417) * chore(deps): update all dependencies (#1421) * Update go to version 1.25.4 and 1.24.10 in CI (#1415) * fix: build tag parsing. (#1413) * chore(deps): update all dependencies (#1411) * chore(deps): update all dependencies (#1409) * chore(deps): update all dependencies (#1408) * Update gosec to version v2.22.10 in the github action (#1405) - Update to version 2.22.10: * Update go to version 1.25.3 and 1.24.9 in CI (#1404) * chore(deps): update all dependencies (#1402) * Update go to version 1.25.2 and 2.24.8 in CI (#1401) * chore(deps): update all dependencies (#1399) * check nil slices, partially check bounds (#1396) * Remove unused target from the makefile * Use the ginkgo command install by the dependencies * Keep the go module at 1.24 version for compatibility reasons * Remove manual test deps * fix: text must be supplied when markdown is used * fix: improve error message of CheckAnalyzers * fix: log panic on SSA * chore(deps): update all dependencies * Update gosec to version v.22.9 in the github action - Update to version 2.22.9: * Update cosign to v2.6.0 and go in the CI to latest version * fix(autofix): unnecessary conversion * feat(autofix): update gemini sdk and add anthropic claude * feat(G304): add os.Root remediation hint (Autofix) when Go > = 1.24 * chore(deps): update all dependencies * refactor(G304): remove unused trackJoin helper; no functional change * style: gofmt rules/readfile.go * test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed) * rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed * rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * Update gosec version to v2.22.8 in the Github action - Update to version 2.22.8: * Add support for go version 1.25.0 * Update go version in CI to 1.24.6 and 1.23.12 * chore(deps): update all dependencies * chore(deps): update all dependencies * Update github action to release v2.22.7 - Update to version 2.22.7: * Fix crash in hardcoded_nonce analyzer * Update go action to use release v2.22.6 * Update go version to 1.24.5 and 1.23.11 in the CI * chore(deps): update module google.golang.org/api to v0.242.0 * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * Do not allow dashes in file names *Update gosec to version 2.22.5 in Github action - Update to version 2.22.5: * Switch back go.mod to minimum 1.23.0 * Update dependencies * Update go version 1.24.4 and 1.23.10 in CI * chore(deps): update all dependencies * G201/G202: add checks for injection into sql.Conn methods * chore(deps): update module google.golang.org/api to v0.235.0 * chore(deps): update module google.golang.org/api to v0.234.0 * chore(deps): update module google.golang.org/api to v0.233.0 * chore(deps): update module google.golang.org/api to v0.232.0 - Switch vendor from gz to xz for consistency - Switch from version to revision in _service Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-167=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): gosec-2.26.1-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2025-22891.html . Update available for openSUSE fixing moderate severity issue in gosec software. Apply patch to secure your system.. openSUSE update gosec moderate severity buffer overflow. . LinuxSecurity.com Team
May 16, 2026
OpenSUSE
202
security advisorydenial of serviceimportantopenSUSE Leap 16.0 gosec Important Update CVE-2025-22891 Advisory 20579-1
An update that solves one vulnerability can now be installed.. openSUSE security update: security update for gosec ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20579-1 Rating: important Cross-References: * CVE-2025-22891 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability can now be installed. Description: This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: * chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617) * fix: allow barry action to access secrets on fork PRs (#1616) * fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615) * Add barry security scanner as a step in the CI (#1612) * chore(deps): update all dependencies (#1611) * fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610) * Add some skills for claude code to automate some tasks (#1609) * Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606) * fix: skip SSA analysis on ill-typed packages to prevent panic (#1607) * Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605) * fix(G118): eliminate false positive for package-level cancel variables (#1602) * feat: add G124 rule for insecure HTTP cookie configuration (#1599) * feat: add G709 rule for unsafe deserialization of untrusted data (#1598) * feat: add G708 rule for server-side template injection via text/template (#1597) * fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596) * Fix infinite recursion in interprocedural taint analysis (#1594) * Fix G118 false positive when cancel is stored in returned struct field (#1593) * Fix G118 false positive on cancel called inside goroutine closure (#1592) * fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589) *chore(deps): update all dependencies (#1588) * fix(G118): treat returned cancel func as called (fixes #1584) (#1585) * chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583) * Update the README with the correct version of the Github action for gosec (#1582) * chore(deps): update all dependencies (#1579) * Fix G115 false positives for guarded int64-to-byte conversions (#1578) * Update the container image migration notice (#1576) * chore(action): bump gosec to 2.24.7 (#1575) - Update to version 2.24.7: * Ignore nosec comments in action integration workflow to generate some warnings (#1573) * Add a workflow for action integration test (#1571) * fix(sarif): avoid invalid null relationships in SARIF output (#1569) * chore: migrate gosec container image references to GHCR (#1567) * Update gorelease to use the latest cosign bundle argument (#1565) * Migrate goreleaser to use the proper cosign arguments (#1564) * Update the cosing to version v3.0.5 (#1563) * fix(release): use existing cosign-installer action version (#1562) * chore(prompts): add skill and prompt to update supported Go versions (#1561) * chore(prompts): add action version update skill and prompt (#1560) * fix(analyzers): avoid SSA dependency cycle blowups in issue #1555 paths (#1559) * Add a SKILL and PROMPT for fixing a GitHub issue (#1558) * Add a SKILL and PROMPT for generating rules with AI (#1557) * fix(G120): prevent hang-like analysis blowup in wrapper protection checks (#1556) * fix(G705): eliminate false positive when guard type cannot be resolved (#1554) * Remove gcmurphy from funding list * Extend the release workflow to push the container images also to GHCR * Update to gosec to v2.24.0 in the action and fix the docker image signing (#1552) - Update to version 2.24.0: * fix: G704 false positive on const URL (#1551) * fix(G705): eliminate false positive for non-HTTP io.Writer (#1550) * G120: avoid false positive when MaxBytesReader is applied in middleware (#1547) * FixG602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546) * taint: skip `context.Context` arguments during taint propagation to fix false positives (#1543) * test: add missing rules to formatter report tests (#1540) * chore(deps): update all dependencies (#1541) * Regenrate the TLS config rule (#1539) * Improve documentation (#1538) * Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537) * Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536) * Add G707 taint analyzer for SMTP command/header injection (#1535) * Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534) * Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532) * fix(G602): avoid false positives for range-over-array indexing (#1531) * Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530) * fix: taint analysis false positives with G703,G705 (#1522) * Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529) * Fix the G117 rule to take the JSON serialization into account (#1528) * (docs) fix justification format (#1524) * Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521) * Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520) * Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519) * Fix G115 false positives and negatives (Issue #1501) (#1518) * chore(deps): update all dependencies (#1517) * Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516) * Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515) * Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513) * Add more unit tests to improve coverage (#1512) * Improve test coverage in variousareas (#1511) * Imprve the test coverage (#1510) * Fix incorrect detection of fixed iv in G407 (#1509) * Add support for go 1.26.x and removed support for go 1.24.x (#1508) * Fix the sonar report to follow the latest schema (#1507) * fix: broken taint analysis causing false positives (#1506) * fix: panic on float constants in overflow analyzer (#1505) * fix: panic when scanning multi-module repos from root (#1504) * fix: G602 false positive for array element access (#1499) * Update gosec to version v2.23.0 in the Github action (#1496) - Update to version 2.23.0: * feat: Support for adding taint analysis engine (#1486) * chore(deps): update all dependencies (#1494) * chore(deps): update all dependencies (#1494) * chore(deps): update all dependencies (#1488) * Fix G602 analyzer panic that kills gosec process (#1491) * update go version to 1.25.7 (#1492) * Fix URL regexp and remove redundant Google regex patterns (#1485) * feat: implement global cache usage in rules (#1480) * chore(deps): update module google.golang.org/genai to v1.43.0 (#1484) * refactor: optimize nosec parsing and reduce allocations (#1478) * Fix SARIF artifactChanges null validation error (#1483) * feat: optimize GetCallInfo with per-package sync.Pool caching (#1481) * feat: implement entropy pre-filtering to optimize secret detection (#1479) * feat: ensure GoVersion is cached using sync.Once (#1477) * Fix #1240: nosec comments now work with trailing open brackets (#1475) * Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476) * Update the go version to 1.25.6 and 1.24.12 (#1474) * G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470) * chore(deps): update all dependencies (#1473) * feat: support path-based rule exclusions via exclude-rules (#1465) * Optimize analyzer with parallel package processing (#1466) * feat: add goanalysis package for nogo (#1449) * Refactor Analyzers: Unify Range Logic & Optimize Allocations(#1464) * Optimize G115, G602, G407 analyzers to reduce allocations and memory (#1463) * refactor(g115): improve coverage (#1462) * Refine G407 to improve detection and coverage of hardcoded nonces (#1460) * chore(deps): update all dependencies (#1461) * Refactor rules to use callListRule base structure (#1458) * feat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457) * remove deprecated ast.Object (#1455) * feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454) * feat(rules): enhance subprocess variable checks (#1453) * feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452) * feat: add secrets serialization G117 (#1451) * feat(rules): add support for detecting high entropy strings in composite literals (#1447) * whitelist crypto/rand Read from error checks (#1446) * chore(deps): update all dependencies (#1443) * Improve slice bound check (#1442) * docs: add documentation for using gosec with private modules (#1441) * chore(deps): update all dependencies (#1440) * docs: add G116 rule description to README (#1439) * Update GitHub action to gosec 2.22.11 (#1438) - Update to version 2.22.11: * feature: add rule for trojan source (#1431) * feat(ai): add OpenAI and custom API provider support (#1424) * chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437) * chore(deps): update module google.golang.org/genai to v1.37.0 (#1435) * refactor: simplify report functions in main.go (#1434) * Update go to 1.25.5 and 1.24.11 in CI (#1433) * chore(deps): update all dependencies (#1425) * feat(ai): add support for latest Claude models and update provider flags (#1423) * Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427) * chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428) * fix: correct schema with temporary placeholder (#1418) * perf: skip SSA analysis if no analyzers are loaded (#1419) * test: add sarif validation (#1417) * chore(deps): update all dependencies (#1421) * Update go to version 1.25.4 and 1.24.10 in CI (#1415) * fix: build tag parsing. (#1413) * chore(deps): update all dependencies (#1411) * chore(deps): update all dependencies (#1409) * chore(deps): update all dependencies (#1408) * Update gosec to version v2.22.10 in the github action (#1405) - Update to version 2.22.10: * Update go to version 1.25.3 and 1.24.9 in CI (#1404) * chore(deps): update all dependencies (#1402) * Update go to version 1.25.2 and 2.24.8 in CI (#1401) * chore(deps): update all dependencies (#1399) * check nil slices, partially check bounds (#1396) * Remove unused target from the makefile * Use the ginkgo command install by the dependencies * Keep the go module at 1.24 version for compatibility reasons * Remove manual test deps * fix: text must be supplied when markdown is used * fix: improve error message of CheckAnalyzers * fix: log panic on SSA * chore(deps): update all dependencies * Update gosec to version v.22.9 in the github action - Update to version 2.22.9: * Update cosign to v2.6.0 and go in the CI to latest version * fix(autofix): unnecessary conversion * feat(autofix): update gemini sdk and add anthropic claude * feat(G304): add os.Root remediation hint (Autofix) when Go > = 1.24 * chore(deps): update all dependencies * refactor(G304): remove unused trackJoin helper; no functional change * style: gofmt rules/readfile.go * test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed) * rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Considersafe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed * rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * Update gosec version to v2.22.8 in the Github action - Update to version 2.22.8: * Add support for go version 1.25.0 * Update go version in CI to 1.24.6 and 1.23.12 * chore(deps): update all dependencies * chore(deps): update all dependencies * Update github action to release v2.22.7 - Update to version 2.22.7: * Fix crash in hardcoded_nonce analyzer * Update go action to use release v2.22.6 * Update go version to 1.24.5 and 1.23.11 in the CI * chore(deps): update module google.golang.org/api to v0.242.0 * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * chore(deps): update all dependencies * Do not allow dashes in file names * Update gosec to version 2.22.5 in Github action - Update to version 2.22.5: * Switch back go.mod to minimum 1.23.0 * Update dependencies * Update go version 1.24.4 and 1.23.10 in CI * chore(deps): update all dependencies * G201/G202: add checks for injection into sql.Conn methods * chore(deps): update module google.golang.org/api to v0.235.0 * chore(deps): update module google.golang.org/api to v0.234.0 * chore(deps): update module google.golang.org/api to v0.233.0 * chore(deps): update module google.golang.org/api to v0.232.0 - Switch vendor from gz to xz for consistency - Switch from version to revision in _service - Update toversion 2.22.4: * Update to go version 1.24.3 and 1.23.9 * update: updated the build command to include version metadata * chore(deps): update all dependencies * Update the AI provider API key value when provided as an argument * chore(deps): update module google.golang.org/api to v0.230.0 * chore(deps): update module google.golang.org/api to v0.229.0 * chore(deps): update all dependencies * Comment the reason why the file can be nil when an issue is created * Handle nil file when creating a new issue * chore(deps): update all dependencies (#1333) - Update to version 2.22.3: * Update version in 'action.yml' to 2.22.3 (anticipating next version (#1332) * Update go version to 1.24.2 and 1.23.8 (#1331) * remove G113. It only affects old/unsupported versions of Go (#1328) * chore(deps): update all dependencies (#1325) * Add SSOJet (#1320) * chore(deps): update all dependencies (#1319) * Update the integrity sha for babel dependency in html report (#1316) * Add support for `//gosec:disable` directive (#1314) * chore(deps): update all dependencies (#1315) - Update to version 2.22.2: * Update to go version 1.24.1 and 1.23.7 (#1313) * chore(deps): update all dependencies (#1310) * chore(deps): update all dependencies (#1308) * Update gosec version in the GitHub action to v2.22.1 (#1307) * chore(deps): update module google.golang.org/api to v0.221.0 (#1305) - Update to version 2.22.1: * Update cosign to v2.4.2 (#1303) * Add support for go 1.24 and phased out support for go 1.22 (#1302) * chore(deps): update all dependencies (#1300) * Update to go version 1.23.6 and 1.22.12 (#1299) * chore(deps): update module google.golang.org/api to v0.219.0 (#1296) * chore(deps): update module google.golang.org/api to v0.218.0 (#1294) * Add test to conver unit parssing for G115 rule (#1293) * Update to go version 1.23.5 and 1.22.11 (#1291) * chore(deps): update all dependencies (#1290) * Update gosec in github action to 2.22.0 (#1286) Patch instructions: Toinstall this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-197=1 Package List: - openSUSE Leap 16.0: gosec-2.25.0-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-22891.html . Important update for openSUSE Leap 16.0 addressing security advancements in gosec, ensuring robust protection.. openSUSE update, gosec security, Go version compliance. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2026
•Important
OpenSUSE
202
security advisorymoderatevulnerabilityopenSUSE Tumbleweed gosec Moderate Security Fix Advisory 2026-10270-1
An update that solves one vulnerability can now be installed.. # gosec-2.24.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10270-1 Rating: moderate Cross-References: * CVE-2025-22891 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the gosec-2.24.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * gosec 2.24.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22891.html . Update for openSUSE Tumbleweed addressing a moderate security issue in gosec. Fixes are now available for installation.. openSUSE Tumbleweed,gosec update,security issue fix,moderate severity,security advisory. . LinuxSecurity.com Team
Feb 28, 2026
OpenSUSE
89
security advisoryfedoracve-2025-58185Fedora 43: gosec Important Security Update CVE-2025-58189
Update to 2.22.11. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6ad9ed1275 2025-12-20 00:52:30.902645+00:00 -------------------------------------------------------------------------------- Name : gosec Product : Fedora 43 Version : 2.22.11 Release : 2.fc43 URL : https://github.com/securego/gosec Summary : Go security checker Description : Go security checker. -------------------------------------------------------------------------------- Update Information: Update to 2.22.11 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 11 2025 Mikel Olasagasti Uranga - 2.22.11-2 - Fix build * Thu Dec 11 2025 Mikel Olasagasti Uranga - 2.22.11-1 - Update to 2.22.11 - Closes rhbz#2388620 * Fri Oct 10 2025 Maxwell G - 2.22.7-3 - Rebuild for golang 1.25.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408291 - CVE-2025-58189 gosec: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408291 [ 2 ] Bug #2409764 - CVE-2025-61723 gosec: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409764 [ 3 ] Bug #2410714 - CVE-2025-58185 gosec: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410714 [ 4 ] Bug #2411610 - CVE-2025-58188 gosec: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411610 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6ad9ed1275' at the command line. For moreinformation, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 20, 2025
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!