2 known bugs in golang.org/x/oauth2, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | any | 0.27.0 | golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | fixed | osv:GHSA-6v2p-p543-phr9 |
| medium |
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/go/golang.org/x/oauth2| 0.27.0 |
Unexpected memory consumption during token parsing in golang.org/x/oauth2 An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. |
| fixed |
| osv:GO-2025-3488 |