Running clair-action on amd64 image manifest... 2026-04-21T19:02:10Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-04-21T19:02:10Z INF libvuln initialized component=libvuln/New 2026-04-21T19:02:10Z INF registered configured scanners component=libindex/New 2026-04-21T19:02:10Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-04-21T19:02:10Z INF index request start component=libindex/Libindex.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 2026-04-21T19:02:10Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 2026-04-21T19:02:10Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=CheckManifest 2026-04-21T19:02:10Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=FetchLayers 2026-04-21T19:02:11Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=FetchLayers 2026-04-21T19:02:11Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=FetchLayers 2026-04-21T19:02:11Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=ScanLayers 2026-04-21T19:02:11Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=ScanLayers 2026-04-21T19:02:11Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=IndexManifest 2026-04-21T19:02:11Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=IndexFinished 2026-04-21T19:02:11Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 state=IndexFinished 2026-04-21T19:02:11Z INF index request done component=libindex/Libindex.Index manifest=sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3 { "manifest_hash": "sha256:e771d3d50657b999a780ae448eea67f7f04bc9bba72f530282299c0ea04dbae3", "packages": { "+cGRzCK8ZxFziOYlIA/StA==": { "id": "+cGRzCK8ZxFziOYlIA/StA==", "name": "github.com/klauspost/compress", "version": "v1.17.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.17.2.0.0.0.0.0.0", "cpe": "" }, "2Dk0j/or76OpTs49Xm6L9A==": { "id": "2Dk0j/or76OpTs49Xm6L9A==", "name": "zlib", "version": "1.3.2-r0", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.3.2-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3m2oa2NcLh94ZKDg0nKrdw==": { "id": "3m2oa2NcLh94ZKDg0nKrdw==", "name": "github.com/mathwizz/web-server", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "4r1/MT6RfJo/vsmnrIkHGw==": { "id": "4r1/MT6RfJo/vsmnrIkHGw==", "name": "github.com/nats-io/nkeys", "version": "v0.4.7", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.0.4.7.0.0.0.0.0.0", "cpe": "" }, "5WvIf7JQsCvOLvoK87EAhQ==": { "id": "5WvIf7JQsCvOLvoK87EAhQ==", "name": "ssl_client", "version": "1.37.0-r30", "kind": "binary", "source": { "id": "", "name": "busybox", "version": "1.37.0-r30", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "66pmbBWVT4Lu27Cz3xg//A==": { "id": "66pmbBWVT4Lu27Cz3xg//A==", "name": "libcrypto3", "version": "3.5.6-r0", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.5.6-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9/ivivCZjzI3QIwrnBP0bw==": { "id": "9/ivivCZjzI3QIwrnBP0bw==", "name": "golang.org/x/time", "version": "v0.3.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.0.3.0.0.0.0.0.0.0", "cpe": "" }, "AMDDysdln4E3fw80+reHoA==": { "id": "AMDDysdln4E3fw80+reHoA==", "name": "scanelf", "version": "1.3.8-r2", "kind": "binary", "source": { "id": "", "name": "pax-utils", "version": "1.3.8-r2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AjtWFuX5NbHF/WyTvfoqgg==": { "id": "AjtWFuX5NbHF/WyTvfoqgg==", "name": "busybox-binsh", "version": "1.37.0-r30", "kind": "binary", "source": { "id": "", "name": "busybox", "version": "1.37.0-r30", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AvpKKG3zV31dH0gQhgffww==": { "id": "AvpKKG3zV31dH0gQhgffww==", "name": "musl-utils", "version": "1.2.5-r23", "kind": "binary", "source": { "id": "", "name": "musl", "version": "1.2.5-r23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CiQAa9ln1UcmI1MdY4HrRw==": { "id": "CiQAa9ln1UcmI1MdY4HrRw==", "name": "github.com/gorilla/mux", "version": "v1.8.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.8.1.0.0.0.0.0.0", "cpe": "" }, "FYmuk2+0FX5HpL7fwguQGQ==": { "id": "FYmuk2+0FX5HpL7fwguQGQ==", "name": "ca-certificates-bundle", "version": "20260413-r0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20260413-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IYOa5/CQrVOq5CoGcywMyw==": { "id": "IYOa5/CQrVOq5CoGcywMyw==", "name": "libssl3", "version": "3.5.6-r0", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.5.6-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J2IN9iwUOy44iUtPmrvfTQ==": { "id": "J2IN9iwUOy44iUtPmrvfTQ==", "name": "github.com/nats-io/nuid", "version": "v1.0.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.0.1.0.0.0.0.0.0", "cpe": "" }, "MwhswvIAo/Wa8B6XxOq7Gw==": { "id": "MwhswvIAo/Wa8B6XxOq7Gw==", "name": "busybox", "version": "1.37.0-r30", "kind": "binary", "source": { "id": "", "name": "busybox", "version": "1.37.0-r30", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "T0tt0+5a7W8cnJfyQunpKQ==": { "id": "T0tt0+5a7W8cnJfyQunpKQ==", "name": "ca-certificates", "version": "20260413-r0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20260413-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TySOYyoqJdaRpbGb5CV9Yg==": { "id": "TySOYyoqJdaRpbGb5CV9Yg==", "name": "golang.org/x/sys", "version": "v0.30.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.0.30.0.0.0.0.0.0.0", "cpe": "" }, "Vb3ZW/CiCxcsNhshSVfkQw==": { "id": "Vb3ZW/CiCxcsNhshSVfkQw==", "name": "github.com/lib/pq", "version": "v1.10.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.10.9.0.0.0.0.0.0", "cpe": "" }, "bRVLMrT/uJ7IZQt8XLVmaA==": { "id": "bRVLMrT/uJ7IZQt8XLVmaA==", "name": "alpine-release", "version": "3.23.4-r0", "kind": "binary", "source": { "id": "", "name": "alpine-base", "version": "3.23.4-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "d2qSwq19AEBBRG/W+6tUwA==": { "id": "d2qSwq19AEBBRG/W+6tUwA==", "name": "apk-tools", "version": "3.0.6-r0", "kind": "binary", "source": { "id": "", "name": "apk-tools", "version": "3.0.6-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dZBqWw9pBC8WtNIcbEEd4Q==": { "id": "dZBqWw9pBC8WtNIcbEEd4Q==", "name": "alpine-baselayout-data", "version": "3.7.2-r0", "kind": "binary", "source": { "id": "", "name": "alpine-baselayout", "version": "3.7.2-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eW5wqcgInLtxyH/1Z4aVyQ==": { "id": "eW5wqcgInLtxyH/1Z4aVyQ==", "name": "libapk", "version": "3.0.6-r0", "kind": "binary", "source": { "id": "", "name": "apk-tools", "version": "3.0.6-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "elcrwR131jqSP0gH0zc4bg==": { "id": "elcrwR131jqSP0gH0zc4bg==", "name": "github.com/golang-jwt/jwt/v5", "version": "v5.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.5.2.0.0.0.0.0.0.0", "cpe": "" }, "nT33KeI8cEMBVYUfzsPk5A==": { "id": "nT33KeI8cEMBVYUfzsPk5A==", "name": "alpine-baselayout", "version": "3.7.2-r0", "kind": "binary", "source": { "id": "", "name": "alpine-baselayout", "version": "3.7.2-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tLkEEe7KvBqVHutIPqpeJg==": { "id": "tLkEEe7KvBqVHutIPqpeJg==", "name": "stdlib", "version": "1.23.12", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.23.12.0.0.0.0.0.0", "cpe": "" }, "wGkxV3KM6tQ1Tze5ElqWLg==": { "id": "wGkxV3KM6tQ1Tze5ElqWLg==", "name": "golang.org/x/crypto", "version": "v0.33.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.0.33.0.0.0.0.0.0.0", "cpe": "" }, "y9AsnNEg9koPQGRNR+GKHA==": { "id": "y9AsnNEg9koPQGRNR+GKHA==", "name": "alpine-keys", "version": "2.6-r0", "kind": "binary", "source": { "id": "", "name": "alpine-keys", "version": "2.6-r0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yHX/ztzNfj6dhYMk4g2xzQ==": { "id": "yHX/ztzNfj6dhYMk4g2xzQ==", "name": "github.com/Knetic/govaluate", "version": "v3.0.0+incompatible", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.3.0.0.0.0.0.0.0.0", "cpe": "" }, "ySmmH/gieJnWpEN1naejiA==": { "id": "ySmmH/gieJnWpEN1naejiA==", "name": "musl", "version": "1.2.5-r23", "kind": "binary", "source": { "id": "", "name": "musl", "version": "1.2.5-r23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yTV5hn8ueiP/Wu8PqPjmzQ==": { "id": "yTV5hn8ueiP/Wu8PqPjmzQ==", "name": "github.com/nats-io/nats.go", "version": "v1.32.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.32.0.0.0.0.0.0.0", "cpe": "" } }, "distributions": { "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9": { "id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "did": "alpine", "name": "Alpine Linux", "version": "3.23", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "Alpine Linux v3.23" } }, "repository": { "8dae8cb3-6710-4aa9-aec4-772900666cd0": { "id": "8dae8cb3-6710-4aa9-aec4-772900666cd0", "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" } }, "environments": { "+cGRzCK8ZxFziOYlIA/StA==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "2Dk0j/or76OpTs49Xm6L9A==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "3m2oa2NcLh94ZKDg0nKrdw==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "4r1/MT6RfJo/vsmnrIkHGw==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "5WvIf7JQsCvOLvoK87EAhQ==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "66pmbBWVT4Lu27Cz3xg//A==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "9/ivivCZjzI3QIwrnBP0bw==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "AMDDysdln4E3fw80+reHoA==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "AjtWFuX5NbHF/WyTvfoqgg==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "AvpKKG3zV31dH0gQhgffww==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "CiQAa9ln1UcmI1MdY4HrRw==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "FYmuk2+0FX5HpL7fwguQGQ==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "IYOa5/CQrVOq5CoGcywMyw==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "J2IN9iwUOy44iUtPmrvfTQ==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "MwhswvIAo/Wa8B6XxOq7Gw==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "T0tt0+5a7W8cnJfyQunpKQ==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "TySOYyoqJdaRpbGb5CV9Yg==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "Vb3ZW/CiCxcsNhshSVfkQw==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "bRVLMrT/uJ7IZQt8XLVmaA==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "d2qSwq19AEBBRG/W+6tUwA==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "dZBqWw9pBC8WtNIcbEEd4Q==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "eW5wqcgInLtxyH/1Z4aVyQ==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "elcrwR131jqSP0gH0zc4bg==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "nT33KeI8cEMBVYUfzsPk5A==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "tLkEEe7KvBqVHutIPqpeJg==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "wGkxV3KM6tQ1Tze5ElqWLg==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "y9AsnNEg9koPQGRNR+GKHA==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "yHX/ztzNfj6dhYMk4g2xzQ==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ], "ySmmH/gieJnWpEN1naejiA==": [ { "package_db": "lib/apk/db/installed", "introduced_in": "sha256:76cbedd71a05bf6e8513645fbf8bf436d911348bb3f027280fb28a7476ed12d0", "distribution_id": "38d23d4a-be9d-4e27-b79b-1fc52aceb8a9", "repository_ids": null } ], "yTV5hn8ueiP/Wu8PqPjmzQ==": [ { "package_db": "go:root/web-server", "introduced_in": "sha256:74bcfd3b03eeb0af03415be759d96a9c516c449a5aee11b8211c890d3c502e72", "distribution_id": "", "repository_ids": [ "8dae8cb3-6710-4aa9-aec4-772900666cd0" ] } ] }, "vulnerabilities": { "4ifTGHhVbtDPeqLwYDVyJA==": { "id": "4ifTGHhVbtDPeqLwYDVyJA==", "updater": "osv/go", "name": "GO-2026-4341", "description": "Memory exhaustion in query parameter parsing in net/url", "issued": "2026-01-28T19:08:18Z", "links": "https://go.dev/cl/736712 https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.12" }, "4jKXN+o/0vyACgd6hmLCbw==": { "id": "4jKXN+o/0vyACgd6hmLCbw==", "updater": "osv/go", "name": "GO-2025-4009", "description": "Quadratic complexity when parsing some invalid inputs in encoding/pem", "issued": "2025-10-29T21:49:55Z", "links": "https://go.dev/issue/75676 https://go.dev/cl/709858 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "8dARvXsFfslEQUJNpOVqyQ==": { "id": "8dARvXsFfslEQUJNpOVqyQ==", "updater": "osv/go", "name": "GO-2025-4007", "description": "Quadratic complexity when checking name constraints in crypto/x509", "issued": "2025-10-29T21:49:50Z", "links": "https://go.dev/issue/75681 https://go.dev/cl/709854 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.9" }, "9104eRTCy/+sziVrNe1xRg==": { "id": "9104eRTCy/+sziVrNe1xRg==", "updater": "osv/go", "name": "GO-2025-4116", "description": "Potential denial of service in golang.org/x/crypto/ssh/agent", "issued": "2025-11-13T21:12:03Z", "links": "https://go.dev/cl/700295 https://go.dev/issue/75178 https://github.com/advisories/GHSA-56w8-48fp-6mgv", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.43.0" }, "9g89yhs8EXXVq2/1mPEMZg==": { "id": "9g89yhs8EXXVq2/1mPEMZg==", "updater": "osv/go", "name": "GHSA-mh63-6h87-95cp", "description": "jwt-go allows excessive memory allocation during header parsing", "issued": "2025-03-21T22:04:00Z", "links": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp https://nvd.nist.gov/vuln/detail/CVE-2025-30204 https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb https://github.com/golang-jwt/jwt https://security.netapp.com/advisory/ntap-20250404-0002", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "github.com/golang-jwt/jwt/v5", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "5.2.2" }, "BqzAZ5iQVHE6OkJ+a2YydQ==": { "id": "BqzAZ5iQVHE6OkJ+a2YydQ==", "updater": "osv/go", "name": "GO-2026-4342", "description": "Excessive CPU consumption when building archive index in archive/zip", "issued": "2026-01-28T19:08:28Z", "links": "https://go.dev/cl/736713 https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.12" }, "EahYBNc6RsapXfHOvUMG/A==": { "id": "EahYBNc6RsapXfHOvUMG/A==", "updater": "osv/go", "name": "GO-2025-4008", "description": "ALPN negotiation error contains attacker controlled information in crypto/tls", "issued": "2025-10-29T21:49:53Z", "links": "https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "FWn8i7eSvTTcwwX8x1YMmg==": { "id": "FWn8i7eSvTTcwwX8x1YMmg==", "updater": "osv/go", "name": "GO-2026-4870", "description": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763767 https://go.dev/issue/78334 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "FjluGqmW83eEOEvyKIkrSA==": { "id": "FjluGqmW83eEOEvyKIkrSA==", "updater": "osv/go", "name": "GO-2025-4012", "description": "Lack of limit when parsing cookies can cause memory exhaustion in net/http", "issued": "2025-10-29T21:50:05Z", "links": "https://go.dev/issue/75672 https://go.dev/cl/709855 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "IPxPW7dcONRnt+GHuBiD1A==": { "id": "IPxPW7dcONRnt+GHuBiD1A==", "updater": "osv/go", "name": "GHSA-j5w8-q4qc-rx2x", "description": "golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption", "issued": "2025-11-19T23:01:20Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181 https://go.dev/cl/721961 https://go.dev/issue/76363 https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://pkg.go.dev/vuln/GO-2025-4134", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.45.0" }, "KlFwXzVoVlebAInsnw41Qw==": { "id": "KlFwXzVoVlebAInsnw41Qw==", "updater": "osv/go", "name": "GO-2025-4010", "description": "Insufficient validation of bracketed IPv6 hostnames in net/url", "issued": "2025-10-29T21:49:58Z", "links": "https://go.dev/issue/75678 https://go.dev/cl/709857 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "KxS2ZtWgZx0lQavGmel4Wg==": { "id": "KxS2ZtWgZx0lQavGmel4Wg==", "updater": "osv/go", "name": "GO-2025-4013", "description": "Panic when validating certificates with DSA public keys in crypto/x509", "issued": "2025-10-29T21:50:08Z", "links": "https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "PTZ93X/HsMkwDnLjF266CQ==": { "id": "PTZ93X/HsMkwDnLjF266CQ==", "updater": "osv/go", "name": "GO-2025-3553", "description": "Excessive memory allocation during header parsing in github.com/golang-jwt/jwt", "issued": "2025-03-26T17:24:24Z", "links": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "github.com/golang-jwt/jwt/v5", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "5.2.2" }, "QPsg6Jr0bVMm0tr2j4YMwA==": { "id": "QPsg6Jr0bVMm0tr2j4YMwA==", "updater": "osv/go", "name": "GO-2026-4602", "description": "FileInfo can escape from a Root in os", "issued": "2026-03-06T21:03:42Z", "links": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://go.dev/issue/77827 https://go.dev/cl/749480", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.8" }, "U86r1ELAOJanBnxwrapY0g==": { "id": "U86r1ELAOJanBnxwrapY0g==", "updater": "osv/go", "name": "GO-2025-4015", "description": "Excessive CPU consumption in Reader.ReadResponse in net/textproto", "issued": "2025-10-29T21:51:07Z", "links": "https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "UeiYbCd+yCsmz4K385pQkQ==": { "id": "UeiYbCd+yCsmz4K385pQkQ==", "updater": "osv/go", "name": "GO-2025-4175", "description": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509", "issued": "2025-12-02T20:55:55Z", "links": "https://go.dev/cl/723900 https://go.dev/issue/76442 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.11" }, "X2XVS8beM5noGWCQGlVZ6g==": { "id": "X2XVS8beM5noGWCQGlVZ6g==", "updater": "osv/go", "name": "GO-2026-4865", "description": "JsBraceDepth Context Tracking Bugs (XSS) in html/template", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "X5o2Qoo8DgfpPtqZ+d9MzQ==": { "id": "X5o2Qoo8DgfpPtqZ+d9MzQ==", "updater": "osv/go", "name": "GO-2026-4603", "description": "URLs in meta content attribute actions are not escaped in html/template", "issued": "2026-03-06T21:03:42Z", "links": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk https://go.dev/issue/77954 https://go.dev/cl/752081", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.8" }, "XciRm1XAq9RcM1jZN0BxQg==": { "id": "XciRm1XAq9RcM1jZN0BxQg==", "updater": "osv/go", "name": "GHSA-hcg3-q754-cr77", "description": "golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange", "issued": "2025-04-12T00:30:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869 https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 https://github.com/golang/crypto https://go-review.googlesource.com/c/crypto/+/652135 https://go.dev/cl/652135 https://go.dev/issue/71931 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.35.0" }, "YGKNwwPTf6g9pxsaSlPd0g==": { "id": "YGKNwwPTf6g9pxsaSlPd0g==", "updater": "osv/go", "name": "GO-2025-4155", "description": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509", "issued": "2025-12-02T18:30:24Z", "links": "https://go.dev/cl/725920 https://go.dev/issue/76445 https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.11" }, "YusnUSJD47mdstk8KsgGZQ==": { "id": "YusnUSJD47mdstk8KsgGZQ==", "updater": "osv/go", "name": "GO-2026-4337", "description": "Unexpected session resumption in crypto/tls", "issued": "2026-02-05T17:23:09Z", "links": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://go.dev/cl/737700 https://go.dev/issue/77217", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.13" }, "ZAG3qysphRz8tGIp96ls9A==": { "id": "ZAG3qysphRz8tGIp96ls9A==", "updater": "osv/go", "name": "GO-2026-4946", "description": "Inefficient policy validation in crypto/x509", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "Zwyz7XImU98ApFQj0FPRmw==": { "id": "Zwyz7XImU98ApFQj0FPRmw==", "updater": "osv/go", "name": "GO-2026-4869", "description": "Unbounded allocation for old GNU sparse in archive/tar", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "aHbxsEzv/m7Yq5sqD6BR6A==": { "id": "aHbxsEzv/m7Yq5sqD6BR6A==", "updater": "osv/go", "name": "GO-2026-4947", "description": "Unexpected work during chain building in crypto/x509", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "b5+w4cAb8IHcAMXJWyYqvw==": { "id": "b5+w4cAb8IHcAMXJWyYqvw==", "updater": "osv/go", "name": "GO-2025-4134", "description": "Unbounded memory consumption in golang.org/x/crypto/ssh", "issued": "2025-11-19T20:11:57Z", "links": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://go.dev/cl/721961 https://go.dev/issue/76363", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.45.0" }, "cpsr/YFJ0iUNtv72fOtdjw==": { "id": "cpsr/YFJ0iUNtv72fOtdjw==", "updater": "osv/go", "name": "GO-2026-4340", "description": "Handshake messages may be processed at the incorrect encryption level in crypto/tls", "issued": "2026-01-28T19:08:09Z", "links": "https://go.dev/cl/724120 https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.12" }, "eRDHQcKdYvF0tAiavYpWhw==": { "id": "eRDHQcKdYvF0tAiavYpWhw==", "updater": "osv/go", "name": "GO-2025-4135", "description": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent", "issued": "2025-11-19T20:11:57Z", "links": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://go.dev/cl/721960 https://go.dev/issue/76364", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.45.0" }, "mOQ3hJyzcYBnd65M1VVdFA==": { "id": "mOQ3hJyzcYBnd65M1VVdFA==", "updater": "osv/go", "name": "GO-2025-4011", "description": "Parsing DER payload can cause memory exhaustion in encoding/asn1", "issued": "2025-10-29T21:50:00Z", "links": "https://go.dev/issue/75671 https://go.dev/cl/709856 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "pENgwsqn4gloGqUZSMstFA==": { "id": "pENgwsqn4gloGqUZSMstFA==", "updater": "osv/go", "name": "GO-2026-4864", "description": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix", "issued": "2026-04-07T22:53:49Z", "links": "https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.9" }, "qUvfNgWXLCGh9yyO0Q/8/w==": { "id": "qUvfNgWXLCGh9yyO0Q/8/w==", "updater": "osv/go", "name": "GO-2025-3487", "description": "Potential denial of service in golang.org/x/crypto", "issued": "2025-02-26T02:51:51Z", "links": "https://go.dev/cl/652135 https://go.dev/issue/71931", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.35.0" }, "rPWZNH+en7vYfObneQGeUA==": { "id": "rPWZNH+en7vYfObneQGeUA==", "updater": "osv/go", "name": "GO-2025-4006", "description": "Excessive CPU consumption in ParseAddress in net/mail", "issued": "2025-10-29T21:48:35Z", "links": "https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "u6YfnQt98V+kYlUqAP+rFg==": { "id": "u6YfnQt98V+kYlUqAP+rFg==", "updater": "osv/go", "name": "GO-2026-4601", "description": "Incorrect parsing of IPv6 host literals in net/url", "issued": "2026-03-06T21:03:42Z", "links": "https://go.dev/cl/752180 https://go.dev/issue/77578 https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.25.8" }, "uuncZ5GPkTCTOrZcMVBfEA==": { "id": "uuncZ5GPkTCTOrZcMVBfEA==", "updater": "osv/go", "name": "GHSA-f6x5-jh6r-wrfv", "description": "golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read", "issued": "2025-11-19T23:16:40Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914 https://go.dev/cl/721960 https://go.dev/issue/76364 https://go.googlesource.com/crypto https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA https://pkg.go.dev/vuln/GO-2025-4135", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang.org/x/crypto", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "0.45.0" }, "x80ydqeeoahPQLNiV1VXvQ==": { "id": "x80ydqeeoahPQLNiV1VXvQ==", "updater": "osv/go", "name": "GO-2025-4014", "description": "Unbounded allocation when parsing GNU sparse map in archive/tar", "issued": "2025-10-29T21:51:04Z", "links": "https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" } }, "package_vulnerabilities": { "elcrwR131jqSP0gH0zc4bg==": [ "9g89yhs8EXXVq2/1mPEMZg==", "PTZ93X/HsMkwDnLjF266CQ==" ], "tLkEEe7KvBqVHutIPqpeJg==": [ "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==", "YGKNwwPTf6g9pxsaSlPd0g==", "UeiYbCd+yCsmz4K385pQkQ==", "YusnUSJD47mdstk8KsgGZQ==", "cpsr/YFJ0iUNtv72fOtdjw==", "4ifTGHhVbtDPeqLwYDVyJA==", "BqzAZ5iQVHE6OkJ+a2YydQ==", "u6YfnQt98V+kYlUqAP+rFg==", "QPsg6Jr0bVMm0tr2j4YMwA==", "X5o2Qoo8DgfpPtqZ+d9MzQ==", "pENgwsqn4gloGqUZSMstFA==", "X2XVS8beM5noGWCQGlVZ6g==", "Zwyz7XImU98ApFQj0FPRmw==", "FWn8i7eSvTTcwwX8x1YMmg==", "ZAG3qysphRz8tGIp96ls9A==", "aHbxsEzv/m7Yq5sqD6BR6A==" ], "wGkxV3KM6tQ1Tze5ElqWLg==": [ "uuncZ5GPkTCTOrZcMVBfEA==", "XciRm1XAq9RcM1jZN0BxQg==", "IPxPW7dcONRnt+GHuBiD1A==", "qUvfNgWXLCGh9yyO0Q/8/w==", "9104eRTCy/+sziVrNe1xRg==", "b5+w4cAb8IHcAMXJWyYqvw==", "eRDHQcKdYvF0tAiavYpWhw==" ] }, "enrichments": {} }