Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Report generated on: February 07, 2026 at 03:20 UTC

All Products Vulnerability Report

Covered Products

Product NameRepository
UniPDFgithub.com/unidoc/unipdf
UniOfficegithub.com/unidoc/unioffice
UniHTMLgithub.com/unidoc/unihtml

Key Findings for This Reporting Period

  • Total Open Vulnerabilities: Across all products, we are currently tracking 12 open vulnerabilities.
  • Progress: Over the last 12 months, we have fixed 10 vulnerabilities, including 0 critical ones.

12-Month Combined Vulnerability Trend

xychart-beta
    title "New vs. Fixed Vulnerabilities (Last 12 Months)"
    x-axis "Month" ["2025-03", "2025-04", "2025-05", "2025-06", "2025-07", "2025-08", "2025-09", "2025-10", "2025-11", "2025-12", "2026-01", "2026-02"]
    y-axis "Count"
    bar "New" [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    bar "Fixed" [0, 0, 0, 0, 0, 3, 7, 0, 0, 0, 0, 0]
MonthNewFixedTotal at Month End
2026-020012
2026-010012
2025-120012
2025-110012
2025-100012
2025-090712
2025-080319
2025-070022
2025-060022
2025-050022
2025-040022
2025-030022

Detailed Vulnerability List

Total Open Vulnerabilities: 12

CVE IdentifierSeverityPackage NameDescription
CVE-2025-47914MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
CVE-2025-58181MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication
CVE-2023-36308LOWgithub.com/disintegration/imagingdisintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...
CVE-2025-47914MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
CVE-2025-58181MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication
CVE-2023-36308LOWgithub.com/disintegration/imagingdisintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...
CVE-2025-47914MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
CVE-2025-58181MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication
CVE-2025-47914MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
CVE-2025-58181MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication
CVE-2025-47914MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
CVE-2025-58181MEDIUMgolang.org/x/cryptogolang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

Total Fixed Vulnerabilities (Last 12 Months): 10

CVE IdentifierSeverityPackage NameDescription
CVE-2025-22869HIGHgolang.org/x/cryptogolang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
CVE-2025-22870MEDIUMgolang.org/x/netgolang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
CVE-2025-22872MEDIUMgolang.org/x/netgolang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
CVE-2025-22869HIGHgolang.org/x/cryptogolang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
CVE-2025-22870MEDIUMgolang.org/x/netgolang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
CVE-2025-22872MEDIUMgolang.org/x/netgolang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
CVE-2025-22869HIGHgolang.org/x/cryptogolang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
CVE-2025-22870MEDIUMgolang.org/x/netgolang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
CVE-2025-22872MEDIUMgolang.org/x/netgolang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
GHSA-vrw8-fxc6-2r93MEDIUMgithub.com/go-chi/chi/v5chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes