# wget 1.25.0

Snapshot of gominimal/pkgs commit `cd4b09dd2f492c47fba70eb1b8a8c724dabdc7e9` (pushed 2026-07-10T23:16:55.000Z).

## Install

```sh
min add wget
```

## Direct advisories

| ID | Severity | CVSS | Fix status | Fixed version | Summary |
| --- | --- | --- | --- | --- | --- |
| CVE-2026-58469 | HIGH | — | fixed | — | GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing |
| CVE-2026-58470 | MEDIUM | — | fixed | — | GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing |
| CVE-2026-58471 | MEDIUM | — | fixed | — | GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c |
| CVE-2026-58472 | MEDIUM | — | fixed | — | GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding |

## Transitive advisories

7 advisories inherited through runtime dependencies:

- CVE-2026-4046 (HIGH) via glibc
- CVE-2026-4437 (HIGH) via glibc
- CVE-2026-4438 (MEDIUM) via glibc
- CVE-2026-5450 (CRITICAL) via glibc
- CVE-2026-5928 (HIGH) via glibc
- GHSA-q7rw-r7qq-2hx6 (UNKNOWN) via pcre2
- OSV-2026-343 (HIGH) via pcre2

## Dependencies

- Build (4): base, toolchain, make, pkgconf
- Runtime (5): glibc, libpsl, openssl, pcre2, zlib

## Links

- Package page (HTML): https://minimal.dev/pkgs/wget
- JSON API (floats latest): https://minimal.dev/api/pkgs/wget.json
- SBOM (CycloneDX 1.5): https://minimal.dev/api/pkgs/wget/sbom.json
