Go helps developers detect, assess, and resolve errors or weaknesses that are at risk of being exploited by attackers. Behind the scenes, the Go team runs a pipeline to curate reports about vulnerabilities, which are stored in the Go vulnerability database. Various libraries and tools can read and analyze those reports to understand how specific user projects may be affected. This functionality is integrated into the Go package discovery site and a new CLI tool, govulncheck
go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./...
Go Vulnerability Database
The Go vulnerability database contains information from many existing sources in addition to direct reports by Go package maintainers to the Go security team. Each entry in the database is reviewed to ensure that the vulnerability’s description, package and symbol information, and version details are accurate.