diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index ef069fe3d39..a782c468401 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -37,7 +37,6 @@ jobs: - run: go test ./cmd/osv-scanner/ -run 'Test_run$' || true env: TEST_ACCEPTANCE: true - TEST_VCR_MODE: replaywithnewepisodes UPDATE_SNAPS: always - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index a3bd9dd44db..ab4b3ef2fe3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,19 +1,3 @@ -# v2.3.4 - -### Features: - -- [Feature #2571](https://github.com/google/osv-scanner/pull/2571) Enable transitive scanning for Python requirements.txt files using the deps.dev API. - -### Fixes: - -- [Bug #2630](https://github.com/google/osv-scanner/pull/2630) Improve startup performance on Windows Terminal by updating lipgloss. -- [Bug #2599](https://github.com/google/osv-scanner/pull/2599) Ensure the package deprecation enricher respects the same configuration as other plugins. -- [Bug #2600](https://github.com/google/osv-scanner/pull/2600) Ensure the Java extractor plugin for call analysis respects the same configuration as other plugins. - -### Misc: - -- Update osv-scalibr from v0.4.2 to v0.4.5. Release notes: [v0.4.3](https://github.com/google/osv-scalibr/releases/tag/v0.4.3), [v0.4.4](https://github.com/google/osv-scalibr/releases/tag/v0.4.4), [v0.4.5](https://github.com/google/osv-scalibr/releases/tag/v0.4.5). - # v2.3.3 ### Features: diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 2e3d448bb4d..c363a56c7df 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -46,8 +46,8 @@ OPTIONS: --- [Test_run/version - 1] -osv-scanner version: 2.3.4 -osv-scalibr version: 0.4.5 +osv-scanner version: 2.3.3 +osv-scalibr version: 0.4.4 commit: n/a built at: n/a @@ -61,7 +61,6 @@ built at: n/a Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -74,7 +73,6 @@ Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the [Test_run_SubCommands/with_no_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -86,7 +84,6 @@ No issues found [Test_run_SubCommands/with_scan_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- diff --git a/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap b/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap index 2c95059cdf7..16a64c32f5c 100755 --- a/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap +++ b/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap @@ -24,7 +24,6 @@ lockfile:/testdata/go-project/go.mod: found 1 package with issues Severity: '5.9'; Minimal Fix Version: '1.1.0'; 1 known vulnerability found in lockfile:/testdata/go-project/go.mod -Hiding 9 number of vulnerabilities deemed unimportant, use --all-vulns to show them. --- diff --git a/cmd/osv-scanner/scan/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/__snapshots__/command_test.snap index 4852e3fe970..9d2b3632c4e 100755 --- a/cmd/osv-scanner/scan/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/__snapshots__/command_test.snap @@ -3,7 +3,6 @@ Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -38,7 +37,6 @@ OPTIONS: [TestCommand_SubCommands/with_no_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -50,7 +48,6 @@ No issues found [TestCommand_SubCommands/with_scan_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index fc0f7dff4a7..2797b654f92 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -115,7 +115,7 @@ Scanning local image tarball "testdata/test-alpine-sbom.tar" Container Scanning Result (Alpine Linux v3.10) (Based on "alpine" image): -Total 2 packages affected by 4 known vulnerabilities (3 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 2 ecosystems. +Total 2 packages affected by 2 known vulnerabilities (2 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 1 vulnerability can be fixed. @@ -125,7 +125,7 @@ Alpine +---------+-------------------+------------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+------------------+------------+------------------+---------------+ -| zlib | 1.2.12-r1 | No fix available | 3 | # 2 Layer | -- | +| zlib | 1.2.12-r1 | No fix available | 1 | # 2 Layer | -- | +---------+-------------------+------------------+------------+------------------+---------------+ Alpine:v3.10 +------------------------------------------------------------------------------------------------------------------------------+ @@ -229,15 +229,13 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne [TestCommand_ExplicitExtractors_WithoutDefaults/add_extractors - 1] Scanning local image tarball "testdata/test-alpine-sbom.tar" -Total 1 package affected by 3 known vulnerabilities (2 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | data/alpine-zlib-16.cdx.json:lib/apk/db/installed | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------------------+ --- @@ -439,7 +437,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 47 known vulnerabilities (3 Critical, 14 High, 25 Medium, 3 Low, 2 Unknown) from 1 ecosystem. +Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. 24 vulnerabilities can be fixed. @@ -450,11 +448,11 @@ Ubuntu:22.04 | SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | +| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 4 | libc-bin, libc6 | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | | gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | | libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | @@ -469,8 +467,6 @@ Ubuntu:22.04 | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | | systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. @@ -488,7 +484,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 47 known vulnerabilities (3 Critical, 14 High, 25 Medium, 3 Low, 2 Unknown) from 1 ecosystem. +Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. 24 vulnerabilities can be fixed. @@ -499,11 +495,11 @@ Ubuntu:22.04 | SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | +| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 4 | libc-bin, libc6 | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | | gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | | libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | @@ -518,8 +514,6 @@ Ubuntu:22.04 | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | | systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ Filtered Vulnerabilities: @@ -556,7 +550,7 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 47 known vulnerabilities (3 Critical, 14 High, 25 Medium, 3 Low, 2 Unknown) from 1 ecosystem. +Total 20 packages affected by 45 known vulnerabilities (3 Critical, 13 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. 24 vulnerabilities can be fixed. @@ -567,11 +561,11 @@ Ubuntu:22.04 | SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | -| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | +| dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 4 | libc-bin, libc6 | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | | gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 5 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | | libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | @@ -586,8 +580,6 @@ Ubuntu:22.04 | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | | systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | | tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. @@ -605,8 +597,8 @@ Scanning local image tarball "./testdata/test-java-full.tar" Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 25 packages affected by 71 known vulnerabilities (4 Critical, 29 High, 33 Medium, 4 Low, 1 Unknown) from 2 ecosystems. -71 vulnerabilities can be fixed. +Total 24 packages affected by 61 known vulnerabilities (4 Critical, 24 High, 29 Medium, 3 Low, 1 Unknown) from 2 ecosystems. +61 vulnerabilities can be fixed. Maven @@ -615,7 +607,7 @@ Maven +-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 3 | # 12 Layer | -- | +| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 2 | # 12 Layer | -- | | com.google.protobuf:protobuf-java | 3.21.12 | Fix Available | 1 | # 12 Layer | -- | | com.nimbusds:nimbus-jose-jwt | 9.31 | Fix Available | 2 | # 12 Layer | -- | | commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | @@ -630,7 +622,7 @@ Maven | org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | | org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 2 | # 12 Layer | -- | | org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | -| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 2 | # 12 Layer | -- | +| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 1 | # 12 Layer | -- | +-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ Alpine:v3.21 +-----------------------------------------------------------------------------------------------------------------------------------+ @@ -641,8 +633,7 @@ Alpine:v3.21 | busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | | expat | 2.6.4-r0 | Fix Available | 4 | libexpat | # 5 Layer | eclipse-temurin | | gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | -| gnutls | 3.8.8-r0 | Fix Available | 7 | gnutls | # 5 Layer | eclipse-temurin | -| libpng | 1.6.44-r0 | Fix Available | 8 | libpng | # 5 Layer | eclipse-temurin | +| libpng | 1.6.44-r0 | Fix Available | 7 | libpng | # 5 Layer | eclipse-temurin | | libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | | musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | | openssl | 3.3.2-r4 | Fix Available | 15 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | @@ -735,8 +726,8 @@ Scanning local image tarball "./testdata/test-python-full.tar" Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 21 packages affected by 53 known vulnerabilities (1 Critical, 18 High, 16 Medium, 3 Low, 15 Unknown) from 2 ecosystems. -53 vulnerabilities can be fixed. +Total 21 packages affected by 51 known vulnerabilities (1 Critical, 18 High, 15 Medium, 2 Low, 15 Unknown) from 2 ecosystems. +51 vulnerabilities can be fixed. PyPI @@ -766,7 +757,7 @@ PyPI +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| flask | 0.12.2 | Fix Available | 4 | # 17 Layer | -- | +| flask | 0.12.2 | Fix Available | 3 | # 17 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/usr/local/lib/python3.9/site-packages/idna-2.7.dist-info/METADATA | @@ -808,7 +799,7 @@ PyPI +----------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +----------+-------------------+---------------+------------+------------------+---------------+ -| werkzeug | 3.1.4 | Fix Available | 2 | # 17 Layer | -- | +| werkzeug | 3.1.4 | Fix Available | 1 | # 17 Layer | -- | +----------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/usr/local/lib/python3.9/site-packages/wheel-0.40.0.dist-info/METADATA | @@ -849,8 +840,8 @@ Scanning local image tarball "./testdata/test-package-tracing.tar" Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image): -Total 9 packages affected by 213 known vulnerabilities (2 Critical, 6 High, 11 Medium, 2 Low, 192 Unknown) from 2 ecosystems. -213 vulnerabilities can be fixed. +Total 9 packages affected by 195 known vulnerabilities (2 Critical, 6 High, 11 Medium, 2 Low, 174 Unknown) from 2 ecosystems. +195 vulnerabilities can be fixed. Go @@ -859,42 +850,42 @@ Go +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 9 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 29 | # 9 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.2.0 | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 2 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 29 | # 2 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.3.0 | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 4 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 29 | # 4 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.3.0-moved | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 3 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 29 | # 3 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.4.0 | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 2 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 29 | # 2 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-vulnerable | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 7 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 29 | # 7 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ Alpine:v3.20 +------------------------------------------------------------------------------------------------------------------------------+ @@ -1299,14 +1290,13 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne "index": 17 } }, - "groups": 4, + "groups": 3, "vulnerabilities": [ "PYSEC-2018-66", "PYSEC-2019-179", "PYSEC-2023-62", "GHSA-562c-5r94-xh97", "GHSA-5wv5-4vpf-pj6m", - "GHSA-68rp-wp8r-4726", "GHSA-m2qf-hxjv-5gpq" ] } @@ -1459,9 +1449,8 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne "index": 17 } }, - "groups": 2, + "groups": 1, "vulnerabilities": [ - "GHSA-29vq-49wr-vm6x", "GHSA-87hc-h4r5-73f7" ] } @@ -2215,7 +2204,7 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "index": 2 } }, - "groups": 32, + "groups": 29, "vulnerabilities": [ "GO-2024-2963", "GO-2024-3105", @@ -2245,10 +2234,7 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "GO-2026-4340", "GO-2026-4341", "GO-2026-4342", - "GO-2026-4403", - "GO-2026-4601", - "GO-2026-4602", - "GO-2026-4603" + "GO-2026-4403" ] }, { @@ -3092,11 +3078,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 1, "vulnerabilities": [ "USN-7768-1", - "UBUNTU-CVE-2025-6297", - "UBUNTU-CVE-2026-2219" + "UBUNTU-CVE-2025-6297" ] }, { @@ -3137,21 +3122,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "USN-7412-2" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libblkid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "glibc", @@ -3162,7 +3132,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 5, + "groups": 4, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -3174,8 +3144,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" + "UBUNTU-CVE-2026-0915" ] }, { @@ -3188,7 +3157,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 5, + "groups": 4, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -3200,8 +3169,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" + "UBUNTU-CVE-2026-0915" ] }, { @@ -3262,10 +3230,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 3, + "groups": 5, "vulnerabilities": [ "USN-7635-1", - "USN-8043-1", "USN-7281-1", "UBUNTU-CVE-2024-12243", "UBUNTU-CVE-2025-14831", @@ -3273,7 +3240,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-32989", "UBUNTU-CVE-2025-32990", "UBUNTU-CVE-2025-6395", - "UBUNTU-CVE-2025-9820" + "UBUNTU-CVE-2025-9820", + "UBUNTU-CVE-2026-1584" ] }, { @@ -3383,21 +3351,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-62813" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libmount1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "ncurses", @@ -3532,21 +3485,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2017-11164" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libsmartcols1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "openssl", @@ -3663,21 +3601,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-4598" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libuuid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "libzstd", @@ -3709,21 +3632,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2024-56433" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "mount", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "ncurses", @@ -3806,36 +3714,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "vulnerabilities": [ "UBUNTU-CVE-2025-45582" ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "util-linux", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib1g", - "version": "1:1.2.11.dfsg-2ubuntu9.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2026-27171" - ] } ] } @@ -3933,7 +3811,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 7 } }, - "groups": 84, + "groups": 81, "vulnerabilities": [ "GO-2022-0477", "GO-2022-0493", @@ -4015,10 +3893,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "GO-2026-4340", "GO-2026-4341", "GO-2026-4342", - "GO-2026-4403", - "GO-2026-4601", - "GO-2026-4602", - "GO-2026-4603" + "GO-2026-4403" ] } ] @@ -4055,11 +3930,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 1, "vulnerabilities": [ "USN-7768-1", - "UBUNTU-CVE-2025-6297", - "UBUNTU-CVE-2026-2219" + "UBUNTU-CVE-2025-6297" ] }, { @@ -4100,21 +3974,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "USN-7412-2" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libblkid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "glibc", @@ -4125,7 +3984,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 5, + "groups": 4, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -4137,8 +3996,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" + "UBUNTU-CVE-2026-0915" ] }, { @@ -4151,7 +4009,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 5, + "groups": 4, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -4163,8 +4021,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915", - "UBUNTU-CVE-2026-3904" + "UBUNTU-CVE-2026-0915" ] }, { @@ -4225,10 +4082,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 3, + "groups": 5, "vulnerabilities": [ "USN-7635-1", - "USN-8043-1", "USN-7281-1", "UBUNTU-CVE-2024-12243", "UBUNTU-CVE-2025-14831", @@ -4236,7 +4092,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-32989", "UBUNTU-CVE-2025-32990", "UBUNTU-CVE-2025-6395", - "UBUNTU-CVE-2025-9820" + "UBUNTU-CVE-2025-9820", + "UBUNTU-CVE-2026-1584" ] }, { @@ -4346,21 +4203,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-62813" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libmount1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "ncurses", @@ -4495,21 +4337,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2017-11164" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libsmartcols1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "openssl", @@ -4626,21 +4453,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-4598" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "libuuid1", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "libzstd", @@ -4672,21 +4484,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2024-56433" ] }, - { - "package": { - "name": "util-linux", - "os_package_name": "mount", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, { "package": { "name": "ncurses", @@ -4769,36 +4566,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "vulnerabilities": [ "UBUNTU-CVE-2025-45582" ] - }, - { - "package": { - "name": "util-linux", - "os_package_name": "util-linux", - "version": "2.37.2-4ubuntu3.4", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "USN-8091-1" - ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib1g", - "version": "1:1.2.11.dfsg-2ubuntu9.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2026-27171" - ] } ] } diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml index 1bd19146f37..71f2616fd9b 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_Docker.yaml @@ -144,11 +144,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -156,11 +156,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -168,7 +168,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -176,7 +176,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml index d03041df3e8..daee47b11f8 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml @@ -128,7 +128,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 364 + content_length: 220 body: | { "results": [ @@ -138,7 +138,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -157,15 +157,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -173,7 +165,7 @@ interactions: } headers: Content-Length: - - "364" + - "220" Content-Type: - application/json status: 200 OK @@ -309,7 +301,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -464,7 +456,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -619,7 +611,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml index f51c54c9f51..ada59723dc9 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml @@ -30,7 +30,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 241 + content_length: 97 body: | { "results": [ @@ -38,15 +38,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -54,7 +46,7 @@ interactions: } headers: Content-Length: - - "241" + - "97" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml index bd4b24f9d2f..4529e7333bc 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_HtmlFile.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9117 + content_length: 9123 body: | { "results": [ @@ -131,11 +131,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-30139", - "modified": "2025-12-03T22:01:06.478756Z" + "modified": "2025-12-03T22:50:14.655691Z" }, { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -143,79 +143,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -225,159 +225,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -385,159 +385,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -546,15 +546,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -562,15 +562,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -579,79 +579,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -659,11 +659,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -671,7 +671,7 @@ interactions: } headers: Content-Length: - - "9117" + - "9123" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml index 1a38048eddd..c10bf32e216 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9117 + content_length: 9123 body: | { "results": [ @@ -131,11 +131,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-30139", - "modified": "2025-12-03T22:01:06.478756Z" + "modified": "2025-12-03T22:50:14.655691Z" }, { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -143,79 +143,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -225,159 +225,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -385,159 +385,159 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-3711", - "modified": "2025-12-03T22:01:06.574024Z" + "modified": "2025-12-03T22:48:47.560805Z" }, { "id": "ALPINE-CVE-2021-3712", - "modified": "2025-12-03T22:01:06.579564Z" + "modified": "2025-12-03T22:48:49.466816Z" }, { "id": "ALPINE-CVE-2021-4044", - "modified": "2025-12-03T22:01:06.625711Z" + "modified": "2025-12-03T22:48:53.587104Z" }, { "id": "ALPINE-CVE-2022-0778", - "modified": "2025-12-03T22:01:06.699623Z" + "modified": "2025-12-03T22:51:07.769542Z" }, { "id": "ALPINE-CVE-2022-1343", - "modified": "2025-12-03T22:01:06.716764Z" + "modified": "2025-12-03T22:49:45.912660Z" }, { "id": "ALPINE-CVE-2022-1434", - "modified": "2025-12-03T22:01:06.753990Z" + "modified": "2025-12-03T22:49:45.753526Z" }, { "id": "ALPINE-CVE-2022-1473", - "modified": "2025-12-03T22:01:06.716416Z" + "modified": "2025-12-03T22:49:45.860197Z" }, { "id": "ALPINE-CVE-2022-2097", - "modified": "2025-12-03T22:01:06.735909Z" + "modified": "2025-12-03T22:49:52.265196Z" }, { "id": "ALPINE-CVE-2022-3358", - "modified": "2025-12-03T22:01:07.093614Z" + "modified": "2025-12-03T22:50:26.362856Z" }, { "id": "ALPINE-CVE-2022-3602", - "modified": "2025-12-03T22:01:07.161175Z" + "modified": "2025-12-03T22:49:29.680146Z" }, { "id": "ALPINE-CVE-2022-3786", - "modified": "2025-12-03T22:01:07.190524Z" + "modified": "2025-12-03T22:49:30.746181Z" }, { "id": "ALPINE-CVE-2022-3996", - "modified": "2025-12-03T22:01:07.168947Z" + "modified": "2025-12-03T22:49:49.550771Z" }, { "id": "ALPINE-CVE-2022-4203", - "modified": "2025-12-03T22:01:07.202111Z" + "modified": "2025-12-03T22:50:09.259826Z" }, { "id": "ALPINE-CVE-2022-4304", - "modified": "2025-12-03T22:01:07.232583Z" + "modified": "2025-12-03T22:50:48.258567Z" }, { "id": "ALPINE-CVE-2022-4450", - "modified": "2025-12-03T22:01:07.233Z" + "modified": "2025-12-03T22:50:58.174496Z" }, { "id": "ALPINE-CVE-2023-0215", - "modified": "2025-12-03T22:01:07.257284Z" + "modified": "2025-12-03T22:51:20.776116Z" }, { "id": "ALPINE-CVE-2023-0216", - "modified": "2025-12-03T22:01:07.257557Z" + "modified": "2025-12-03T22:51:17.381381Z" }, { "id": "ALPINE-CVE-2023-0217", - "modified": "2025-12-03T22:01:07.257251Z" + "modified": "2025-12-03T22:51:22.400597Z" }, { "id": "ALPINE-CVE-2023-0286", - "modified": "2025-12-03T22:01:07.265436Z" + "modified": "2025-12-03T22:51:24.172927Z" }, { "id": "ALPINE-CVE-2023-0401", - "modified": "2025-12-03T22:01:07.279616Z" + "modified": "2025-12-03T22:51:23.275814Z" }, { "id": "ALPINE-CVE-2023-0464", - "modified": "2025-12-03T22:01:07.280230Z" + "modified": "2025-12-03T22:51:31.741129Z" }, { "id": "ALPINE-CVE-2023-0465", - "modified": "2025-12-03T22:01:07.279230Z" + "modified": "2025-12-03T22:51:25.194508Z" }, { "id": "ALPINE-CVE-2023-1255", - "modified": "2025-12-03T22:01:07.281624Z" + "modified": "2025-12-03T22:51:44.316240Z" }, { "id": "ALPINE-CVE-2023-2650", - "modified": "2025-12-03T22:01:07.297609Z" + "modified": "2025-12-03T22:52:10.812098Z" }, { "id": "ALPINE-CVE-2023-2975", - "modified": "2025-12-03T22:01:07.383449Z" + "modified": "2025-12-03T22:52:35.084843Z" }, { "id": "ALPINE-CVE-2023-3446", - "modified": "2025-12-03T22:01:07.371655Z" + "modified": "2025-12-03T22:52:52.082224Z" }, { "id": "ALPINE-CVE-2023-3817", - "modified": "2025-12-03T22:01:07.417148Z" + "modified": "2025-12-03T22:52:53.211969Z" }, { "id": "ALPINE-CVE-2023-5363", - "modified": "2025-12-03T22:01:07.491858Z" + "modified": "2025-12-03T22:54:35.065257Z" }, { "id": "ALPINE-CVE-2023-5678", - "modified": "2025-12-03T22:01:07.492284Z" + "modified": "2025-12-03T22:54:30.066451Z" }, { "id": "ALPINE-CVE-2023-6129", - "modified": "2025-12-03T22:01:07.503917Z" + "modified": "2025-12-03T22:54:41.708177Z" }, { "id": "ALPINE-CVE-2023-6237", - "modified": "2025-12-03T22:01:07.518512Z" + "modified": "2025-12-03T22:54:40.422752Z" }, { "id": "ALPINE-CVE-2024-0727", - "modified": "2025-12-03T22:01:07.516593Z" + "modified": "2025-12-03T22:54:44.266485Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" } ] }, @@ -546,15 +546,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -562,15 +562,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2019-14697", - "modified": "2025-12-03T22:01:05.673968Z" + "modified": "2025-12-03T22:44:35.333781Z" }, { "id": "ALPINE-CVE-2020-28928", - "modified": "2025-12-03T22:01:06.200161Z" + "modified": "2025-12-03T22:47:06.985001Z" }, { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -579,79 +579,79 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-28831", - "modified": "2025-12-03T22:01:06.472772Z" + "modified": "2025-12-03T22:48:35.192485Z" }, { "id": "ALPINE-CVE-2021-42374", - "modified": "2025-12-03T22:01:06.645728Z" + "modified": "2025-12-03T22:49:03.048460Z" }, { "id": "ALPINE-CVE-2021-42375", - "modified": "2025-12-03T22:01:06.637597Z" + "modified": "2025-12-03T22:49:02.368046Z" }, { "id": "ALPINE-CVE-2021-42378", - "modified": "2025-12-03T22:01:06.638128Z" + "modified": "2025-12-03T22:49:02.812229Z" }, { "id": "ALPINE-CVE-2021-42379", - "modified": "2025-12-03T22:01:06.655994Z" + "modified": "2025-12-03T22:49:03.820223Z" }, { "id": "ALPINE-CVE-2021-42380", - "modified": "2025-12-03T22:01:06.638781Z" + "modified": "2025-12-03T22:49:02.273108Z" }, { "id": "ALPINE-CVE-2021-42381", - "modified": "2025-12-03T22:01:06.643289Z" + "modified": "2025-12-03T22:49:03.051591Z" }, { "id": "ALPINE-CVE-2021-42382", - "modified": "2025-12-03T22:01:06.638217Z" + "modified": "2025-12-03T22:49:04.080847Z" }, { "id": "ALPINE-CVE-2021-42383", - "modified": "2025-12-03T22:01:06.637214Z" + "modified": "2025-12-03T22:44:20.740566Z" }, { "id": "ALPINE-CVE-2021-42384", - "modified": "2025-12-03T22:01:06.646421Z" + "modified": "2025-12-03T22:49:04.436301Z" }, { "id": "ALPINE-CVE-2021-42385", - "modified": "2025-12-03T22:01:06.639047Z" + "modified": "2025-12-03T22:49:10.217079Z" }, { "id": "ALPINE-CVE-2021-42386", - "modified": "2025-12-03T22:01:06.643680Z" + "modified": "2025-12-03T22:49:10.486445Z" }, { "id": "ALPINE-CVE-2022-28391", - "modified": "2025-12-03T22:01:07.000550Z" + "modified": "2025-12-03T22:49:51.276555Z" }, { "id": "ALPINE-CVE-2022-30065", - "modified": "2025-12-03T22:01:07.016827Z" + "modified": "2025-12-03T22:50:17.721153Z" }, { "id": "ALPINE-CVE-2022-48174", - "modified": "2025-12-03T22:01:07.263590Z" + "modified": "2025-12-03T22:51:16.750993Z" }, { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" } ] }, @@ -659,11 +659,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -671,7 +671,7 @@ interactions: } headers: Content-Length: - - "9117" + - "9123" Content-Type: - application/json status: 200 OK @@ -2356,7 +2356,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11894 + content_length: 11176 body: | { "results": [ @@ -2370,11 +2370,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -2388,10 +2388,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -2404,11 +2400,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -2457,14 +2453,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -2494,11 +2483,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -2514,7 +2499,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -2546,11 +2531,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -2566,7 +2547,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -2593,11 +2574,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -2622,7 +2603,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -2642,7 +2623,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -2651,10 +2636,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -2831,14 +2812,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -2968,20 +2942,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -2989,11 +2956,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -3001,7 +2968,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -3009,27 +2976,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -3041,7 +3008,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -3049,11 +3016,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -3081,15 +3048,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -3132,14 +3099,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -3164,14 +3124,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -3250,27 +3203,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "11894" + - "11176" Content-Type: - application/json status: 200 OK @@ -4005,7 +3944,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11894 + content_length: 11176 body: | { "results": [ @@ -4019,11 +3958,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -4037,10 +3976,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -4053,11 +3988,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4106,14 +4041,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -4143,11 +4071,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4163,7 +4087,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4195,11 +4119,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4215,7 +4135,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4242,11 +4162,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4271,7 +4191,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -4291,7 +4211,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -4300,10 +4224,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -4480,14 +4400,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4617,20 +4530,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -4638,11 +4544,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -4650,7 +4556,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -4658,27 +4564,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -4690,7 +4596,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -4698,11 +4604,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4730,15 +4636,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -4781,14 +4687,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -4813,14 +4712,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4899,27 +4791,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "11894" + - "11176" Content-Type: - application/json status: 200 OK @@ -5668,7 +5546,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17082 + content_length: 16168 body: | { "results": [ @@ -5682,11 +5560,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -5700,10 +5578,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -5717,11 +5591,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -5945,23 +5819,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -5969,7 +5843,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -5977,7 +5851,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -5989,47 +5863,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -6037,7 +5911,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -6045,27 +5919,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -6110,14 +5972,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -6147,11 +6002,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6167,7 +6018,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6199,11 +6050,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6219,7 +6066,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6246,11 +6093,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6275,7 +6122,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -6295,7 +6142,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -6304,10 +6155,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -6484,14 +6331,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6621,20 +6461,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -6642,11 +6475,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -6654,7 +6487,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -6662,27 +6495,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -6694,7 +6527,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -6702,11 +6535,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6734,15 +6567,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -6785,14 +6618,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -6817,14 +6643,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6903,27 +6722,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "17082" + - "16168" Content-Type: - application/json status: 200 OK @@ -8379,7 +8184,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9991 + content_length: 9268 body: | { "results": [ @@ -8394,11 +8199,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -8406,11 +8211,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -8420,10 +8225,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" - }, { "id": "GHSA-h46c-h94j-95f3", "modified": "2026-02-04T03:44:39.385253Z" @@ -8507,11 +8308,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8519,11 +8320,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8531,11 +8332,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8543,11 +8344,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8555,11 +8356,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8567,55 +8368,24 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" - } - ] - }, - { - "vulns": [ - { - "id": "ALPINE-CVE-2024-12243", - "modified": "2026-02-24T08:30:42.520717Z" - }, - { - "id": "ALPINE-CVE-2025-14831", - "modified": "2026-02-24T08:30:41.701341Z" - }, - { - "id": "ALPINE-CVE-2025-32988", - "modified": "2026-02-24T08:01:14.207044Z" - }, - { - "id": "ALPINE-CVE-2025-32989", - "modified": "2026-02-24T08:01:14.218394Z" - }, - { - "id": "ALPINE-CVE-2025-32990", - "modified": "2026-02-24T08:01:14.156108Z" - }, - { - "id": "ALPINE-CVE-2025-6395", - "modified": "2026-02-24T08:01:14.252351Z" - }, - { - "id": "ALPINE-CVE-2025-9820", - "modified": "2026-02-24T08:01:14.195104Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, + {}, { "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8623,11 +8393,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8635,11 +8405,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8647,11 +8417,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8659,11 +8429,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-68972", - "modified": "2026-01-10T11:00:55.775173Z" + "modified": "2026-01-10T11:24:45.922788Z" }, { "id": "ALPINE-CVE-2025-68973", - "modified": "2026-01-08T11:01:13.307591Z" + "modified": "2026-01-08T11:18:08.318838Z" } ] }, @@ -8765,63 +8535,63 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -8829,19 +8599,19 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-8176", - "modified": "2025-12-03T22:01:07.752677Z" + "modified": "2025-12-03T22:57:51.246966Z" }, { "id": "ALPINE-CVE-2025-59375", - "modified": "2025-12-03T22:01:07.922612Z" + "modified": "2025-12-03T22:59:58.939558Z" }, { "id": "ALPINE-CVE-2026-24515", - "modified": "2026-02-06T11:01:11.343543Z" + "modified": "2026-02-06T11:22:51.413545Z" }, { "id": "ALPINE-CVE-2026-25210", - "modified": "2026-03-13T06:29:27.213127Z" + "modified": "2026-02-04T00:16:04.699793Z" } ] }, @@ -8858,19 +8628,19 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-64505", - "modified": "2025-12-08T15:00:57.813758Z" + "modified": "2025-12-08T15:11:42.598503Z" }, { "id": "ALPINE-CVE-2025-64506", - "modified": "2025-12-08T15:00:57.771692Z" + "modified": "2025-12-08T15:14:01.131553Z" }, { "id": "ALPINE-CVE-2025-64720", - "modified": "2025-12-08T15:00:57.773593Z" + "modified": "2025-12-08T15:14:12.627370Z" }, { "id": "ALPINE-CVE-2025-65018", - "modified": "2025-12-08T15:00:57.817561Z" + "modified": "2025-12-08T15:14:18.487828Z" }, { "id": "ALPINE-CVE-2025-66293", @@ -8883,10 +8653,6 @@ interactions: { "id": "ALPINE-CVE-2026-22801", "modified": "2026-01-22T19:30:04.012462Z" - }, - { - "id": "ALPINE-CVE-2026-25646", - "modified": "2026-02-24T12:00:36.302208Z" } ] }, @@ -8895,63 +8661,63 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -8959,7 +8725,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12133", - "modified": "2025-12-03T22:01:07.518013Z" + "modified": "2025-12-03T22:55:00.302559Z" }, { "id": "ALPINE-CVE-2025-13151", @@ -8973,7 +8739,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -8983,7 +8749,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -8994,63 +8760,63 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -9144,10 +8910,6 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" - }, - { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" } ] }, @@ -9179,19 +8941,19 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-29087", - "modified": "2025-11-19T01:01:53.905906Z" + "modified": "2025-11-19T06:21:22.290875Z" }, { "id": "ALPINE-CVE-2025-29088", - "modified": "2025-11-19T01:01:53.923660Z" + "modified": "2025-11-19T06:21:22.419722Z" }, { "id": "ALPINE-CVE-2025-3277", - "modified": "2025-11-19T01:01:53.906493Z" + "modified": "2025-11-19T06:21:22.993026Z" }, { "id": "ALPINE-CVE-2025-6965", - "modified": "2026-02-05T02:01:12.170793Z" + "modified": "2026-02-05T02:19:39.445651Z" } ] }, @@ -9199,11 +8961,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -9215,7 +8977,7 @@ interactions: } headers: Content-Length: - - "9991" + - "9268" Content-Type: - application/json status: 200 OK @@ -9929,7 +9691,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 3731 + content_length: 3752 body: | { "results": [ @@ -9947,7 +9709,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -9959,7 +9721,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -9979,7 +9741,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -9988,11 +9750,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -10000,11 +9762,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -10016,7 +9778,7 @@ interactions: "vulns": [ { "id": "DLA-3783-1", - "modified": "2026-03-09T01:21:52.762023Z" + "modified": "2025-05-26T07:23:51.550862Z" } ] }, @@ -10025,7 +9787,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10038,11 +9800,11 @@ interactions: "vulns": [ { "id": "DLA-3660-1", - "modified": "2026-03-09T02:10:14.556560Z" + "modified": "2025-05-26T07:23:53.429764Z" }, { "id": "DLA-3740-1", - "modified": "2026-03-09T01:23:17.775568Z" + "modified": "2025-05-26T07:23:55.348455Z" } ] }, @@ -10055,7 +9817,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10063,11 +9825,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10088,7 +9850,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10098,7 +9860,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -10107,7 +9869,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -10116,11 +9878,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10128,7 +9890,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -10137,7 +9899,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10148,7 +9910,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10156,11 +9918,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10168,11 +9930,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -10181,7 +9943,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -10195,7 +9957,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -10215,7 +9977,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -10282,7 +10044,7 @@ interactions: "vulns": [ { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -10290,11 +10052,11 @@ interactions: "vulns": [ { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" } ] }, @@ -10302,7 +10064,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -10319,7 +10081,7 @@ interactions: } headers: Content-Length: - - "3731" + - "3752" Content-Type: - application/json status: 200 OK @@ -11124,7 +10886,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6219 + content_length: 6100 body: | { "results": [ @@ -11174,10 +10936,6 @@ interactions: "id": "GHSA-5wv5-4vpf-pj6m", "modified": "2024-09-20T21:24:25.140560Z" }, - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -11200,10 +10958,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-29vq-49wr-vm6x", - "modified": "2026-02-23T23:43:27.690386Z" - }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "2026-02-04T03:18:07.993642Z" @@ -11227,7 +10981,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -11239,7 +10993,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11272,7 +11026,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11281,11 +11035,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -11293,11 +11047,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -11309,7 +11063,7 @@ interactions: "vulns": [ { "id": "DLA-3783-1", - "modified": "2026-03-09T01:21:52.762023Z" + "modified": "2025-05-26T07:23:51.550862Z" } ] }, @@ -11318,7 +11072,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11331,11 +11085,11 @@ interactions: "vulns": [ { "id": "DLA-3660-1", - "modified": "2026-03-09T02:10:14.556560Z" + "modified": "2025-05-26T07:23:53.429764Z" }, { "id": "DLA-3740-1", - "modified": "2026-03-09T01:23:17.775568Z" + "modified": "2025-05-26T07:23:55.348455Z" } ] }, @@ -11348,7 +11102,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11356,11 +11110,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11381,7 +11135,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11391,7 +11145,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -11400,7 +11154,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -11409,11 +11163,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11421,7 +11175,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -11430,7 +11184,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11441,7 +11195,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11449,11 +11203,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11461,11 +11215,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -11474,7 +11228,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -11488,7 +11242,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -11508,7 +11262,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -11596,7 +11350,7 @@ interactions: "vulns": [ { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -11604,11 +11358,11 @@ interactions: "vulns": [ { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" } ] }, @@ -11668,7 +11422,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -11685,7 +11439,7 @@ interactions: } headers: Content-Length: - - "6219" + - "6100" Content-Type: - application/json status: 200 OK @@ -11937,7 +11691,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 15478 + content_length: 14302 body: | { "results": [ @@ -11949,11 +11703,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -11961,11 +11715,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -11984,23 +11738,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12008,7 +11762,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12016,7 +11770,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12028,47 +11782,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12076,7 +11830,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12084,27 +11838,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12116,23 +11858,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12140,7 +11882,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12148,7 +11890,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12160,47 +11902,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12208,7 +11950,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12216,27 +11958,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12248,23 +11978,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12272,7 +12002,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12280,7 +12010,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12292,47 +12022,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12340,7 +12070,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12348,27 +12078,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12380,23 +12098,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12404,7 +12122,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12412,7 +12130,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12424,47 +12142,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12472,7 +12190,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12480,27 +12198,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12512,23 +12218,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12536,7 +12242,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12544,7 +12250,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12556,47 +12262,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12604,7 +12310,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12612,27 +12318,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12644,23 +12338,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -12668,7 +12362,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -12676,7 +12370,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -12688,47 +12382,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -12736,7 +12430,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -12744,27 +12438,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -12772,75 +12454,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -12848,75 +12530,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -12924,7 +12606,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -12932,7 +12614,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -12947,11 +12629,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -12960,7 +12642,7 @@ interactions: } headers: Content-Length: - - "15478" + - "14302" Content-Type: - application/json status: 200 OK @@ -13096,7 +12778,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13251,7 +12933,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13406,7 +13088,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13561,7 +13243,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -13739,27 +13421,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -13767,27 +13449,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -13797,39 +13479,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -13838,39 +13520,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -13882,27 +13564,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14091,27 +13773,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14119,27 +13801,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14157,39 +13839,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14198,39 +13880,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14239,11 +13921,11 @@ interactions: "vulns": [ { "id": "GHSA-vh95-rmgr-6w4m", - "modified": "2026-03-13T22:11:31.390433Z" + "modified": "2025-01-14T08:57:16.325412Z" }, { "id": "GHSA-xvch-5gv4-984h", - "modified": "2026-03-13T22:11:59.523514Z" + "modified": "2025-01-14T10:12:15.693708Z" } ] }, @@ -14255,27 +13937,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14443,27 +14125,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14471,27 +14153,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14501,39 +14183,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14542,39 +14224,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14586,27 +14268,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14774,27 +14456,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14802,27 +14484,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -14832,39 +14514,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14873,39 +14555,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -14917,27 +14599,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15105,27 +14787,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15133,27 +14815,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15163,39 +14845,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15204,39 +14886,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15248,27 +14930,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15436,27 +15118,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15464,27 +15146,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -15494,39 +15176,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15535,39 +15217,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -15579,27 +15261,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml index 7a608e63663..48db4a2822b 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml @@ -800,7 +800,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6219 + content_length: 6100 body: | { "results": [ @@ -850,10 +850,6 @@ interactions: "id": "GHSA-5wv5-4vpf-pj6m", "modified": "2024-09-20T21:24:25.140560Z" }, - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -876,10 +872,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-29vq-49wr-vm6x", - "modified": "2026-02-23T23:43:27.690386Z" - }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "2026-02-04T03:18:07.993642Z" @@ -903,7 +895,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -915,7 +907,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -948,7 +940,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -957,11 +949,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -969,11 +961,11 @@ interactions: "vulns": [ { "id": "DLA-3807-1", - "modified": "2026-03-09T01:21:14.798998Z" + "modified": "2025-05-26T07:24:04.503081Z" }, { "id": "DLA-3850-1", - "modified": "2026-03-09T01:19:52.798152Z" + "modified": "2025-05-26T07:24:05.860020Z" } ] }, @@ -985,7 +977,7 @@ interactions: "vulns": [ { "id": "DLA-3783-1", - "modified": "2026-03-09T01:21:52.762023Z" + "modified": "2025-05-26T07:23:51.550862Z" } ] }, @@ -994,7 +986,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1007,11 +999,11 @@ interactions: "vulns": [ { "id": "DLA-3660-1", - "modified": "2026-03-09T02:10:14.556560Z" + "modified": "2025-05-26T07:23:53.429764Z" }, { "id": "DLA-3740-1", - "modified": "2026-03-09T01:23:17.775568Z" + "modified": "2025-05-26T07:23:55.348455Z" } ] }, @@ -1024,7 +1016,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1032,11 +1024,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1057,7 +1049,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1067,7 +1059,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -1076,7 +1068,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -1085,11 +1077,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1097,7 +1089,7 @@ interactions: "vulns": [ { "id": "DLA-3474-1", - "modified": "2026-03-09T01:20:13.950328Z" + "modified": "2025-05-26T07:23:08.729561Z" } ] }, @@ -1106,7 +1098,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1117,7 +1109,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1125,11 +1117,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1137,11 +1129,11 @@ interactions: "vulns": [ { "id": "DLA-3586-1", - "modified": "2026-03-09T01:19:25.252973Z" + "modified": "2025-05-26T07:21:44.419009Z" }, { "id": "DLA-3682-1", - "modified": "2026-03-09T01:18:42.667623Z" + "modified": "2025-05-26T07:22:33.585830Z" } ] }, @@ -1150,7 +1142,7 @@ interactions: "vulns": [ { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" } ] }, @@ -1164,7 +1156,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -1184,7 +1176,7 @@ interactions: }, { "id": "GHSA-6vgw-5pg2-w6jp", - "modified": "2026-02-16T17:11:10.097207Z" + "modified": "2026-02-04T18:13:54.385413Z" }, { "id": "GHSA-mq26-g339-26xf", @@ -1272,7 +1264,7 @@ interactions: "vulns": [ { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -1280,11 +1272,11 @@ interactions: "vulns": [ { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" } ] }, @@ -1344,7 +1336,7 @@ interactions: "vulns": [ { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" } ] }, @@ -1361,7 +1353,7 @@ interactions: } headers: Content-Length: - - "6219" + - "6100" Content-Type: - application/json status: 200 OK @@ -1745,11 +1737,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -1757,11 +1749,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -1782,51 +1774,51 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-11187", - "modified": "2026-01-30T11:01:00.222803Z" + "modified": "2026-01-30T11:15:53.799925Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-15469", - "modified": "2026-01-30T11:01:00.225366Z" + "modified": "2026-01-30T11:16:52.287694Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -1834,51 +1826,51 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-11187", - "modified": "2026-01-30T11:01:00.222803Z" + "modified": "2026-01-30T11:15:53.799925Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-15469", - "modified": "2026-01-30T11:01:00.225366Z" + "modified": "2026-01-30T11:16:52.287694Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -1896,11 +1888,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2071,7 +2063,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 5308 + content_length: 5112 body: | { "results": [ @@ -2083,11 +2075,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2095,11 +2087,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2113,23 +2105,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -2137,7 +2129,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -2145,7 +2137,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -2157,47 +2149,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -2205,7 +2197,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -2213,27 +2205,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -2241,75 +2221,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -2317,75 +2297,75 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-12797", - "modified": "2025-12-03T22:01:07.509008Z" + "modified": "2025-12-03T22:55:03.634026Z" }, { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-15467", - "modified": "2026-02-26T11:01:21.519463Z" + "modified": "2026-02-08T14:17:10.314538Z" }, { "id": "ALPINE-CVE-2025-15468", - "modified": "2026-01-30T11:01:00.222192Z" + "modified": "2026-01-30T11:17:10.087231Z" }, { "id": "ALPINE-CVE-2025-66199", - "modified": "2026-01-30T11:01:00.238476Z" + "modified": "2026-01-30T11:16:38.617961Z" }, { "id": "ALPINE-CVE-2025-68160", - "modified": "2026-02-08T14:01:04.829284Z" + "modified": "2026-02-08T14:17:20.369697Z" }, { "id": "ALPINE-CVE-2025-69418", - "modified": "2026-02-08T14:01:04.832682Z" + "modified": "2026-02-08T14:17:22.909725Z" }, { "id": "ALPINE-CVE-2025-69419", - "modified": "2026-02-08T14:01:04.832622Z" + "modified": "2026-02-08T14:17:23.481787Z" }, { "id": "ALPINE-CVE-2025-69420", - "modified": "2026-02-08T14:01:04.833470Z" + "modified": "2026-02-08T14:17:16.244540Z" }, { "id": "ALPINE-CVE-2025-69421", - "modified": "2026-02-08T14:01:04.844150Z" + "modified": "2026-02-08T14:17:06.852172Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9231", - "modified": "2025-12-03T22:01:07.951863Z" + "modified": "2025-12-03T23:00:26.184987Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" }, { "id": "ALPINE-CVE-2026-22795", - "modified": "2026-02-08T14:01:04.797621Z" + "modified": "2026-02-08T14:17:23.817021Z" }, { "id": "ALPINE-CVE-2026-22796", - "modified": "2026-02-08T14:01:04.799524Z" + "modified": "2026-02-08T14:17:23.708503Z" } ] }, @@ -2393,7 +2373,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -2401,7 +2381,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -2411,11 +2391,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2424,7 +2404,7 @@ interactions: } headers: Content-Length: - - "5308" + - "5112" Content-Type: - application/json status: 200 OK @@ -2560,7 +2540,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -2715,7 +2695,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2021-36159", - "modified": "2025-12-03T22:01:06.565906Z" + "modified": "2025-12-03T22:50:23.251262Z" } ] }, @@ -2914,27 +2894,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2942,27 +2922,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -2980,39 +2960,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -3021,39 +3001,39 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2024-13176", - "modified": "2026-02-08T14:01:04.651262Z" + "modified": "2026-02-08T14:17:02.498117Z" }, { "id": "ALPINE-CVE-2024-2511", - "modified": "2025-12-03T22:01:07.536572Z" + "modified": "2025-12-03T22:55:31.105344Z" }, { "id": "ALPINE-CVE-2024-4603", - "modified": "2025-12-03T22:01:07.714711Z" + "modified": "2025-12-03T22:57:04.661877Z" }, { "id": "ALPINE-CVE-2024-4741", - "modified": "2025-12-03T22:01:07.715896Z" + "modified": "2025-12-03T22:57:09.616922Z" }, { "id": "ALPINE-CVE-2024-5535", - "modified": "2025-12-03T22:01:07.725064Z" + "modified": "2025-12-03T22:57:32.699825Z" }, { "id": "ALPINE-CVE-2024-6119", - "modified": "2025-12-03T22:01:07.722220Z" + "modified": "2025-12-03T22:57:47.097001Z" }, { "id": "ALPINE-CVE-2024-9143", - "modified": "2025-12-03T22:01:07.768386Z" + "modified": "2025-12-03T22:57:50.413061Z" }, { "id": "ALPINE-CVE-2025-9230", - "modified": "2026-02-08T14:01:04.841239Z" + "modified": "2026-02-08T14:17:13.655545Z" }, { "id": "ALPINE-CVE-2025-9232", - "modified": "2026-02-08T14:01:04.844061Z" + "modified": "2026-02-08T14:17:23.776473Z" } ] }, @@ -3062,11 +3042,11 @@ interactions: "vulns": [ { "id": "GHSA-vh95-rmgr-6w4m", - "modified": "2026-03-13T22:11:31.390433Z" + "modified": "2025-01-14T08:57:16.325412Z" }, { "id": "GHSA-xvch-5gv4-984h", - "modified": "2026-03-13T22:11:59.523514Z" + "modified": "2025-01-14T10:12:15.693708Z" } ] }, @@ -3078,27 +3058,27 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2023-42363", - "modified": "2025-12-03T22:01:07.431787Z" + "modified": "2025-12-03T22:53:19.595031Z" }, { "id": "ALPINE-CVE-2023-42364", - "modified": "2025-12-03T22:01:07.431998Z" + "modified": "2025-12-03T22:53:16.639859Z" }, { "id": "ALPINE-CVE-2023-42365", - "modified": "2025-12-03T22:01:07.431321Z" + "modified": "2025-12-03T22:53:18.372883Z" }, { "id": "ALPINE-CVE-2023-42366", - "modified": "2025-12-03T22:01:07.432187Z" + "modified": "2025-12-03T22:53:21.200830Z" }, { "id": "ALPINE-CVE-2024-58251", - "modified": "2025-12-03T22:01:07.744490Z" + "modified": "2025-12-03T22:57:45.619122Z" }, { "id": "ALPINE-CVE-2025-46394", - "modified": "2025-12-03T22:01:07.859037Z" + "modified": "2025-12-03T22:59:20.065296Z" } ] }, @@ -3842,7 +3822,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11894 + content_length: 11176 body: | { "results": [ @@ -3856,11 +3836,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -3874,10 +3854,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -3890,11 +3866,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -3943,14 +3919,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -3980,11 +3949,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4000,7 +3965,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4032,11 +3997,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -4052,7 +4013,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -4079,11 +4040,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4108,7 +4069,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -4128,7 +4089,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -4137,10 +4102,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -4317,14 +4278,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4454,20 +4408,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -4475,11 +4422,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -4487,7 +4434,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -4495,27 +4442,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -4527,7 +4474,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -4535,11 +4482,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -4567,15 +4514,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -4618,14 +4565,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -4650,14 +4590,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -4736,27 +4669,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "11894" + - "11176" Content-Type: - application/json status: 200 OK @@ -5505,7 +5424,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17082 + content_length: 16168 body: | { "results": [ @@ -5519,11 +5438,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-2781", - "modified": "2026-03-13T06:02:36.914591Z" + "modified": "2026-01-20T16:45:42.494092Z" }, { "id": "UBUNTU-CVE-2025-5278", - "modified": "2026-03-13T06:01:05.186200Z" + "modified": "2026-01-20T18:50:39.520044Z" } ] }, @@ -5537,10 +5456,6 @@ interactions: "id": "UBUNTU-CVE-2025-6297", "modified": "2026-02-04T03:36:18.990840Z" }, - { - "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" - }, { "id": "USN-7768-1", "modified": "2026-02-10T04:49:49Z" @@ -5554,11 +5469,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -5782,23 +5697,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -5806,7 +5721,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -5814,7 +5729,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -5826,47 +5741,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -5874,7 +5789,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -5882,27 +5797,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -5947,14 +5850,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -5984,11 +5880,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6004,7 +5896,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6036,11 +5928,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" - }, - { - "id": "UBUNTU-CVE-2026-3904", - "modified": "2026-03-14T09:21:35.977522Z" + "modified": "2026-02-03T08:44:11.935975Z" }, { "id": "USN-7259-1", @@ -6056,7 +5944,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-02-10T04:50:49Z" } ] }, @@ -6083,11 +5971,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6112,7 +6000,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-02-10T07:44:23.629163Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -6132,7 +6020,11 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-01-30T21:03:09.242523Z" + }, + { + "id": "UBUNTU-CVE-2026-1584", + "modified": "2026-02-10T08:15:05.442963Z" }, { "id": "USN-7281-1", @@ -6141,10 +6033,6 @@ interactions: { "id": "USN-7635-1", "modified": "2026-02-10T04:49:34Z" - }, - { - "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" } ] }, @@ -6321,14 +6209,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6458,20 +6339,13 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-02-05T21:02:37.015833Z" }, { "id": "UBUNTU-CVE-2024-41996", @@ -6479,11 +6353,11 @@ interactions: }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-02-05T20:56:12.621922Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-02-06T21:35:35.150614Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -6491,7 +6365,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-02-06T21:58:39.424130Z" }, { "id": "UBUNTU-CVE-2025-69418", @@ -6499,27 +6373,27 @@ interactions: }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-02-06T21:40:34.068829Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-02-06T21:50:50.315800Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-02-06T21:51:07.261940Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-02-04T02:15:55.979804Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-02-06T21:39:17.172277Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-02-06T21:38:24.734532Z" }, { "id": "USN-7278-1", @@ -6531,7 +6405,7 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-02-10T04:50:48Z" } ] }, @@ -6539,11 +6413,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-01-20T19:02:52.626241Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-02-04T14:20:34.505919Z" }, { "id": "USN-7700-1", @@ -6571,15 +6445,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-02-04T02:59:14.774348Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-02-04T04:06:37.628475Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-02-04T03:28:05.572797Z" }, { "id": "USN-7275-1", @@ -6622,14 +6496,7 @@ interactions: ] }, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, {}, { "vulns": [ @@ -6654,14 +6521,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, + {}, { "vulns": [ { @@ -6740,27 +6600,13 @@ interactions: }, {}, {}, - { - "vulns": [ - { - "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" - } - ] - }, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" - } - ] - } + {}, + {} ] } headers: Content-Length: - - "17082" + - "16168" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 61df3a9c042..ecdbfc40dee 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -3,7 +3,6 @@ Scanning dir ./testdata/locks-gitignore Scanned /testdata/locks-gitignore/Gemfile.lock file and found 1 package Scanned /testdata/locks-gitignore/subdir/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -27,7 +26,6 @@ No issues found [TestCommand/Empty_cyclonedx_1.4_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -47,7 +45,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_cyclonedx_1.5_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -59,7 +56,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_gh-annotations_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -100,7 +96,7 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -118,7 +114,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_sarif_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -160,7 +155,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_spdx_2.3_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -168,11 +162,7 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Go_project_with_an_overridden_go_version - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. - -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -184,11 +174,7 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package Scanned /testdata/go-project/nested/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. - -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -199,16 +185,10 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/Go_project_with_an_overridden_go_version_and_licences - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. -+--------------+-------------------------+ -| LICENSE | NO. OF PACKAGE VERSIONS | -+--------------+-------------------------+ -| BSD-3-Clause | 1 | -+--------------+-------------------------+ --- @@ -219,10 +199,9 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/PURL_SBOM_case_sensitivity_(api) - 1] Scanning dir ./testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ @@ -231,8 +210,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -379,7 +356,7 @@ Total 2 packages affected by 9 known vulnerabilities (4 Critical, 4 High, 1 Medi ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -397,7 +374,6 @@ Total 2 packages affected by 9 known vulnerabilities (4 Critical, 4 High, 1 Medi [TestCommand/Sarif_with_vulns - 2] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -407,7 +383,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -421,7 +396,6 @@ No issues found Scanning dir ./testdata/locks-many-with-invalid Scanned /testdata/locks-many-with-invalid/Gemfile.lock file and found 1 package Scanned /testdata/locks-many-with-invalid/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. @@ -448,7 +422,6 @@ Scanned /testdata/locks-many-with-insecure/composer.lock file and found Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package Scanned /testdata/locks-many-with-insecure/yarn.lock file and found 1 package Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Package npm/has-flag/4.0.0 has been filtered out because: (no reason given) Package npm/wrappy/1.0.2 has been filtered out because: (no reason given) @@ -506,13 +479,12 @@ Total 6 packages affected by 10 known vulnerabilities (3 Critical, 1 High, 2 Med +---------+-------------------------+ | MIT | 15 | | 0BSD | 7 | -| UNKNOWN | 5 | +| UNKNOWN | 4 | +---------+-------------------------+ +-------------------+-----------+------------------------------------------------+--------------+-------------------------------------------------------+ | LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | +-------------------+-----------+------------------------------------------------+--------------+-------------------------------------------------------+ | 0BSD | Packagist | league/flysystem | 1.0.8 | testdata/locks-insecure/composer.lock | -| UNKNOWN | Go | stdlib | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | Go | toolchain | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | | https://chromium.googlesource.com/chromium/src | | testdata/locks-insecure/osv-scanner-flutter-deps.json | | UNKNOWN | | https://github.com/brendan-duncan/archive.git | | testdata/locks-insecure/osv-scanner-flutter-deps.json | @@ -534,7 +506,6 @@ Total 6 packages affected by 10 known vulnerabilities (3 Critical, 1 High, 2 Med [TestCommand/config_file_is_invalid - 1] Scanning dir ./testdata/config-invalid Scanned /testdata/config-invalid/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. @@ -564,7 +535,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. ./testdata/osv-scanner-duplicate-config.toml has unused ignores: - GO-2022-0274 - GO-2022-0274 @@ -593,14 +563,6 @@ No issues found "licenses": [], "purl": "pkg:composer/league/flysystem@1.0.8" }, - { - "bom-ref": "pkg:golang/stdlib@1.99.9", - "type": "library", - "name": "stdlib", - "version": "1.99.9", - "licenses": [], - "purl": "pkg:golang/stdlib@1.99.9" - }, { "bom-ref": "pkg:golang/toolchain@1.99.9", "type": "library", @@ -669,7 +631,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -688,14 +649,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a "licenses": [], "purl": "pkg:composer/league/flysystem@1.0.8" }, - { - "bom-ref": "pkg:golang/stdlib@1.99.9", - "type": "library", - "name": "stdlib", - "version": "1.99.9", - "licenses": [], - "purl": "pkg:golang/stdlib@1.99.9" - }, { "bom-ref": "pkg:golang/toolchain@1.99.9", "type": "library", @@ -764,7 +717,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -772,7 +724,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -785,7 +736,6 @@ No issues found Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -807,7 +757,6 @@ failed to parse exclude patterns: invalid regex pattern "[invalid": error parsin Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -820,7 +769,6 @@ No issues found Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -832,7 +780,6 @@ No issues found [TestCommand/exclude_with_regex_pattern - 1] Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -844,7 +791,6 @@ No issues found [TestCommand/folder_of_supported_sbom_with_only_unimportant - 1] Scanning dir ./testdata/sbom-insecure/only-unimportant.spdx.json Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -859,7 +805,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/folder_of_supported_sbom_with_only_unimportant#01 - 1] Scanning dir ./testdata/sbom-insecure/only-unimportant.spdx.json Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -886,10 +831,9 @@ Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 pac Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 10 local/unscannable package/s from the scan. -Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 56 Medium, 3 Low, 25 Unknown) from 4 ecosystems. +Total 26 packages affected by 172 known vulnerabilities (21 Critical, 72 High, 53 Medium, 3 Low, 23 Unknown) from 4 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -918,18 +862,12 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/DSA-4685-1 | 5.5 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4808-1 | 5.7 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-0501 | 5.9 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -940,7 +878,6 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/DLA-3482-1 | | Debian | debian-archive-keyring | 2017.5+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5147-1 | 9.8 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-6297 | 8.2 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2219 | 7.5 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4535-1 | 7.5 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2019-5188 | 6.7 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2022-1304 | 7.8 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1053,7 +990,6 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1101,7 +1037,6 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1120,41 +1055,18 @@ Total 26 packages affected by 181 known vulnerabilities (24 Critical, 73 High, 5 [TestCommand/gh-annotations_with_vulns - 2] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. ::error file=testdata/locks-many-with-insecure/package-lock.json::testdata/locks-many-with-insecure/package-lock.json%0A+-----------+-------------------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+-----------+-------------------------------------+------+-----------------+---------------+%0A| ansi-html | https://osv.dev/GHSA-whgm-jr23-g3j9 | 7.5 | 0.0.1 | 0.0.8 |%0A+-----------+-------------------------------------+------+-----------------+---------------+ --- [TestCommand/go_packages_in_osv-scanner.json_format - 1] Scanned /testdata/locks-insecure/osv-scanner.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 2 packages affected by 24 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 24 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. +Total 1 package affected by 3 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 3 Unknown) from 1 ecosystem. +3 vulnerabilities can be fixed. +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ -| https://osv.dev/GO-2025-3849 | | Go | stdlib | 1.24.4 | 1.24.6 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-3956 | | Go | stdlib | 1.24.4 | 1.24.6 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4006 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4007 | | Go | stdlib | 1.24.4 | 1.24.9 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4008 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4009 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4010 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4011 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4012 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4013 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4014 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4015 | | Go | stdlib | 1.24.4 | 1.24.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4155 | | Go | stdlib | 1.24.4 | 1.24.11 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2025-4175 | | Go | stdlib | 1.24.4 | 1.24.11 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4337 | | Go | stdlib | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4340 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4341 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4342 | | Go | stdlib | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4601 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4602 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | -| https://osv.dev/GO-2026-4603 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2025-3828 | | Go | toolchain | 1.24.4 | 1.24.5 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4339 | | Go | toolchain | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4433 | | Go | toolchain | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | @@ -1219,7 +1131,6 @@ Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Packagist/sentry/sdk/2.0.4 has been filtered out because: (no reason given) Filtered 1 ignored package/s from the scan. GHSA-whgm-jr23-g3j9 and 1 alias have been filtered out because: (no reason given) @@ -1242,7 +1153,6 @@ Scanned /testdata/locks-gitignore/subdir/Gemfile.lock file and found 1 Scanned /testdata/locks-gitignore/subdir/composer.lock file and found 1 package Scanned /testdata/locks-gitignore/subdir/yarn.lock file and found 1 package Scanned /testdata/locks-gitignore/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1276,7 +1186,6 @@ invalid verbosity level "unknown" - must be one of: error, warn, info [TestCommand/json_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -1285,7 +1194,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1307,7 +1215,6 @@ failed to resolve path: stat /testdata/locks-none-does-not-exist: no su [TestCommand/no_lockfiles_with_recursion_and_with_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none Scanned /testdata/locks-none/nested/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1319,7 +1226,6 @@ No issues found [TestCommand/no_lockfiles_with_recursion_but_without_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none Scanned /testdata/locks-none/nested/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1330,7 +1236,6 @@ No issues found [TestCommand/no_lockfiles_without_recursion_but_with_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No package sources found No issues found @@ -1342,7 +1247,6 @@ No issues found [TestCommand/no_lockfiles_without_recursion_or_allow_flag_give_an_error - 1] Scanning dir ./testdata/locks-none -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1375,7 +1279,6 @@ could not determine extractor, requested spdx [TestCommand/one_specific_supported_lockfile - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1388,7 +1291,6 @@ No issues found [TestCommand/one_specific_supported_lockfile_with_ignore - 1] Scanning dir ./testdata/locks-test-ignore/package-lock.json Scanned /testdata/locks-test-ignore/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-test-ignore/osv-scanner-test.toml CVE-2021-23424 and 1 alias have been filtered out because: Test manifest file (package-lock.json) Filtered 1 vulnerability from output @@ -1403,7 +1305,6 @@ No issues found [TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1416,10 +1317,9 @@ No issues found [TestCommand/one_specific_supported_sbom_with_duplicate_PURLs - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ @@ -1428,8 +1328,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ --- @@ -1440,10 +1338,9 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_duplicate_PURLs_using_-L_flag - 1] Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ @@ -1452,8 +1349,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ --- @@ -1465,7 +1360,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_invalid_PURLs - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 7 local/unscannable package/s from the scan. No issues found @@ -1477,7 +1371,6 @@ No issues found [TestCommand/one_specific_supported_sbom_with_invalid_PURLs_using_-L_flag - 1] Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 7 local/unscannable package/s from the scan. No issues found @@ -1490,10 +1383,9 @@ No issues found [TestCommand/one_specific_supported_sbom_with_vulns - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ @@ -1502,8 +1394,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -1514,10 +1404,9 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_vulns_using_-L_flag - 1] Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ @@ -1526,8 +1415,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -1538,7 +1425,6 @@ Total 2 packages affected by 5 known vulnerabilities (2 Critical, 2 High, 1 Medi [TestCommand/one_specific_unsupported_lockfile - 1] Scanning dir ./testdata/locks-many/not-a-lockfile.toml -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1550,7 +1436,6 @@ No package sources found, --help for usage information. [TestCommand/only_the_files_in_the_given_directories_are_checked_by_default_(no_recursion) - 1] Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -1562,7 +1447,6 @@ No issues found [TestCommand/output_format:_markdown_table - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -1596,16 +1480,14 @@ Scanned /testdata/locks-requirements/requirements.txt file and found 3 Scanned /testdata/locks-requirements/the_requirements_for_test.txt file and found 1 package Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages -Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 Medium, 4 Low, 1 Unknown) from 1 ecosystem. -50 vulnerabilities can be fixed. +Total 11 packages affected by 45 known vulnerabilities (5 Critical, 19 High, 20 Medium, 0 Low, 1 Unknown) from 1 ecosystem. +45 vulnerabilities can be fixed. +-------------------------------------+------+-----------+------------+---------+---------------+-----------------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+------------+---------+---------------+-----------------------------------------------------------+ | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/my-requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/my-requirements.txt | -| https://osv.dev/GHSA-3936-cmfr-pm3m | 8.7 | PyPI | black | 25.1.0 | 26.3.1 | testdata/locks-requirements/requirements-dev.txt | | https://osv.dev/PYSEC-2021-98 | 6.9 | PyPI | django | 1.11.29 | 2.2.24 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-68w8-qjq3-2gfm | | | | | | | | https://osv.dev/GHSA-6w2r-r2m5-xq5w | 7.1 | PyPI | django | 1.11.29 | 4.2.24 | testdata/locks-requirements/requirements-transitive.txt | @@ -1616,7 +1498,6 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 | https://osv.dev/GHSA-rrqc-c2jx-6jgv | 6.3 | PyPI | django | 1.11.29 | 4.2.16 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/PYSEC-2023-74 | 6.1 | PyPI | requests | 2.20.0 | 2.31.0 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements-transitive.txt | @@ -1653,14 +1534,12 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 | https://osv.dev/GHSA-rrqc-c2jx-6jgv | 6.3 | PyPI | django | 1.11.29 | 4.2.16 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-74 | 6.1 | PyPI | requests | 2.20.0 | 2.31.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | -| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/PYSEC-2020-43 | 8.7 | PyPI | flask-cors | 1.0.0 | 3.0.9 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/GHSA-xc3p-ff3m-f46v | | | | | | | | https://osv.dev/PYSEC-2024-71 | 8.7 | PyPI | flask-cors | 1.0.0 | 4.0.2 | testdata/locks-requirements/unresolvable-requirements.txt | @@ -1754,27 +1633,9 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 } ] }, - { - "name": "stdlib", - "SPDXID": "SPDXRef-Package-stdlib-uuid-placeholder-5", - "versionInfo": "1.99.9", - "supplier": "NOASSERTION", - "downloadLocation": "NOASSERTION", - "filesAnalyzed": false, - "sourceInfo": "Identified by the osv/osvscannerjson extractor from /testdata/locks-insecure/osv-scanner-custom.json", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:placeholder/stdlib@1.99.9" - } - ] - }, { "name": "toolchain", - "SPDXID": "SPDXRef-Package-toolchain-uuid-placeholder-6", + "SPDXID": "SPDXRef-Package-toolchain-uuid-placeholder-5", "versionInfo": "1.99.9", "supplier": "NOASSERTION", "downloadLocation": "NOASSERTION", @@ -1829,21 +1690,11 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 }, { "spdxElementId": "SPDXRef-Package-main-uuid-placeholder-1", - "relatedSpdxElement": "SPDXRef-Package-stdlib-uuid-placeholder-5", + "relatedSpdxElement": "SPDXRef-Package-toolchain-uuid-placeholder-5", "relationshipType": "CONTAINS" }, { - "spdxElementId": "SPDXRef-Package-stdlib-uuid-placeholder-5", - "relatedSpdxElement": "NOASSERTION", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "SPDXRef-Package-main-uuid-placeholder-1", - "relatedSpdxElement": "SPDXRef-Package-toolchain-uuid-placeholder-6", - "relationshipType": "CONTAINS" - }, - { - "spdxElementId": "SPDXRef-Package-toolchain-uuid-placeholder-6", + "spdxElementId": "SPDXRef-Package-toolchain-uuid-placeholder-5", "relatedSpdxElement": "NOASSERTION", "relationshipType": "CONTAINS" } @@ -1857,7 +1708,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1873,7 +1723,6 @@ No issues found [TestCommand/verbosity_level_=_info - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1886,7 +1735,6 @@ No issues found [TestCommandNonGit/one_specific_supported_lockfile - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -1899,7 +1747,6 @@ No issues found [TestCommand_CallAnalysis/Run_with_govulncheck - 1] Scanning dir ./testdata/call-analysis-go-project Scanned /testdata/call-analysis-go-project/go.mod file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -1922,7 +1769,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, [TestCommand_CallAnalysis/Run_with_govulncheck_all_uncalled - 1] Scanning dir ./testdata/call-analysis-go-project-all-uncalled Scanned /testdata/call-analysis-go-project-all-uncalled/go.mod file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -1939,7 +1785,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_CallAnalysis/Run_with_govulncheck_all_uncalled_but_enabled_all-vulns_flag - 1] Scanning dir ./testdata/call-analysis-go-project-all-uncalled Scanned /testdata/call-analysis-go-project-all-uncalled/go.mod file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -2010,9 +1855,8 @@ Total 8 packages affected by 28 known vulnerabilities (5 Critical, 5 High, 11 Me [TestCommand_CommitSupport/online_uses_git_commits - 1] Scanned /testdata/locks-git/osv-scanner.json file and found 11 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 Medium, 7 Low, 7 Unknown) from 1 ecosystem. +Total 11 packages affected by 53 known vulnerabilities (7 Critical, 13 High, 23 Medium, 4 Low, 6 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------+-----------------------------+---------------+-------------------------------------+ @@ -2029,13 +1873,9 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 | https://osv.dev/CVE-2025-26623 | 5.3 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-54080 | 1.8 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-55304 | 1.8 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-25884 | 2.7 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-27596 | 2.7 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-27631 | 2.7 | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/OSV-2023-1161 | | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/OSV-2024-340 | | GIT | https://github.com/Exiv2/exiv2@931a40a7 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2021-22569 | 5.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2022-1941 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2022-3171 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2022-3509 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2022-3510 | 7.5 | GIT | https://github.com/apache/orc@17b30e96 | -- | testdata/locks-git/osv-scanner.json | @@ -2051,6 +1891,7 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9231 | 6.5 | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json | +| https://osv.dev/CVE-2016-2183 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-11187 | 6.1 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-15467 | 9.8 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-15468 | 5.9 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | @@ -2060,12 +1901,12 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 | https://osv.dev/CVE-2025-69418 | 4.0 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-69419 | 7.4 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-69420 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | +| https://osv.dev/CVE-2025-69421 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9231 | 6.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-22795 | 5.5 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-22796 | 5.3 | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-2673 | | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2023-6180 | 5.3 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-24898 | 6.3 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json | @@ -2086,7 +1927,6 @@ Total 11 packages affected by 56 known vulnerabilities (7 Critical, 12 High, 23 [TestCommand_Config_UnusedIgnores/unused_ignores_are_reported_with_specific_config_and_file - 1] Scanning dir testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2096,15 +1936,13 @@ testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 - CVE-2022-1304 -Total 1 package affected by 3 known vulnerabilities (2 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ --- @@ -2121,7 +1959,6 @@ Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 pac Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 10 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2133,7 +1970,7 @@ Filtered 8 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 55 Medium, 3 Low, 25 Unknown) from 4 ecosystems. +Total 24 packages affected by 166 known vulnerabilities (21 Critical, 67 High, 52 Medium, 3 Low, 23 Unknown) from 4 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -2160,14 +1997,8 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/DSA-4685-1 | 5.5 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4808-1 | 5.7 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-0501 | 5.9 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2178,7 +2009,6 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/DLA-3482-1 | | Debian | debian-archive-keyring | 2017.5+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5147-1 | 9.8 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-6297 | 8.2 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2219 | 7.5 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4535-1 | 7.5 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2019-5188 | 6.7 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5122-1 | 8.8 | Debian | gzip | 1.6-5+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2289,7 +2119,6 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2337,7 +2166,6 @@ Total 24 packages affected by 175 known vulnerabilities (24 Critical, 68 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2354,7 +2182,6 @@ Scanning dir testdata/sbom-insecure/alpine.cdx.xml Scanning dir testdata/sbom-insecure/postgres-stretch.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 2 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2364,7 +2191,7 @@ Filtered 6 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 53 Medium, 3 Low, 25 Unknown) from 3 ecosystems. +Total 22 packages affected by 164 known vulnerabilities (19 Critical, 67 High, 52 Medium, 3 Low, 23 Unknown) from 3 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -2391,8 +2218,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-22184 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | -| https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/DSA-4685-1 | 5.5 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4808-1 | 5.7 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-0501 | 5.9 | Debian | apt | 1.4.11 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2403,7 +2228,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/DLA-3482-1 | | Debian | debian-archive-keyring | 2017.5+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5147-1 | 9.8 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-6297 | 8.2 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2219 | 7.5 | Debian | dpkg | 1.18.25 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4535-1 | 7.5 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2019-5188 | 6.7 | Debian | e2fsprogs | 1.43.4-2+deb9u2 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5122-1 | 8.8 | Debian | gzip | 1.6-5+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2514,7 +2338,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/DEBIAN-CVE-2025-4575 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-2673 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2562,7 +2385,6 @@ Total 22 packages affected by 169 known vulnerabilities (20 Critical, 68 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | -| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2586,7 +2408,6 @@ flag needs an argument: --experimental-plugins= --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_specified_individually - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2596,7 +2417,6 @@ No package sources found, --help for usage information. --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_specified_together - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2606,7 +2426,6 @@ No package sources found, --help for usage information. --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2621,7 +2440,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2637,7 +2455,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2653,7 +2470,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -2672,7 +2488,6 @@ Scanning dir ./testdata/locks-many Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2688,7 +2503,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2701,7 +2515,6 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_different_extractor_enabled - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2714,7 +2527,6 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_specific_extractor_enabled - 1] Scanning dir ./testdata/locks-many/package-lock.json Scanned /testdata/locks-many/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2818,7 +2630,6 @@ Scanning dir ./testdata/locks-many Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2880,13 +2691,6 @@ could not determine extractor, requested package-lock.json "type": "lockfile" }, "packages": [ - { - "package": { - "name": "stdlib", - "version": "1.999.1", - "ecosystem": "Go" - } - }, { "package": { "name": "toolchain", @@ -2909,7 +2713,6 @@ could not determine extractor, requested package-lock.json [TestCommand_Filter/Show_all_Packages_with_empty_config - 2] Scanned /testdata/locks-insecure/osv-scanner-with-unscannables.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. --- @@ -2930,7 +2733,6 @@ Filtered 1 local/unscannable package/s from the scan. [TestCommand_FlagDeprecatedPackages/package_deprecated_false_no_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/clean/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/clean/Cargo.lock file and found 5 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2967,7 +2769,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_FlagDeprecatedPackages/package_deprecated_npm_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-npm/package-lock.json Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-npm/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -3004,14 +2805,12 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_FlagDeprecatedPackages/package_deprecated_true_no_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock file and found 36 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_FlagDeprecatedPackages/package_deprecated_true_no_vuln_table - 1] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock file and found 36 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3072,14 +2871,12 @@ Total 1 package deprecated. [TestCommand_FlagDeprecatedPackages/package_deprecated_true_with_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock file and found 7 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_FlagDeprecatedPackages/package_deprecated_true_with_vuln_table - 1] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock file and found 7 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -3110,7 +2907,6 @@ Total 1 package deprecated. [TestCommand_GithubActions/scanning_osv-scanner_custom_format - 1] Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3297,7 +3093,7 @@ Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Mediu ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3314,15 +3110,13 @@ Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Mediu [TestCommand_GithubActions/scanning_osv-scanner_custom_format_output_json - 2] Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_GithubActions/scanning_osv-scanner_custom_format_with_git_tag - 1] Scanned /testdata/locks-insecure/osv-scanner-custom-git-tag.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 1 package affected by 45 known vulnerabilities (5 Critical, 17 High, 23 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+ @@ -3330,40 +3124,45 @@ Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Me +--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+ | https://osv.dev/CVE-2016-2177 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2016-2182 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2021-3449 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-2274 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-3358 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2022-3602 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2022-3786 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-3996 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-4203 | 4.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-4304 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-4450 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0215 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | -| https://osv.dev/CVE-2023-0216 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0217 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0286 | 7.4 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | -| https://osv.dev/CVE-2023-0401 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0464 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0465 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-0466 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-1255 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-2650 | 6.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-2975 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2023-3446 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-3817 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-4807 | 7.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-5363 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-5678 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-6129 | 6.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-6237 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2024-0727 | 5.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-13176 | 4.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-2511 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-4603 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-4741 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-5535 | 9.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2024-6119 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-9143 | 4.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-15467 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-68160 | 4.7 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69418 | 4.0 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69419 | 7.4 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69420 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2025-69421 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2026-22795 | 5.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | @@ -3383,7 +3182,6 @@ Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Me [TestCommand_HtmlFile - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml HTML output available at: /report.html @@ -3397,7 +3195,6 @@ HTML output available at: /report.html Warning: --output has been deprecated in favor of --output-file Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml HTML output available at: /report.html @@ -3407,16 +3204,14 @@ HTML output available at: /report.html Scanning dir ./testdata/artifact/javareach_test.jar Java reachability enricher marked 14 packages as unreachable Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. failed to download package err jar not found: https://repo1.maven.org/maven2/com/example/hello-tester/1.0-SNAPSHOT/hello-tester-1.0-SNAPSHOT.jar -Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -55 vulnerabilities can be fixed. +Total 4 packages affected by 53 known vulnerabilities (18 Critical, 29 High, 5 Medium, 1 Low, 0 Unknown) from 1 ecosystem. +53 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ -| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar | @@ -3470,7 +3265,6 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 M | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-wjpw-4j6x-6rwh | 3.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.31 | testdata/artifact/javareach_test.jar | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | Uncalled vulnerabilities | | | | | | | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ @@ -3491,10 +3285,9 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 M [TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis_and_disabled_enricher - 1] Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -60 vulnerabilities can be fixed. +Total 8 packages affected by 60 known vulnerabilities (18 Critical, 32 High, 8 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +59 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3555,7 +3348,6 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-wjpw-4j6x-6rwh | 3.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.31 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-3gh6-v5v9-6v9j | 3.5 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-gwcr-j4wh-j3cq | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.41 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j26w-f9rq-mr2q | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.54 | testdata/artifact/javareach_test.jar | @@ -3571,16 +3363,14 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M [TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis - 1] Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -60 vulnerabilities can be fixed. +Total 8 packages affected by 59 known vulnerabilities (18 Critical, 31 High, 8 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +58 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | https://osv.dev/GHSA-c28r-hw5m-5gv3 | 7.9 | Maven | com.amazonaws:aws-java-sdk-s3 | 1.11.327 | 1.12.261 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar | @@ -3635,7 +3425,6 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | -| https://osv.dev/GHSA-wjpw-4j6x-6rwh | 3.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.31 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-3gh6-v5v9-6v9j | 3.5 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-gwcr-j4wh-j3cq | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.41 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j26w-f9rq-mr2q | 5.3 | Maven | org.eclipse.jetty:jetty-servlets | 9.4.40.v20210413 | 9.4.54 | testdata/artifact/javareach_test.jar | @@ -3678,14 +3467,12 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 M [TestCommand_Licenses/Licenses_in_summary_mode_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/Licenses_with_expressions - 1] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. overriding license for package npm/babel/6.23.0 with MIT AND (LGPL-2.1-or-later OR BSD-3-Clause) overriding license for package npm/human-signals/5.0.0 with LGPL-2.1-only OR MIT OR BSD-3-Clause overriding license for package npm/ms/2.1.3 with MIT WITH Bison-exception-2.2 @@ -3716,7 +3503,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_Licenses/Licenses_with_invalid_expression_in_config - 1] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. overriding license for package npm/babel/6.23.0 with MIT AND (LGPL-2.1-or-later OR BSD-3-Clause)) overriding license for package npm/human-signals/5.0.0 with LGPL-2.1-only OR OR BSD-3-Clause overriding license for package npm/ms/2.1.3 with MIT WITH (Bison-exception-2.2 AND somethingelse) @@ -3838,14 +3624,12 @@ license MIT WITH (Bison-exception-2.2 AND somethingelse) for package npm/ms/2.1. [TestCommand_Licenses/No_license_violations_and_show-all-packages_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/No_vulnerabilities_but_license_violations_with_allowlist - 1] Scanning dir ./testdata/locks-many/yarn.lock Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3873,7 +3657,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -3899,7 +3682,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -3996,7 +3778,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_Licenses/Show_all_Packages_with_license_summary_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -4010,7 +3791,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package npm/has-flag/4.0.0 has been filtered out because: (no reason given) Package npm/wrappy/1.0.2 has been filtered out because: (no reason given) Package npm/ansi-html/0.0.8 has been filtered out because: (no reason given) @@ -4032,13 +3812,12 @@ Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, +---------+-------------------------+ | 0BSD | 2 | | MIT | 1 | -| UNKNOWN | 2 | +| UNKNOWN | 1 | +---------+-------------------------+ +-------------------+-----------+------------------+---------+-------------------------------------------------+ | LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | +-------------------+-----------+------------------+---------+-------------------------------------------------+ | 0BSD | Packagist | league/flysystem | 1.0.8 | testdata/locks-insecure/composer.lock | -| UNKNOWN | Go | stdlib | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | UNKNOWN | Go | toolchain | 1.99.9 | testdata/locks-insecure/osv-scanner-custom.json | | 0BSD | Packagist | sentry/sdk | 2.0.4 | testdata/locks-many/composer.lock | +-------------------+-----------+------------------+---------+-------------------------------------------------+ @@ -4133,7 +3912,6 @@ Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, [TestCommand_Licenses/Some_packages_with_license_violations_and_show-all-packages_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -4191,14 +3969,12 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_Licenses/Some_packages_with_license_violations_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/Vulnerabilities_and_all_license_violations_allowlisted - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -4223,7 +3999,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, [TestCommand_Licenses/Vulnerabilities_and_license_summary - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -4248,7 +4023,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, [TestCommand_Licenses/Vulnerabilities_and_license_violations_with_allowlist - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5176,7 +4950,6 @@ could not load db for PyPI ecosystem: unable to fetch OSV database: no offline v [TestCommand_LockfileWithExplicitParseAs/"apk-installed"_is_supported - 1] Scanned /testdata/locks-many/installed file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5188,7 +4961,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/"dpkg-status"_is_supported - 1] Scanned /testdata/locks-many/status file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5200,7 +4972,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/absolute_paths_are_automatically_escaped_on_windows - 1] Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5222,7 +4993,6 @@ extraction failed on specified lockfile [TestCommand_LockfileWithExplicitParseAs/absolute_paths_work_with_explicit_escaping - 1] Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5234,7 +5004,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/empty_is_default - 1] Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5280,7 +5049,6 @@ Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/my-yarn.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 3 vulnerabilities can be fixed. @@ -5306,7 +5074,6 @@ Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/my-yarn.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 3 vulnerabilities can be fixed. @@ -5327,7 +5094,6 @@ Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medi [TestCommand_LockfileWithExplicitParseAs/one_lockfile_with_local_path - 1] Scanned /testdata/locks-many/replace-local.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. No issues found @@ -5362,7 +5128,6 @@ Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 2 known vulnerabilities (1 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 2 vulnerabilities can be fixed. @@ -5381,7 +5146,6 @@ Total 2 packages affected by 2 known vulnerabilities (1 Critical, 1 High, 0 Medi --- [TestCommand_MoreLockfiles/Package.resolved_-_Unsupported_ecosystem,_should_not_be_scanned - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5391,7 +5155,6 @@ could not determine extractor suitable to this file: "/testdata/locks-s --- [TestCommand_MoreLockfiles/Podfile.lock_-_Unsupported_ecosystem,_should_not_be_scanned - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5402,7 +5165,6 @@ could not determine extractor suitable to this file: "/testdata/locks-s [TestCommand_MoreLockfiles/cabal.project.freeze - 1] Scanned /testdata/locks-scalibr/cabal.project.freeze file and found 6 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5421,7 +5183,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/depsjson - 1] Scanned /testdata/locks-scalibr/depsjson file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5440,10 +5201,9 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/gems.locked - 1] Scanned /testdata/locks-scalibr/gems.locked file and found 26 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. -Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medium, 0 Low, 3 Unknown) from 1 ecosystem. -6 vulnerabilities can be fixed. +Total 2 packages affected by 5 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 3 Unknown) from 1 ecosystem. +5 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -5453,7 +5213,6 @@ Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medi | https://osv.dev/GHSA-5w6v-399v-w3cc | | RubyGems | nokogiri | 1.18.2 | 1.18.8 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-mrxw-mxhj-p664 | 7.8 | RubyGems | nokogiri | 1.18.2 | 1.18.4 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-vvfq-8hwr-qm4m | | RubyGems | nokogiri | 1.18.2 | 1.18.3 | testdata/locks-scalibr/gems.locked | -| https://osv.dev/GHSA-wx95-c6cv-8532 | 5.3 | RubyGems | nokogiri | 1.18.2 | 1.19.1 | testdata/locks-scalibr/gems.locked | +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ --- @@ -5464,7 +5223,6 @@ Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medi [TestCommand_MoreLockfiles/packages.config - 1] Scanned /testdata/locks-scalibr/packages.config file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -5475,7 +5233,6 @@ No issues found [TestCommand_MoreLockfiles/packages.lock.json - 1] Scanned /testdata/locks-scalibr/packages.lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -5486,7 +5243,6 @@ No issues found [TestCommand_MoreLockfiles/stack.yaml.lock - 1] Scanned /testdata/locks-scalibr/stack.yaml.lock file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found --- @@ -5497,7 +5253,6 @@ No issues found [TestCommand_MoreLockfiles/uv.lock - 1] Scanned /testdata/locks-scalibr/uv.lock file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 2 vulnerabilities can be fixed. @@ -5536,7 +5291,6 @@ No package sources found, --help for usage information. [TestCommand_Transitive/pom.xml_multiple_registries - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5571,7 +5325,6 @@ No issues found [TestCommand_Transitive/pom.xml_non_utf8_encoding - 1] Scanned /testdata/maven-transitive/encoding.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5603,7 +5356,6 @@ No issues found [TestCommand_Transitive/pom.xml_transitive_default - 1] Scanning dir ./testdata/maven-transitive/pom.xml Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 5 vulnerabilities can be fixed. @@ -5626,7 +5378,6 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu [TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - 1] Scanned /testdata/maven-transitive/abc.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 5 vulnerabilities can be fixed. @@ -5717,7 +5468,6 @@ Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/ Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j/2.14.1/log4j-2.14.1.pom Fetching response from: https://repo.maven.apache.org/maven2/org/apache/logging/logging-parent/3/logging-parent-3.pom Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5741,7 +5491,6 @@ Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medi [TestCommand_Transitive/requirements.txt_enricher_requires_extractor - 1] Scanning dir ./testdata/locks-requirements/requirements-transitive.txt -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5819,7 +5568,6 @@ Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Med [TestCommand_Transitive/requirements.txt_resolution_fallback - 1] Scanning dir ./testdata/locks-requirements/unresolvable-requirements.txt Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 9 vulnerabilities can be fixed. @@ -5849,7 +5597,6 @@ Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medi [TestCommand_Transitive/requirements.txt_transitive_default - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 22 vulnerabilities can be fixed. @@ -5896,7 +5643,6 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me [TestCommand_Transitive/requirements.txt_transitive_native_source - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 22 vulnerabilities can be fixed. @@ -5944,7 +5690,6 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me [TestCommand_WithDetector_OffLinux/ssh_version_errors - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5957,7 +5702,6 @@ No issues found [TestCommand_WithDetector_OffLinux/ssh_version_is_after_last_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5970,7 +5714,6 @@ No issues found [TestCommand_WithDetector_OffLinux/ssh_version_is_before_first_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5984,7 +5727,6 @@ No issues found Scanning dir /composer.lock Command "ssh -V": exit status 1 Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -5997,7 +5739,6 @@ No issues found [TestCommand_WithDetector_OnLinux/ssh_version_is_after_last_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -6010,7 +5751,6 @@ No issues found [TestCommand_WithDetector_OnLinux/ssh_version_is_before_first_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index 10eef520e31..69201e91d54 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -53,106 +53,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 1024 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - }, - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/.gitignored_files - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 37 - body: | - { - "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} - ] - } - headers: - Content-Length: - - "37" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -402,7 +302,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2545 + content_length: 2349 body: | { "results": [ @@ -446,23 +346,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -470,7 +370,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -478,7 +378,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -490,47 +390,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -538,7 +438,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -546,27 +446,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] } @@ -574,7 +462,37 @@ interactions: } headers: Content-Length: - - "2545" + - "2349" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" Content-Type: - application/json status: 200 OK @@ -616,7 +534,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 5077 + content_length: 4685 body: | { "results": [ @@ -660,23 +578,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -684,7 +602,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -692,7 +610,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -704,47 +622,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -752,7 +670,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -760,27 +678,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] }, @@ -824,23 +730,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -848,7 +754,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -856,7 +762,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -868,47 +774,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -916,7 +822,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -924,27 +830,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] } @@ -952,7 +846,37 @@ interactions: } headers: Content-Length: - - "5077" + - "4685" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version,_recursive + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" Content-Type: - application/json status: 200 OK @@ -987,7 +911,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2545 + content_length: 2349 body: | { "results": [ @@ -1031,23 +955,23 @@ interactions: }, { "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" + "modified": "2026-02-04T03:12:40.161810Z" }, { "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" + "modified": "2026-02-04T04:08:23.540638Z" }, { "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" + "modified": "2026-02-04T02:48:47.083537Z" }, { "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" + "modified": "2025-01-30T20:12:14.327943Z" }, { "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" + "modified": "2025-01-30T20:12:08.973745Z" }, { "id": "GO-2025-3447", @@ -1055,7 +979,7 @@ interactions: }, { "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" + "modified": "2026-02-04T04:25:10.326223Z" }, { "id": "GO-2025-3750", @@ -1063,7 +987,7 @@ interactions: }, { "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" + "modified": "2026-02-04T02:40:11.578822Z" }, { "id": "GO-2025-3849", @@ -1075,47 +999,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -1123,7 +1047,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -1131,27 +1055,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" + "modified": "2026-02-04T02:59:19.152891Z" }, { "id": "GO-2026-4403", "modified": "2026-02-06T09:40:56.765821Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" } ] } @@ -1159,7 +1071,37 @@ interactions: } headers: Content-Length: - - "2545" + - "2349" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version_and_licences + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" Content-Type: - application/json status: 200 OK @@ -1285,7 +1227,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -1302,7 +1244,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -1313,19 +1255,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -1333,7 +1267,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -1709,7 +1643,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1281 + content_length: 1128 body: | { "results": [ @@ -1717,7 +1651,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -1728,11 +1662,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2025-11-20T12:19:03.518975Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2025-11-20T12:19:06.047365Z" } ] }, @@ -1751,25 +1685,14 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, {}, {}, {}, - { - "vulns": [ - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" - } - ] - }, + {}, { "vulns": [ { @@ -1819,7 +1742,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -1829,7 +1752,7 @@ interactions: } headers: Content-Length: - - "1281" + - "1128" Content-Type: - application/json status: 200 OK @@ -1839,7 +1762,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 151 + content_length: 3253 host: api.osv.dev body: | { @@ -1847,39 +1770,356 @@ interactions: { "package": { "ecosystem": "Packagist", - "name": "sentry/sdk" + "name": "league/flysystem" }, - "version": "2.0.4" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/config_file_is_invalid - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 16 - body: | - { - "results": [ - {} - ] - } - headers: - Content-Length: - - "16" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + }, + { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973" + }, + { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d" + }, + { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6" + }, + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-baselayout" + }, + "version": "3.4.0-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-baselayout-data" + }, + "version": "3.4.0-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-keys" + }, + "version": "2.4-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "apk-tools" + }, + "version": "2.12.10-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "busybox-binsh" + }, + "version": "1.36.1-r27" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "ca-certificates-bundle" + }, + "version": "20220614-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libc-utils" + }, + "version": "0.7.2-r3" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libcrypto3" + }, + "version": "3.0.8-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libssl3" + }, + "version": "3.0.8-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "musl" + }, + "version": "1.2.3-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "musl-utils" + }, + "version": "1.2.3-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "scanelf" + }, + "version": "1.3.5-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "ssl_client" + }, + "version": "1.36.1-r27" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "zlib" + }, + "version": "1.2.13-r0" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/core" + }, + "version": "10.4.5" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/simple_sitemap" + }, + "version": "4.2.1" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/tfa" + }, + "version": "2.0.0-alpha4" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "theseer/tokenizer" + }, + "version": "1.1.3" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_file_can_be_broad + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1278 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {}, + { + "vulns": [ + { + "id": "CVE-2023-39137", + "modified": "2025-11-20T12:19:03.518975Z" + }, + { + "id": "CVE-2023-39139", + "modified": "2025-11-20T12:19:06.047365Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2025-26519", + "modified": "2025-12-11T11:01:04.579010Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-03-09T02:10:12.057314Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-03-09T02:09:33.041671Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CORE-2025-005", + "modified": "2025-12-10T23:41:07.744028Z" + }, + { + "id": "DRUPAL-CORE-2025-006", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "DRUPAL-CORE-2025-007", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "DRUPAL-CORE-2025-008", + "modified": "2025-12-10T23:41:00.167393Z" + }, + { + "id": "GHSA-83v7-c2cf-p9c2", + "modified": "2025-12-10T23:41:07.744028Z" + }, + { + "id": "GHSA-h89p-5896-f4q8", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "GHSA-m6vv-vcj8-w8m7", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "GHSA-mhpg-hpj5-73r2", + "modified": "2026-02-03T03:15:35.495869Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CONTRIB-2025-083", + "modified": "2025-12-10T23:41:32.857305Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {} + ] + } + headers: + Content-Length: + - "1278" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 151 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_file_is_invalid + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 16 + body: | + { + "results": [ + {} + ] + } + headers: + Content-Length: + - "16" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 @@ -1893,28 +2133,178 @@ interactions: "ecosystem": "RubyGems", "name": "ast" }, - "version": "2.4.2" + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "balanced-match" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 25 + body: | + { + "results": [ + {}, + {}, + {}, + {} + ] + } + headers: + Content-Length: + - "25" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 519 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/cyclonedx_1.4_output + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 638 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" }, { "package": { "ecosystem": "Packagist", - "name": "sentry/sdk" + "name": "league/flysystem" }, - "version": "2.0.4" + "version": "1.0.8" }, { "package": { - "ecosystem": "npm", - "name": "ansi-html" + "ecosystem": "Go", + "name": "stdlib" }, - "version": "0.0.8" + "version": "1.99.9" }, { "package": { - "ecosystem": "npm", - "name": "balanced-match" + "ecosystem": "Go", + "name": "toolchain" }, - "version": "1.0.2" + "version": "1.99.9" } ] } @@ -1922,26 +2312,34 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id + - TestCommand/cyclonedx_1.4_output url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 25 + content_length: 107 body: | { "results": [ {}, {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-02-04T03:17:54.277407Z" + } + ] + }, {}, {} ] } headers: Content-Length: - - "25" + - "107" Content-Type: - application/json status: 200 OK @@ -1997,7 +2395,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/cyclonedx_1.4_output + - TestCommand/cyclonedx_1.5_output url: https://api.osv.dev/v1/querybatch method: POST response: @@ -2014,7 +2412,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -2034,7 +2432,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 638 + content_length: 519 host: api.osv.dev body: | { @@ -2060,13 +2458,6 @@ interactions: }, "version": "1.0.8" }, - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.99.9" - }, { "package": { "ecosystem": "Go", @@ -2087,7 +2478,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 107 + content_length: 104 body: | { "results": [ @@ -2097,17 +2488,16 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-03-10T23:45:30.937461Z" } ] }, - {}, {} ] } headers: Content-Length: - - "107" + - "104" Content-Type: - application/json status: 200 OK @@ -3700,7 +4090,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 22183 + content_length: 21592 body: | { "results": [ @@ -3708,15 +4098,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -3733,7 +4115,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -3744,19 +4126,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -3781,7 +4155,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-3374", - "modified": "2025-11-19T02:02:53.209453Z" + "modified": "2025-11-20T10:07:04.572010Z" }, { "id": "DEBIAN-CVE-2018-0501", @@ -3801,11 +4175,11 @@ interactions: }, { "id": "DSA-4685-1", - "modified": "2026-03-09T02:09:03.263738Z" + "modified": "2025-05-26T07:21:59.359875Z" }, { "id": "DSA-4808-1", - "modified": "2026-03-09T02:11:17.119108Z" + "modified": "2025-05-26T07:21:52.187597Z" } ] }, @@ -3819,7 +4193,7 @@ interactions: }, { "id": "DEBIAN-CVE-2022-3715", - "modified": "2025-11-19T01:08:50.887794Z" + "modified": "2025-11-20T10:15:59.798571Z" } ] }, @@ -3828,11 +4202,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-2781", - "modified": "2025-11-19T01:01:52.991827Z" + "modified": "2025-11-20T10:12:10.315580Z" }, { "id": "DEBIAN-CVE-2017-18018", - "modified": "2025-11-19T02:04:37.225425Z" + "modified": "2025-11-20T10:13:03.410084Z" }, { "id": "DEBIAN-CVE-2024-0684", @@ -3840,7 +4214,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-5278", - "modified": "2025-11-19T02:02:46.085480Z" + "modified": "2025-11-20T10:18:24.026350Z" } ] }, @@ -3850,7 +4224,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -3861,23 +4235,19 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1664", - "modified": "2025-11-19T02:02:46.659008Z" + "modified": "2025-11-20T10:15:48.083782Z" }, { "id": "DEBIAN-CVE-2025-6297", - "modified": "2025-11-19T02:04:34.056218Z" - }, - { - "id": "DEBIAN-CVE-2026-2219", - "modified": "2026-03-14T15:06:12.109941Z" + "modified": "2025-11-20T10:18:27.456848Z" }, { "id": "DLA-3022-1", - "modified": "2026-03-09T01:23:37.553205Z" + "modified": "2025-05-26T07:22:47.007443Z" }, { "id": "DSA-5147-1", - "modified": "2026-03-09T02:10:11.335992Z" + "modified": "2025-05-26T07:22:47.069263Z" } ] }, @@ -3894,15 +4264,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-1304", - "modified": "2025-11-19T02:02:38.540864Z" + "modified": "2025-11-20T10:15:47.847878Z" }, { "id": "DLA-3910-1", - "modified": "2026-03-09T01:22:32.343795Z" + "modified": "2025-05-26T07:22:45.827447Z" }, { "id": "DSA-4535-1", - "modified": "2026-03-09T02:10:12.902574Z" + "modified": "2025-05-26T07:21:16.735871Z" } ] }, @@ -3940,7 +4310,7 @@ interactions: }, { "id": "GHSA-v95c-p5hm-xq8f", - "modified": "2026-03-13T22:16:11.684125Z" + "modified": "2026-02-04T04:14:39.014326Z" }, { "id": "GHSA-vpvm-3wq2-2wvm", @@ -3956,19 +4326,19 @@ interactions: }, { "id": "GO-2022-0452", - "modified": "2026-02-04T03:17:02.340230Z" + "modified": "2026-02-05T00:56:58.617380Z" }, { "id": "GO-2023-1627", - "modified": "2026-02-04T03:58:42.107712Z" + "modified": "2026-02-04T06:40:30.956132Z" }, { "id": "GO-2023-1682", - "modified": "2026-02-04T02:59:23.815900Z" + "modified": "2026-02-05T01:12:55.466513Z" }, { "id": "GO-2023-1683", - "modified": "2026-02-04T04:01:58.343687Z" + "modified": "2026-02-04T06:56:17.304906Z" }, { "id": "GO-2024-2491", @@ -3976,7 +4346,7 @@ interactions: }, { "id": "GO-2024-3110", - "modified": "2026-02-04T02:23:26.560077Z" + "modified": "2026-02-04T17:25:12.514853Z" }, { "id": "GO-2025-4096", @@ -3988,7 +4358,7 @@ interactions: }, { "id": "GO-2025-4098", - "modified": "2026-02-04T02:52:46.004719Z" + "modified": "2026-02-05T09:13:43.863740Z" } ] }, @@ -4013,11 +4383,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DSA-5122-1", - "modified": "2026-03-09T02:09:10.163691Z" + "modified": "2025-05-26T07:22:45.579215Z" } ] }, @@ -4059,7 +4429,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-6829", - "modified": "2026-03-10T05:05:47.263837Z" + "modified": "2025-11-20T10:13:52.315674Z" }, { "id": "DEBIAN-CVE-2019-13627", @@ -4067,7 +4437,7 @@ interactions: }, { "id": "DEBIAN-CVE-2021-33560", - "modified": "2026-03-10T05:07:08.938163Z" + "modified": "2025-11-20T10:15:42.132245Z" }, { "id": "DEBIAN-CVE-2021-40528", @@ -4075,7 +4445,7 @@ interactions: }, { "id": "DEBIAN-CVE-2024-2236", - "modified": "2026-03-10T05:09:58.705229Z" + "modified": "2025-11-20T10:17:03.685651Z" } ] }, @@ -4141,27 +4511,27 @@ interactions: }, { "id": "DEBIAN-CVE-2021-46848", - "modified": "2025-11-19T02:01:15.883722Z" + "modified": "2025-11-20T10:15:14.681077Z" }, { "id": "DEBIAN-CVE-2024-12133", - "modified": "2025-11-19T01:12:36.661080Z" + "modified": "2025-11-20T10:17:02.620233Z" }, { "id": "DEBIAN-CVE-2025-13151", - "modified": "2026-01-20T05:01:23.018954Z" + "modified": "2026-01-20T05:13:20.502324Z" }, { "id": "DLA-3263-1", - "modified": "2026-03-09T01:22:34.273046Z" + "modified": "2025-05-26T07:22:42.617563Z" }, { "id": "DLA-4061-1", - "modified": "2026-03-09T01:20:16.124977Z" + "modified": "2025-05-26T07:23:58.435350Z" }, { "id": "DSA-5863-1", - "modified": "2026-03-09T02:08:50.747280Z" + "modified": "2025-05-26T07:23:58.495667Z" } ] }, @@ -4173,7 +4543,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-3709", - "modified": "2025-11-19T02:04:33.864716Z" + "modified": "2025-11-20T10:12:11.931996Z" }, { "id": "DEBIAN-CVE-2016-9318", @@ -4281,139 +4651,139 @@ interactions: }, { "id": "DEBIAN-CVE-2022-2309", - "modified": "2025-11-19T01:19:06.888Z" + "modified": "2025-11-20T10:15:28.694644Z" }, { "id": "DEBIAN-CVE-2022-23308", - "modified": "2025-11-19T02:01:18.152974Z" + "modified": "2025-11-20T10:15:29.029152Z" }, { "id": "DEBIAN-CVE-2022-29824", - "modified": "2025-11-19T02:04:38.738903Z" + "modified": "2025-11-20T10:15:52.814213Z" }, { "id": "DEBIAN-CVE-2022-40303", - "modified": "2025-11-19T01:01:57.785896Z" + "modified": "2025-11-20T10:16:01.982632Z" }, { "id": "DEBIAN-CVE-2022-40304", - "modified": "2025-11-19T01:06:26.094431Z" + "modified": "2025-11-20T10:16:01.918054Z" }, { "id": "DEBIAN-CVE-2022-49043", - "modified": "2025-11-19T02:02:50.782379Z" + "modified": "2025-11-20T10:16:12.358770Z" }, { "id": "DEBIAN-CVE-2023-28484", - "modified": "2025-11-19T01:19:08.743303Z" + "modified": "2025-11-20T10:16:35.199991Z" }, { "id": "DEBIAN-CVE-2023-29469", - "modified": "2025-11-19T01:19:08.724068Z" + "modified": "2025-11-20T10:17:34.943682Z" }, { "id": "DEBIAN-CVE-2023-39615", - "modified": "2025-11-19T02:02:52.012148Z" + "modified": "2025-11-20T10:16:41.593841Z" }, { "id": "DEBIAN-CVE-2023-45322", - "modified": "2025-11-19T01:06:25.116541Z" + "modified": "2025-11-20T10:16:44.891362Z" }, { "id": "DEBIAN-CVE-2024-25062", - "modified": "2025-11-19T01:08:46.580742Z" + "modified": "2025-11-20T10:17:04.986212Z" }, { "id": "DEBIAN-CVE-2024-34459", - "modified": "2025-11-19T02:02:47.091764Z" + "modified": "2025-11-20T10:17:41.570595Z" }, { "id": "DEBIAN-CVE-2024-56171", - "modified": "2025-11-19T02:02:52.483954Z" + "modified": "2025-11-20T10:17:48.605695Z" }, { "id": "DEBIAN-CVE-2025-24928", - "modified": "2025-11-19T02:02:46.051341Z" + "modified": "2025-11-20T10:18:05.778161Z" }, { "id": "DEBIAN-CVE-2025-27113", - "modified": "2025-11-19T01:03:10.967990Z" + "modified": "2025-11-20T10:18:06.358243Z" }, { "id": "DEBIAN-CVE-2025-32414", - "modified": "2025-11-19T01:03:12.180021Z" + "modified": "2025-11-20T10:18:08.076077Z" }, { "id": "DEBIAN-CVE-2025-32415", - "modified": "2025-11-19T01:19:04.543204Z" + "modified": "2025-11-20T10:18:08.251077Z" }, { "id": "DEBIAN-CVE-2025-49794", - "modified": "2025-11-19T02:02:44.020678Z" + "modified": "2025-11-20T10:18:23.322205Z" }, { "id": "DEBIAN-CVE-2025-49796", - "modified": "2025-11-19T01:04:38.934970Z" + "modified": "2025-11-20T10:18:23.585429Z" }, { "id": "DEBIAN-CVE-2025-6021", - "modified": "2025-11-19T01:19:06.898251Z" + "modified": "2025-11-20T10:18:26.314947Z" }, { "id": "DEBIAN-CVE-2025-6170", - "modified": "2025-11-19T02:02:49.894877Z" + "modified": "2025-11-20T10:18:26.670728Z" }, { "id": "DEBIAN-CVE-2025-8732", - "modified": "2025-12-14T10:01:32.599913Z" + "modified": "2025-12-14T10:13:26.467517Z" }, { "id": "DEBIAN-CVE-2025-9714", - "modified": "2026-01-10T14:00:56.039647Z" + "modified": "2026-01-10T14:08:12.148171Z" }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:01:10.004195Z" + "modified": "2026-01-16T11:05:07.928323Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:01:06.477646Z" + "modified": "2026-01-16T11:05:23.527352Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:01:12.961282Z" + "modified": "2026-01-16T11:05:10.515041Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:01:11.767706Z" + "modified": "2026-02-03T11:16:44.779248Z" }, { "id": "DLA-3012-1", - "modified": "2026-03-09T01:20:46.878115Z" + "modified": "2025-05-26T07:23:01.266561Z" }, { "id": "DLA-3172-1", - "modified": "2026-03-09T01:19:54.747665Z" + "modified": "2025-05-26T07:23:10.448009Z" }, { "id": "DLA-3405-1", - "modified": "2026-03-09T01:01:29.748040Z" + "modified": "2025-05-26T07:23:30.714665Z" }, { "id": "DLA-3878-1", - "modified": "2026-03-09T01:20:38.676387Z" + "modified": "2025-05-26T07:18:39.626843Z" }, { "id": "DLA-4064-1", - "modified": "2026-03-09T01:20:30.558703Z" + "modified": "2025-05-26T07:23:19.568188Z" }, { "id": "DLA-4146-1", - "modified": "2026-03-09T01:22:43.732573Z" + "modified": "2025-05-26T06:58:47.071983Z" }, { "id": "DLA-4251-1", - "modified": "2026-03-09T02:11:12.986866Z" + "modified": "2025-07-26T19:45:29.054316Z" }, { "id": "DLA-4319-1", @@ -4421,19 +4791,19 @@ interactions: }, { "id": "DSA-5142-1", - "modified": "2026-03-09T02:10:58.737631Z" + "modified": "2025-05-26T07:23:01.328825Z" }, { "id": "DSA-5271-1", - "modified": "2026-03-09T02:10:55.154283Z" + "modified": "2025-05-26T07:23:10.510965Z" }, { "id": "DSA-5391-1", - "modified": "2026-03-09T02:09:39.164621Z" + "modified": "2025-05-26T07:23:30.774960Z" }, { "id": "DSA-5949-1", - "modified": "2026-03-09T02:09:32.257423Z" + "modified": "2025-06-25T19:16:29.342484Z" }, { "id": "DSA-5990-1", @@ -4516,31 +4886,31 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3711", - "modified": "2025-11-19T01:03:12.176806Z" + "modified": "2025-11-20T10:15:44.121033Z" }, { "id": "DEBIAN-CVE-2021-3712", - "modified": "2025-11-19T01:06:25.943191Z" + "modified": "2025-11-20T10:15:44.130193Z" }, { "id": "DEBIAN-CVE-2021-4160", - "modified": "2025-11-19T02:02:49.031761Z" + "modified": "2025-11-20T10:15:10.185497Z" }, { "id": "DEBIAN-CVE-2022-0778", - "modified": "2025-11-19T01:19:03.832130Z" + "modified": "2025-11-20T10:15:47.332694Z" }, { "id": "DEBIAN-CVE-2022-1292", - "modified": "2025-11-19T02:02:51.844077Z" + "modified": "2025-11-20T10:15:25.471825Z" }, { "id": "DEBIAN-CVE-2022-2068", - "modified": "2025-11-19T02:02:42.085448Z" + "modified": "2025-11-20T10:15:27.022420Z" }, { "id": "DEBIAN-CVE-2022-2097", - "modified": "2025-11-19T01:02:00.163331Z" + "modified": "2025-11-20T10:15:27.065089Z" }, { "id": "DEBIAN-CVE-2022-2274", @@ -4568,15 +4938,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-4304", - "modified": "2025-11-19T01:12:34.364246Z" + "modified": "2025-11-20T10:16:04.313466Z" }, { "id": "DEBIAN-CVE-2022-4450", - "modified": "2025-11-19T01:03:13.857958Z" + "modified": "2025-11-20T10:16:05.367442Z" }, { "id": "DEBIAN-CVE-2023-0215", - "modified": "2025-11-19T02:01:14.351313Z" + "modified": "2025-11-20T10:16:27.838296Z" }, { "id": "DEBIAN-CVE-2023-0216", @@ -4588,7 +4958,7 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0286", - "modified": "2025-11-19T02:04:31.583209Z" + "modified": "2025-11-20T10:16:27.985311Z" }, { "id": "DEBIAN-CVE-2023-0401", @@ -4596,15 +4966,15 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0464", - "modified": "2025-11-19T02:02:47.611909Z" + "modified": "2025-11-20T10:16:28.057931Z" }, { "id": "DEBIAN-CVE-2023-0465", - "modified": "2025-11-19T01:19:04.585309Z" + "modified": "2025-11-20T10:16:28.143046Z" }, { "id": "DEBIAN-CVE-2023-0466", - "modified": "2025-11-19T02:02:51.634240Z" + "modified": "2025-11-20T10:16:28.053837Z" }, { "id": "DEBIAN-CVE-2023-1255", @@ -4612,39 +4982,39 @@ interactions: }, { "id": "DEBIAN-CVE-2023-2650", - "modified": "2025-11-19T01:06:23.059084Z" + "modified": "2025-11-20T10:17:34.439123Z" }, { "id": "DEBIAN-CVE-2023-2975", - "modified": "2025-11-19T01:12:34.218584Z" + "modified": "2025-11-20T10:16:36.112183Z" }, { "id": "DEBIAN-CVE-2023-3446", - "modified": "2025-11-19T02:02:48.905632Z" + "modified": "2025-11-20T10:16:38.860251Z" }, { "id": "DEBIAN-CVE-2023-3817", - "modified": "2025-11-19T01:08:51.044831Z" + "modified": "2025-11-20T10:17:35.737266Z" }, { "id": "DEBIAN-CVE-2023-5363", - "modified": "2025-11-19T02:04:32.554455Z" + "modified": "2025-11-20T10:16:59.430619Z" }, { "id": "DEBIAN-CVE-2023-5678", - "modified": "2025-11-19T01:04:41.738503Z" + "modified": "2025-11-20T10:17:38.719690Z" }, { "id": "DEBIAN-CVE-2023-6129", - "modified": "2025-11-19T01:01:55.283596Z" + "modified": "2025-11-20T10:17:39.029757Z" }, { "id": "DEBIAN-CVE-2023-6237", - "modified": "2025-11-19T02:02:39.792151Z" + "modified": "2025-11-20T10:17:39.218097Z" }, { "id": "DEBIAN-CVE-2024-0727", - "modified": "2025-11-19T01:04:40.537945Z" + "modified": "2025-11-20T10:17:01.258658Z" }, { "id": "DEBIAN-CVE-2024-12797", @@ -4652,51 +5022,51 @@ interactions: }, { "id": "DEBIAN-CVE-2024-13176", - "modified": "2026-01-10T14:00:51.432887Z" + "modified": "2026-01-10T14:06:53.941794Z" }, { "id": "DEBIAN-CVE-2024-2511", - "modified": "2025-11-19T02:04:38.588479Z" + "modified": "2025-11-20T10:17:05.139581Z" }, { "id": "DEBIAN-CVE-2024-4603", - "modified": "2025-11-19T02:04:28.636018Z" + "modified": "2025-11-20T10:17:43.955114Z" }, { "id": "DEBIAN-CVE-2024-4741", - "modified": "2025-11-19T01:01:56.969337Z" + "modified": "2025-11-20T10:17:26.990307Z" }, { "id": "DEBIAN-CVE-2024-5535", - "modified": "2025-11-19T02:02:53.246805Z" + "modified": "2025-11-20T10:17:48.194687Z" }, { "id": "DEBIAN-CVE-2024-6119", - "modified": "2025-11-19T02:04:35.555400Z" + "modified": "2025-11-20T10:17:53.824117Z" }, { "id": "DEBIAN-CVE-2024-9143", - "modified": "2025-11-19T01:01:56.791165Z" + "modified": "2025-11-20T10:17:55.864918Z" }, { "id": "DEBIAN-CVE-2025-11187", - "modified": "2026-02-01T20:01:22.848980Z" + "modified": "2026-02-01T20:15:44.382340Z" }, { "id": "DEBIAN-CVE-2025-15467", - "modified": "2026-02-26T08:01:15.079280Z" + "modified": "2026-02-01T20:16:03.195403Z" }, { "id": "DEBIAN-CVE-2025-15468", - "modified": "2026-02-01T20:01:21.279895Z" + "modified": "2026-02-01T20:15:50.413366Z" }, { "id": "DEBIAN-CVE-2025-15469", - "modified": "2026-02-01T20:01:16.747717Z" + "modified": "2026-02-01T20:15:56.347911Z" }, { "id": "DEBIAN-CVE-2025-27587", - "modified": "2025-11-19T01:03:13.852343Z" + "modified": "2025-11-20T10:18:06.745292Z" }, { "id": "DEBIAN-CVE-2025-4575", @@ -4704,143 +5074,135 @@ interactions: }, { "id": "DEBIAN-CVE-2025-66199", - "modified": "2026-02-01T20:01:23.308969Z" + "modified": "2026-02-01T20:15:59.468539Z" }, { "id": "DEBIAN-CVE-2025-68160", - "modified": "2026-02-23T15:01:30.829710Z" + "modified": "2026-02-01T20:15:53.558839Z" }, { "id": "DEBIAN-CVE-2025-69418", - "modified": "2026-02-23T15:01:34.534567Z" + "modified": "2026-02-01T20:16:10.273490Z" }, { "id": "DEBIAN-CVE-2025-69419", - "modified": "2026-02-23T15:01:26.866129Z" + "modified": "2026-02-01T20:16:13.803909Z" }, { "id": "DEBIAN-CVE-2025-69420", - "modified": "2026-02-23T15:01:24.396408Z" + "modified": "2026-02-01T20:15:47.671017Z" }, { "id": "DEBIAN-CVE-2025-69421", - "modified": "2026-02-23T15:01:33.767596Z" + "modified": "2026-02-03T11:16:34.961716Z" }, { "id": "DEBIAN-CVE-2025-9230", - "modified": "2025-11-19T02:02:49.060854Z" + "modified": "2025-11-20T10:18:28.690398Z" }, { "id": "DEBIAN-CVE-2025-9231", - "modified": "2025-11-19T02:04:23.949464Z" + "modified": "2025-11-20T10:18:28.713979Z" }, { "id": "DEBIAN-CVE-2025-9232", - "modified": "2025-11-19T02:02:53.725801Z" + "modified": "2025-11-20T10:18:28.748819Z" }, { "id": "DEBIAN-CVE-2026-22795", - "modified": "2026-02-23T15:01:35.146488Z" + "modified": "2026-02-01T20:15:40.679029Z" }, { "id": "DEBIAN-CVE-2026-22796", - "modified": "2026-02-23T15:01:28.414591Z" - }, - { - "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-14T16:48:13.279039Z" + "modified": "2026-02-01T20:16:16.928963Z" }, { "id": "DLA-3008-1", - "modified": "2026-03-09T01:23:33.375630Z" + "modified": "2025-05-26T07:22:45.706031Z" }, { "id": "DLA-3325-1", - "modified": "2026-03-09T01:19:40.983935Z" + "modified": "2025-05-26T07:22:47.806974Z" }, { "id": "DLA-3449-1", - "modified": "2026-03-09T01:22:47.322805Z" + "modified": "2025-05-26T07:23:20.191820Z" }, { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" }, { "id": "DLA-3942-1", - "modified": "2026-03-09T01:22:40.686044Z" + "modified": "2025-05-26T07:23:52.994725Z" }, { "id": "DLA-3942-2", - "modified": "2026-03-09T01:21:01.728730Z" + "modified": "2025-05-26T07:23:53.056205Z" }, { "id": "DLA-4176-1", - "modified": "2026-03-09T01:20:23.459313Z" + "modified": "2025-05-26T07:02:17.127596Z" }, { "id": "DLA-4321-1", "modified": "2025-10-03T16:33:24.717173Z" }, - { - "id": "DLA-4490-1", - "modified": "2026-02-23T10:30:28.927832Z" - }, { "id": "DSA-4539-1", - "modified": "2026-03-09T02:09:20.276054Z" + "modified": "2025-05-26T07:20:57.698150Z" }, { "id": "DSA-4539-3", - "modified": "2019-10-13T00:00:00Z" + "modified": "2025-05-26T07:05:14.261652Z" }, { "id": "DSA-4661-1", - "modified": "2026-03-09T02:08:53.792348Z" + "modified": "2025-05-26T07:21:44.983880Z" }, { "id": "DSA-4807-1", - "modified": "2026-03-09T02:10:20.442914Z" + "modified": "2025-05-26T07:21:45.227381Z" }, { "id": "DSA-4855-1", - "modified": "2026-03-09T02:11:29.405206Z" + "modified": "2025-05-26T07:20:57.944135Z" }, { "id": "DSA-4875-1", - "modified": "2026-03-09T02:10:05.387501Z" + "modified": "2025-05-26T07:22:25.295971Z" }, { "id": "DSA-4963-1", - "modified": "2026-03-09T02:10:15.488747Z" + "modified": "2025-05-26T07:22:29.610492Z" }, { "id": "DSA-5103-1", - "modified": "2026-03-09T02:09:42.407559Z" + "modified": "2025-05-26T07:22:36.298650Z" }, { "id": "DSA-5139-1", - "modified": "2026-03-09T02:09:17.334653Z" + "modified": "2025-05-26T07:22:45.765450Z" }, { "id": "DSA-5169-1", - "modified": "2026-03-09T02:09:37.692763Z" + "modified": "2025-05-26T07:22:47.687377Z" }, { "id": "DSA-5343-1", - "modified": "2026-03-09T02:09:47.149297Z" + "modified": "2025-05-26T07:22:47.870882Z" }, { "id": "DSA-5417-1", - "modified": "2026-03-09T02:09:39.950679Z" + "modified": "2025-05-26T07:23:20.254324Z" }, { "id": "DSA-5532-1", - "modified": "2026-03-09T02:08:31.395482Z" + "modified": "2025-05-26T07:23:52.176093Z" }, { "id": "DSA-5764-1", - "modified": "2026-03-09T02:09:02.723874Z" + "modified": "2025-05-26T07:24:15.576601Z" }, { "id": "DSA-6015-1", @@ -4848,7 +5210,7 @@ interactions: }, { "id": "DSA-6113-1", - "modified": "2026-01-27T20:30:04.397078Z" + "modified": "2026-01-27T20:15:37.634049Z" } ] }, @@ -4857,7 +5219,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-4116", - "modified": "2025-11-19T01:08:48.534508Z" + "modified": "2025-11-20T10:10:50.058601Z" }, { "id": "DEBIAN-CVE-2017-12837", @@ -4913,11 +5275,11 @@ interactions: }, { "id": "DEBIAN-CVE-2020-16156", - "modified": "2025-11-19T02:04:25.146090Z" + "modified": "2025-11-20T10:14:36.701112Z" }, { "id": "DEBIAN-CVE-2021-36770", - "modified": "2025-11-19T01:08:50.244924Z" + "modified": "2025-11-20T10:15:44.080114Z" }, { "id": "DEBIAN-CVE-2022-48522", @@ -4925,31 +5287,31 @@ interactions: }, { "id": "DEBIAN-CVE-2023-31484", - "modified": "2025-11-19T01:01:55.072028Z" + "modified": "2025-11-20T10:17:35.627220Z" }, { "id": "DEBIAN-CVE-2023-31486", - "modified": "2025-11-19T01:06:23.122275Z" + "modified": "2025-11-20T10:17:36.081192Z" }, { "id": "DEBIAN-CVE-2023-47038", - "modified": "2025-11-19T02:02:47.808046Z" + "modified": "2025-11-20T10:16:46.343364Z" }, { "id": "DEBIAN-CVE-2024-56406", - "modified": "2025-11-19T02:04:37.240014Z" + "modified": "2025-11-20T10:17:48.686371Z" }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-19T01:12:36.316842Z" + "modified": "2025-11-20T10:18:21.143971Z" }, { "id": "DLA-3926-1", - "modified": "2026-03-09T01:20:46.118633Z" + "modified": "2025-05-26T07:21:42.385892Z" }, { "id": "DSA-5902-1", - "modified": "2026-03-09T02:09:19.793163Z" + "modified": "2025-05-26T07:24:14.898997Z" } ] }, @@ -4961,35 +5323,35 @@ interactions: "vulns": [ { "id": "DLA-3072-1", - "modified": "2026-03-09T01:22:24.680239Z" + "modified": "2025-05-26T07:22:56.848703Z" }, { "id": "DLA-3189-1", - "modified": "2022-11-15T00:00:00Z" + "modified": "2025-05-26T07:01:07.887113Z" }, { "id": "DLA-3316-1", - "modified": "2023-02-10T00:00:00Z" + "modified": "2025-05-26T07:01:13.127412Z" }, { "id": "DLA-3422-1", - "modified": "2026-03-09T01:20:56.692752Z" + "modified": "2025-05-26T07:23:26.375715Z" }, { "id": "DLA-3600-1", - "modified": "2026-03-09T01:17:49.966197Z" + "modified": "2025-05-26T07:23:40.030714Z" }, { "id": "DLA-3651-1", - "modified": "2026-03-09T01:18:05.310519Z" + "modified": "2025-05-26T07:23:53.368012Z" }, { "id": "DLA-3764-1", - "modified": "2026-03-09T01:23:22.273526Z" + "modified": "2025-05-26T07:23:55.849014Z" }, { "id": "DSA-5135-1", - "modified": "2026-03-09T02:11:21.646978Z" + "modified": "2025-05-26T07:22:46.760638Z" } ] }, @@ -5012,7 +5374,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2005-2541", - "modified": "2025-11-19T02:02:39.239715Z" + "modified": "2025-11-20T10:09:01.923782Z" }, { "id": "DEBIAN-CVE-2018-20482", @@ -5028,15 +5390,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-48303", - "modified": "2025-11-19T01:01:59.298206Z" + "modified": "2025-11-20T10:16:07.552593Z" }, { "id": "DEBIAN-CVE-2023-39804", - "modified": "2025-11-19T02:02:53.596262Z" + "modified": "2025-11-20T10:16:41.587973Z" }, { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -5044,47 +5406,47 @@ interactions: "vulns": [ { "id": "DLA-3051-1", - "modified": "2022-06-15T00:00:00Z" + "modified": "2025-05-26T07:01:56.257796Z" }, { "id": "DLA-3134-1", - "modified": "2022-10-03T00:00:00Z" + "modified": "2025-05-26T07:01:01.500124Z" }, { "id": "DLA-3161-1", - "modified": "2022-10-26T00:00:00Z" + "modified": "2025-05-26T07:01:03.882213Z" }, { "id": "DLA-3366-1", - "modified": "2023-03-24T00:00:00Z" + "modified": "2025-05-26T07:01:17.027142Z" }, { "id": "DLA-3412-1", - "modified": "2023-05-02T00:00:00Z" + "modified": "2025-05-26T07:01:20.109212Z" }, { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" }, { "id": "DLA-3972-1", - "modified": "2024-11-28T00:00:00Z" + "modified": "2025-05-26T07:02:05.284676Z" }, { "id": "DLA-4085-1", - "modified": "2025-03-18T00:00:00Z" + "modified": "2025-05-26T07:02:10.958749Z" }, { "id": "DLA-4105-1", - "modified": "2025-04-01T00:00:00Z" + "modified": "2025-05-26T07:02:13.921097Z" }, { "id": "DLA-4403-1", - "modified": "2025-12-12T00:00:00Z" + "modified": "2025-12-12T10:13:37.154747Z" } ] }, @@ -5092,7 +5454,7 @@ interactions: "vulns": [ { "id": "DLA-4016-1", - "modified": "2025-01-16T00:00:00Z" + "modified": "2025-05-26T07:02:06.504254Z" } ] }, @@ -5104,7 +5466,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-7738", - "modified": "2025-11-19T02:04:41.803240Z" + "modified": "2025-11-20T10:13:54.493707Z" }, { "id": "DEBIAN-CVE-2021-37600", @@ -5112,39 +5474,35 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3995", - "modified": "2025-11-19T01:12:36.252792Z" + "modified": "2025-11-20T10:15:45.587792Z" }, { "id": "DEBIAN-CVE-2021-3996", - "modified": "2025-11-19T02:02:48.032233Z" + "modified": "2025-11-20T10:15:45.602424Z" }, { "id": "DEBIAN-CVE-2022-0563", - "modified": "2025-11-19T01:01:57.875266Z" + "modified": "2025-11-20T10:15:24.228408Z" }, { "id": "DEBIAN-CVE-2024-28085", - "modified": "2025-11-19T01:02:00.375077Z" + "modified": "2025-11-20T10:17:41.612682Z" }, { "id": "DEBIAN-CVE-2025-14104", - "modified": "2026-03-05T17:00:58.361610Z" - }, - { - "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2025-12-29T10:11:41.788817Z" }, { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" }, { "id": "DSA-5055-1", - "modified": "2026-03-09T02:10:40.826335Z" + "modified": "2025-05-26T07:22:33.646795Z" }, { "id": "DSA-5650-1", - "modified": "2026-03-09T02:08:30.371343Z" + "modified": "2025-05-26T07:24:03.887524Z" } ] }, @@ -5152,7 +5510,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DEBIAN-CVE-2024-3094", @@ -5160,15 +5518,15 @@ interactions: }, { "id": "DEBIAN-CVE-2025-31115", - "modified": "2025-11-19T02:02:42.561876Z" + "modified": "2025-11-20T10:18:07.484724Z" }, { "id": "DSA-5123-1", - "modified": "2026-03-09T02:10:46.054497Z" + "modified": "2025-05-26T07:22:45.643786Z" }, { "id": "DSA-5895-1", - "modified": "2026-03-09T02:08:52.515269Z" + "modified": "2025-05-26T07:24:22.556406Z" } ] }, @@ -5187,7 +5545,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -5198,19 +5556,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -5218,7 +5568,7 @@ interactions: } headers: Content-Length: - - "22183" + - "21592" Content-Type: - application/json status: 200 OK @@ -5311,7 +5661,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1549 + content_length: 1353 body: | { "results": [ @@ -5327,47 +5677,47 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2025-12-09T17:35:58.036871Z" }, { "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" + "modified": "2025-11-20T22:03:19Z" }, { "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" + "modified": "2025-11-06T13:59:30.251421Z" }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2025-11-06T13:59:40.511341Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2025-11-06T13:59:58.375627Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2025-11-06T13:59:40.997708Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2025-11-06T13:59:39.685338Z" }, { "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" + "modified": "2025-11-06T13:59:52.252801Z" }, { "id": "GO-2025-4014", - "modified": "2026-03-14T01:59:00.876670Z" + "modified": "2026-02-06T10:28:50.687933Z" }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2025-11-06T13:59:33.352271Z" }, { "id": "GO-2025-4155", - "modified": "2026-03-14T01:59:02.277729Z" + "modified": "2026-02-10T10:28:46.659942Z" }, { "id": "GO-2025-4175", @@ -5375,7 +5725,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-03-14T01:59:01.950781Z" + "modified": "2026-02-05T18:11:18.077689Z" }, { "id": "GO-2026-4340", @@ -5383,26 +5733,73 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-14T01:59:02.906234Z" + "modified": "2026-02-04T03:16:50.659443Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-14T01:59:01.361838Z" - }, + "modified": "2026-02-04T02:59:19.152891Z" + } + ] + }, + { + "vulns": [ { - "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "id": "GO-2025-3828", + "modified": "2026-02-04T03:33:13.542630Z" }, { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" + "id": "GO-2026-4339", + "modified": "2026-02-04T04:20:19.626029Z" }, { - "id": "GO-2026-4603", - "modified": "2026-03-10T10:43:54.330461Z" + "id": "GO-2026-4433", + "modified": "2026-02-10T12:58:52.032392Z" } ] - }, + } + ] + } + headers: + Content-Length: + - "1353" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 144 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.24.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/go_packages_in_osv-scanner.json_format + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 214 + body: | + { + "results": [ { "vulns": [ { @@ -5423,7 +5820,7 @@ interactions: } headers: Content-Length: - - "1549" + - "214" Content-Type: - application/json status: 200 OK @@ -6023,7 +6420,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -6040,7 +6437,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -6051,19 +6448,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -6071,7 +6460,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -6197,7 +6586,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -6214,7 +6603,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -6225,19 +6614,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -6245,7 +6626,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -6571,7 +6952,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -6588,7 +6969,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -6599,19 +6980,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -6619,7 +6992,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -6745,7 +7118,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -6762,7 +7135,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -6773,19 +7146,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -6793,7 +7158,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -7014,16 +7379,12 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4809 + content_length: 4450 body: | { "results": [ { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7034,14 +7395,7 @@ interactions: } ] }, - { - "vulns": [ - { - "id": "GHSA-3936-cmfr-pm3m", - "modified": "2026-03-14T01:46:41.190718Z" - } - ] - }, + {}, { "vulns": [ { @@ -7080,10 +7434,6 @@ interactions: }, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7245,10 +7595,6 @@ interactions: }, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7282,10 +7628,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -7344,7 +7686,7 @@ interactions: } headers: Content-Length: - - "4809" + - "4450" Content-Type: - application/json status: 200 OK @@ -7417,7 +7759,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -7433,6 +7775,81 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 519 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/spdx_2.3_output + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml index aa995f4b635..bc688bbb622 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml @@ -56,7 +56,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 3821 + content_length: 3627 body: | { "results": [ @@ -88,43 +88,31 @@ interactions: "vulns": [ { "id": "CVE-2023-44398", - "modified": "2026-03-14T12:15:05.895469Z" + "modified": "2026-02-04T03:41:11.470088Z" }, { "id": "CVE-2024-24826", - "modified": "2026-03-14T12:31:29.719981Z" + "modified": "2026-02-04T02:26:53.684677Z" }, { "id": "CVE-2024-25112", - "modified": "2026-03-14T12:27:30.328627Z" + "modified": "2026-02-04T02:37:14.709755Z" }, { "id": "CVE-2024-39695", - "modified": "2026-03-14T12:34:50.263863Z" + "modified": "2026-02-04T03:14:25.349363Z" }, { "id": "CVE-2025-26623", - "modified": "2026-03-08T15:58:57.067224Z" + "modified": "2026-02-04T03:56:03.433125Z" }, { "id": "CVE-2025-54080", - "modified": "2026-03-08T15:58:53.801236Z" + "modified": "2025-12-05T10:19:44.470703Z" }, { "id": "CVE-2025-55304", - "modified": "2026-03-08T15:59:02.674652Z" - }, - { - "id": "CVE-2026-25884", - "modified": "2026-03-08T15:58:58.717366Z" - }, - { - "id": "CVE-2026-27596", - "modified": "2026-03-03T02:56:32.656501Z" - }, - { - "id": "CVE-2026-27631", - "modified": "2026-03-08T16:18:26.088498Z" + "modified": "2025-12-05T10:20:18.929451Z" }, { "id": "OSV-2023-1161", @@ -132,7 +120,7 @@ interactions: }, { "id": "OSV-2024-340", - "modified": "2026-03-15T14:25:46.861264Z" + "modified": "2026-02-10T14:19:49.199805Z" }, { "id": "PYSEC-2023-233", @@ -144,31 +132,27 @@ interactions: "vulns": [ { "id": "CVE-2021-22569", - "modified": "2026-03-15T14:08:15.471655Z" - }, - { - "id": "CVE-2022-1941", - "modified": "2026-03-15T14:46:49.579973Z" + "modified": "2026-02-05T06:11:26.110922Z" }, { "id": "CVE-2022-3171", - "modified": "2026-03-14T15:01:36.349851Z" + "modified": "2026-02-06T04:36:05.194043Z" }, { "id": "CVE-2022-3509", - "modified": "2026-03-14T11:46:42.854777Z" + "modified": "2026-02-10T04:36:28.552049Z" }, { "id": "CVE-2022-3510", - "modified": "2026-03-14T11:46:31.172987Z" + "modified": "2026-02-10T04:36:33.474216Z" }, { "id": "CVE-2024-2410", - "modified": "2026-03-14T12:30:27.419430Z" + "modified": "2025-11-23T18:15:05.493990Z" }, { "id": "CVE-2024-7254", - "modified": "2026-03-12T17:24:46.870042Z" + "modified": "2026-02-11T01:13:18.446737Z" } ] }, @@ -184,11 +168,11 @@ interactions: "vulns": [ { "id": "CVE-2024-51757", - "modified": "2026-03-14T12:38:40.503950Z" + "modified": "2025-12-05T07:18:50.040081Z" }, { "id": "CVE-2025-61927", - "modified": "2026-03-14T12:44:19.001278Z" + "modified": "2025-12-05T10:21:07.408729Z" }, { "id": "CVE-2025-62410", @@ -200,91 +184,95 @@ interactions: "vulns": [ { "id": "CVE-2024-12797", - "modified": "2026-03-15T14:13:01.994465Z" + "modified": "2026-02-04T02:22:27.281434Z" }, { "id": "CVE-2024-13176", - "modified": "2026-03-15T14:51:45.713332Z" + "modified": "2026-02-10T04:39:15.938128Z" }, { "id": "CVE-2024-9143", - "modified": "2026-03-15T14:52:43.827010Z" + "modified": "2026-02-09T05:19:22.729717Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-15T14:54:18.484012Z" + "modified": "2026-02-04T03:20:05.701563Z" }, { "id": "CVE-2025-9231", - "modified": "2026-03-15T14:54:14.243650Z" + "modified": "2026-02-04T03:53:37.207871Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-15T14:54:15.246161Z" + "modified": "2026-02-04T03:11:15.966181Z" } ] }, { "vulns": [ + { + "id": "CVE-2016-2183", + "modified": "2026-02-06T22:14:42.576939Z" + }, { "id": "CVE-2025-11187", - "modified": "2026-03-13T22:14:04.753650Z" + "modified": "2026-02-11T02:51:53.937348Z" }, { "id": "CVE-2025-15467", - "modified": "2026-03-15T14:53:03.311608Z" + "modified": "2026-02-11T02:52:15.745075Z" }, { "id": "CVE-2025-15468", - "modified": "2026-03-15T14:53:05.662612Z" + "modified": "2026-02-11T02:52:08.129090Z" }, { "id": "CVE-2025-15469", - "modified": "2026-03-15T14:52:52.732682Z" + "modified": "2026-02-11T02:52:12.448139Z" }, { "id": "CVE-2025-66199", - "modified": "2026-03-15T14:15:22.516013Z" + "modified": "2026-02-11T02:56:47.234597Z" }, { "id": "CVE-2025-68160", - "modified": "2026-03-15T14:54:12.653472Z" + "modified": "2026-02-11T01:38:55.882307Z" }, { "id": "CVE-2025-69418", - "modified": "2026-03-14T12:45:25.725090Z" + "modified": "2026-02-11T01:49:18.912304Z" }, { "id": "CVE-2025-69419", - "modified": "2026-03-15T14:54:15.145493Z" + "modified": "2026-02-11T01:49:18.331310Z" }, { "id": "CVE-2025-69420", - "modified": "2026-03-15T14:54:02.448397Z" + "modified": "2026-02-11T01:50:20.280417Z" + }, + { + "id": "CVE-2025-69421", + "modified": "2026-02-11T01:50:20.995301Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-15T14:54:18.484012Z" + "modified": "2026-02-04T03:20:05.701563Z" }, { "id": "CVE-2025-9231", - "modified": "2026-03-15T14:54:14.243650Z" + "modified": "2026-02-04T03:53:37.207871Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-15T14:54:15.246161Z" + "modified": "2026-02-04T03:11:15.966181Z" }, { "id": "CVE-2026-22795", - "modified": "2026-03-15T14:55:17.107605Z" + "modified": "2026-02-04T21:35:16.876104Z" }, { "id": "CVE-2026-22796", - "modified": "2026-03-14T15:07:15.748012Z" - }, - { - "id": "CVE-2026-2673", - "modified": "2026-03-15T14:54:45.482332Z" + "modified": "2026-02-04T21:35:18.187133Z" } ] }, @@ -292,11 +280,11 @@ interactions: "vulns": [ { "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" + "modified": "2026-02-04T19:13:47.392964Z" }, { "id": "CVE-2023-6180", - "modified": "2026-03-13T21:59:51.199646Z" + "modified": "2026-02-04T09:41:59.254101Z" }, { "id": "CVE-2025-24898", @@ -304,7 +292,7 @@ interactions: }, { "id": "CVE-2025-3416", - "modified": "2026-03-14T15:04:13.605678Z" + "modified": "2026-02-04T04:35:26.013846Z" } ] }, @@ -312,23 +300,23 @@ interactions: "vulns": [ { "id": "CVE-2016-10931", - "modified": "2026-03-14T09:18:29.278606Z" + "modified": "2025-11-20T10:24:03.340401Z" }, { "id": "CVE-2018-20997", - "modified": "2026-03-14T09:29:08.646634Z" + "modified": "2025-11-20T10:49:27.770050Z" }, { "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" + "modified": "2026-02-04T19:13:47.392964Z" }, { "id": "CVE-2023-6180", - "modified": "2026-03-13T21:59:51.199646Z" + "modified": "2026-02-04T09:41:59.254101Z" }, { "id": "CVE-2025-3416", - "modified": "2026-03-14T15:04:13.605678Z" + "modified": "2026-02-04T04:35:26.013846Z" } ] } @@ -336,7 +324,7 @@ interactions: } headers: Content-Length: - - "3821" + - "3627" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml index 6f4b8b12893..d236f43399d 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 289 body: | { "results": [ @@ -138,7 +138,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -149,19 +149,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -169,7 +161,7 @@ interactions: } headers: Content-Length: - - "433" + - "289" Content-Type: - application/json status: 200 OK @@ -1408,7 +1400,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 22183 + content_length: 21592 body: | { "results": [ @@ -1416,15 +1408,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -1441,7 +1425,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -1452,19 +1436,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -1489,7 +1465,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-3374", - "modified": "2025-11-19T02:02:53.209453Z" + "modified": "2025-11-20T10:07:04.572010Z" }, { "id": "DEBIAN-CVE-2018-0501", @@ -1509,11 +1485,11 @@ interactions: }, { "id": "DSA-4685-1", - "modified": "2026-03-09T02:09:03.263738Z" + "modified": "2025-05-26T07:21:59.359875Z" }, { "id": "DSA-4808-1", - "modified": "2026-03-09T02:11:17.119108Z" + "modified": "2025-05-26T07:21:52.187597Z" } ] }, @@ -1527,7 +1503,7 @@ interactions: }, { "id": "DEBIAN-CVE-2022-3715", - "modified": "2025-11-19T01:08:50.887794Z" + "modified": "2025-11-20T10:15:59.798571Z" } ] }, @@ -1536,11 +1512,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-2781", - "modified": "2025-11-19T01:01:52.991827Z" + "modified": "2025-11-20T10:12:10.315580Z" }, { "id": "DEBIAN-CVE-2017-18018", - "modified": "2025-11-19T02:04:37.225425Z" + "modified": "2025-11-20T10:13:03.410084Z" }, { "id": "DEBIAN-CVE-2024-0684", @@ -1548,7 +1524,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-5278", - "modified": "2025-11-19T02:02:46.085480Z" + "modified": "2025-11-20T10:18:24.026350Z" } ] }, @@ -1558,7 +1534,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -1569,23 +1545,19 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1664", - "modified": "2025-11-19T02:02:46.659008Z" + "modified": "2025-11-20T10:15:48.083782Z" }, { "id": "DEBIAN-CVE-2025-6297", - "modified": "2025-11-19T02:04:34.056218Z" - }, - { - "id": "DEBIAN-CVE-2026-2219", - "modified": "2026-03-14T15:06:12.109941Z" + "modified": "2025-11-20T10:18:27.456848Z" }, { "id": "DLA-3022-1", - "modified": "2026-03-09T01:23:37.553205Z" + "modified": "2025-05-26T07:22:47.007443Z" }, { "id": "DSA-5147-1", - "modified": "2026-03-09T02:10:11.335992Z" + "modified": "2025-05-26T07:22:47.069263Z" } ] }, @@ -1602,15 +1574,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-1304", - "modified": "2025-11-19T02:02:38.540864Z" + "modified": "2025-11-20T10:15:47.847878Z" }, { "id": "DLA-3910-1", - "modified": "2026-03-09T01:22:32.343795Z" + "modified": "2025-05-26T07:22:45.827447Z" }, { "id": "DSA-4535-1", - "modified": "2026-03-09T02:10:12.902574Z" + "modified": "2025-05-26T07:21:16.735871Z" } ] }, @@ -1648,7 +1620,7 @@ interactions: }, { "id": "GHSA-v95c-p5hm-xq8f", - "modified": "2026-03-13T22:16:11.684125Z" + "modified": "2026-02-04T04:14:39.014326Z" }, { "id": "GHSA-vpvm-3wq2-2wvm", @@ -1664,19 +1636,19 @@ interactions: }, { "id": "GO-2022-0452", - "modified": "2026-02-04T03:17:02.340230Z" + "modified": "2026-02-05T00:56:58.617380Z" }, { "id": "GO-2023-1627", - "modified": "2026-02-04T03:58:42.107712Z" + "modified": "2026-02-04T06:40:30.956132Z" }, { "id": "GO-2023-1682", - "modified": "2026-02-04T02:59:23.815900Z" + "modified": "2026-02-05T01:12:55.466513Z" }, { "id": "GO-2023-1683", - "modified": "2026-02-04T04:01:58.343687Z" + "modified": "2026-02-04T06:56:17.304906Z" }, { "id": "GO-2024-2491", @@ -1684,7 +1656,7 @@ interactions: }, { "id": "GO-2024-3110", - "modified": "2026-02-04T02:23:26.560077Z" + "modified": "2026-02-04T17:25:12.514853Z" }, { "id": "GO-2025-4096", @@ -1696,7 +1668,7 @@ interactions: }, { "id": "GO-2025-4098", - "modified": "2026-02-04T02:52:46.004719Z" + "modified": "2026-02-05T09:13:43.863740Z" } ] }, @@ -1721,11 +1693,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DSA-5122-1", - "modified": "2026-03-09T02:09:10.163691Z" + "modified": "2025-05-26T07:22:45.579215Z" } ] }, @@ -1767,7 +1739,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-6829", - "modified": "2026-03-10T05:05:47.263837Z" + "modified": "2025-11-20T10:13:52.315674Z" }, { "id": "DEBIAN-CVE-2019-13627", @@ -1775,7 +1747,7 @@ interactions: }, { "id": "DEBIAN-CVE-2021-33560", - "modified": "2026-03-10T05:07:08.938163Z" + "modified": "2025-11-20T10:15:42.132245Z" }, { "id": "DEBIAN-CVE-2021-40528", @@ -1783,7 +1755,7 @@ interactions: }, { "id": "DEBIAN-CVE-2024-2236", - "modified": "2026-03-10T05:09:58.705229Z" + "modified": "2025-11-20T10:17:03.685651Z" } ] }, @@ -1849,27 +1821,27 @@ interactions: }, { "id": "DEBIAN-CVE-2021-46848", - "modified": "2025-11-19T02:01:15.883722Z" + "modified": "2025-11-20T10:15:14.681077Z" }, { "id": "DEBIAN-CVE-2024-12133", - "modified": "2025-11-19T01:12:36.661080Z" + "modified": "2025-11-20T10:17:02.620233Z" }, { "id": "DEBIAN-CVE-2025-13151", - "modified": "2026-01-20T05:01:23.018954Z" + "modified": "2026-01-20T05:13:20.502324Z" }, { "id": "DLA-3263-1", - "modified": "2026-03-09T01:22:34.273046Z" + "modified": "2025-05-26T07:22:42.617563Z" }, { "id": "DLA-4061-1", - "modified": "2026-03-09T01:20:16.124977Z" + "modified": "2025-05-26T07:23:58.435350Z" }, { "id": "DSA-5863-1", - "modified": "2026-03-09T02:08:50.747280Z" + "modified": "2025-05-26T07:23:58.495667Z" } ] }, @@ -1881,7 +1853,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-3709", - "modified": "2025-11-19T02:04:33.864716Z" + "modified": "2025-11-20T10:12:11.931996Z" }, { "id": "DEBIAN-CVE-2016-9318", @@ -1989,139 +1961,139 @@ interactions: }, { "id": "DEBIAN-CVE-2022-2309", - "modified": "2025-11-19T01:19:06.888Z" + "modified": "2025-11-20T10:15:28.694644Z" }, { "id": "DEBIAN-CVE-2022-23308", - "modified": "2025-11-19T02:01:18.152974Z" + "modified": "2025-11-20T10:15:29.029152Z" }, { "id": "DEBIAN-CVE-2022-29824", - "modified": "2025-11-19T02:04:38.738903Z" + "modified": "2025-11-20T10:15:52.814213Z" }, { "id": "DEBIAN-CVE-2022-40303", - "modified": "2025-11-19T01:01:57.785896Z" + "modified": "2025-11-20T10:16:01.982632Z" }, { "id": "DEBIAN-CVE-2022-40304", - "modified": "2025-11-19T01:06:26.094431Z" + "modified": "2025-11-20T10:16:01.918054Z" }, { "id": "DEBIAN-CVE-2022-49043", - "modified": "2025-11-19T02:02:50.782379Z" + "modified": "2025-11-20T10:16:12.358770Z" }, { "id": "DEBIAN-CVE-2023-28484", - "modified": "2025-11-19T01:19:08.743303Z" + "modified": "2025-11-20T10:16:35.199991Z" }, { "id": "DEBIAN-CVE-2023-29469", - "modified": "2025-11-19T01:19:08.724068Z" + "modified": "2025-11-20T10:17:34.943682Z" }, { "id": "DEBIAN-CVE-2023-39615", - "modified": "2025-11-19T02:02:52.012148Z" + "modified": "2025-11-20T10:16:41.593841Z" }, { "id": "DEBIAN-CVE-2023-45322", - "modified": "2025-11-19T01:06:25.116541Z" + "modified": "2025-11-20T10:16:44.891362Z" }, { "id": "DEBIAN-CVE-2024-25062", - "modified": "2025-11-19T01:08:46.580742Z" + "modified": "2025-11-20T10:17:04.986212Z" }, { "id": "DEBIAN-CVE-2024-34459", - "modified": "2025-11-19T02:02:47.091764Z" + "modified": "2025-11-20T10:17:41.570595Z" }, { "id": "DEBIAN-CVE-2024-56171", - "modified": "2025-11-19T02:02:52.483954Z" + "modified": "2025-11-20T10:17:48.605695Z" }, { "id": "DEBIAN-CVE-2025-24928", - "modified": "2025-11-19T02:02:46.051341Z" + "modified": "2025-11-20T10:18:05.778161Z" }, { "id": "DEBIAN-CVE-2025-27113", - "modified": "2025-11-19T01:03:10.967990Z" + "modified": "2025-11-20T10:18:06.358243Z" }, { "id": "DEBIAN-CVE-2025-32414", - "modified": "2025-11-19T01:03:12.180021Z" + "modified": "2025-11-20T10:18:08.076077Z" }, { "id": "DEBIAN-CVE-2025-32415", - "modified": "2025-11-19T01:19:04.543204Z" + "modified": "2025-11-20T10:18:08.251077Z" }, { "id": "DEBIAN-CVE-2025-49794", - "modified": "2025-11-19T02:02:44.020678Z" + "modified": "2025-11-20T10:18:23.322205Z" }, { "id": "DEBIAN-CVE-2025-49796", - "modified": "2025-11-19T01:04:38.934970Z" + "modified": "2025-11-20T10:18:23.585429Z" }, { "id": "DEBIAN-CVE-2025-6021", - "modified": "2025-11-19T01:19:06.898251Z" + "modified": "2025-11-20T10:18:26.314947Z" }, { "id": "DEBIAN-CVE-2025-6170", - "modified": "2025-11-19T02:02:49.894877Z" + "modified": "2025-11-20T10:18:26.670728Z" }, { "id": "DEBIAN-CVE-2025-8732", - "modified": "2025-12-14T10:01:32.599913Z" + "modified": "2025-12-14T10:13:26.467517Z" }, { "id": "DEBIAN-CVE-2025-9714", - "modified": "2026-01-10T14:00:56.039647Z" + "modified": "2026-01-10T14:08:12.148171Z" }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:01:10.004195Z" + "modified": "2026-01-16T11:05:07.928323Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:01:06.477646Z" + "modified": "2026-01-16T11:05:23.527352Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:01:12.961282Z" + "modified": "2026-01-16T11:05:10.515041Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:01:11.767706Z" + "modified": "2026-02-03T11:16:44.779248Z" }, { "id": "DLA-3012-1", - "modified": "2026-03-09T01:20:46.878115Z" + "modified": "2025-05-26T07:23:01.266561Z" }, { "id": "DLA-3172-1", - "modified": "2026-03-09T01:19:54.747665Z" + "modified": "2025-05-26T07:23:10.448009Z" }, { "id": "DLA-3405-1", - "modified": "2026-03-09T01:01:29.748040Z" + "modified": "2025-05-26T07:23:30.714665Z" }, { "id": "DLA-3878-1", - "modified": "2026-03-09T01:20:38.676387Z" + "modified": "2025-05-26T07:18:39.626843Z" }, { "id": "DLA-4064-1", - "modified": "2026-03-09T01:20:30.558703Z" + "modified": "2025-05-26T07:23:19.568188Z" }, { "id": "DLA-4146-1", - "modified": "2026-03-09T01:22:43.732573Z" + "modified": "2025-05-26T06:58:47.071983Z" }, { "id": "DLA-4251-1", - "modified": "2026-03-09T02:11:12.986866Z" + "modified": "2025-07-26T19:45:29.054316Z" }, { "id": "DLA-4319-1", @@ -2129,19 +2101,19 @@ interactions: }, { "id": "DSA-5142-1", - "modified": "2026-03-09T02:10:58.737631Z" + "modified": "2025-05-26T07:23:01.328825Z" }, { "id": "DSA-5271-1", - "modified": "2026-03-09T02:10:55.154283Z" + "modified": "2025-05-26T07:23:10.510965Z" }, { "id": "DSA-5391-1", - "modified": "2026-03-09T02:09:39.164621Z" + "modified": "2025-05-26T07:23:30.774960Z" }, { "id": "DSA-5949-1", - "modified": "2026-03-09T02:09:32.257423Z" + "modified": "2025-06-25T19:16:29.342484Z" }, { "id": "DSA-5990-1", @@ -2224,31 +2196,31 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3711", - "modified": "2025-11-19T01:03:12.176806Z" + "modified": "2025-11-20T10:15:44.121033Z" }, { "id": "DEBIAN-CVE-2021-3712", - "modified": "2025-11-19T01:06:25.943191Z" + "modified": "2025-11-20T10:15:44.130193Z" }, { "id": "DEBIAN-CVE-2021-4160", - "modified": "2025-11-19T02:02:49.031761Z" + "modified": "2025-11-20T10:15:10.185497Z" }, { "id": "DEBIAN-CVE-2022-0778", - "modified": "2025-11-19T01:19:03.832130Z" + "modified": "2025-11-20T10:15:47.332694Z" }, { "id": "DEBIAN-CVE-2022-1292", - "modified": "2025-11-19T02:02:51.844077Z" + "modified": "2025-11-20T10:15:25.471825Z" }, { "id": "DEBIAN-CVE-2022-2068", - "modified": "2025-11-19T02:02:42.085448Z" + "modified": "2025-11-20T10:15:27.022420Z" }, { "id": "DEBIAN-CVE-2022-2097", - "modified": "2025-11-19T01:02:00.163331Z" + "modified": "2025-11-20T10:15:27.065089Z" }, { "id": "DEBIAN-CVE-2022-2274", @@ -2276,15 +2248,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-4304", - "modified": "2025-11-19T01:12:34.364246Z" + "modified": "2025-11-20T10:16:04.313466Z" }, { "id": "DEBIAN-CVE-2022-4450", - "modified": "2025-11-19T01:03:13.857958Z" + "modified": "2025-11-20T10:16:05.367442Z" }, { "id": "DEBIAN-CVE-2023-0215", - "modified": "2025-11-19T02:01:14.351313Z" + "modified": "2025-11-20T10:16:27.838296Z" }, { "id": "DEBIAN-CVE-2023-0216", @@ -2296,7 +2268,7 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0286", - "modified": "2025-11-19T02:04:31.583209Z" + "modified": "2025-11-20T10:16:27.985311Z" }, { "id": "DEBIAN-CVE-2023-0401", @@ -2304,15 +2276,15 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0464", - "modified": "2025-11-19T02:02:47.611909Z" + "modified": "2025-11-20T10:16:28.057931Z" }, { "id": "DEBIAN-CVE-2023-0465", - "modified": "2025-11-19T01:19:04.585309Z" + "modified": "2025-11-20T10:16:28.143046Z" }, { "id": "DEBIAN-CVE-2023-0466", - "modified": "2025-11-19T02:02:51.634240Z" + "modified": "2025-11-20T10:16:28.053837Z" }, { "id": "DEBIAN-CVE-2023-1255", @@ -2320,39 +2292,39 @@ interactions: }, { "id": "DEBIAN-CVE-2023-2650", - "modified": "2025-11-19T01:06:23.059084Z" + "modified": "2025-11-20T10:17:34.439123Z" }, { "id": "DEBIAN-CVE-2023-2975", - "modified": "2025-11-19T01:12:34.218584Z" + "modified": "2025-11-20T10:16:36.112183Z" }, { "id": "DEBIAN-CVE-2023-3446", - "modified": "2025-11-19T02:02:48.905632Z" + "modified": "2025-11-20T10:16:38.860251Z" }, { "id": "DEBIAN-CVE-2023-3817", - "modified": "2025-11-19T01:08:51.044831Z" + "modified": "2025-11-20T10:17:35.737266Z" }, { "id": "DEBIAN-CVE-2023-5363", - "modified": "2025-11-19T02:04:32.554455Z" + "modified": "2025-11-20T10:16:59.430619Z" }, { "id": "DEBIAN-CVE-2023-5678", - "modified": "2025-11-19T01:04:41.738503Z" + "modified": "2025-11-20T10:17:38.719690Z" }, { "id": "DEBIAN-CVE-2023-6129", - "modified": "2025-11-19T01:01:55.283596Z" + "modified": "2025-11-20T10:17:39.029757Z" }, { "id": "DEBIAN-CVE-2023-6237", - "modified": "2025-11-19T02:02:39.792151Z" + "modified": "2025-11-20T10:17:39.218097Z" }, { "id": "DEBIAN-CVE-2024-0727", - "modified": "2025-11-19T01:04:40.537945Z" + "modified": "2025-11-20T10:17:01.258658Z" }, { "id": "DEBIAN-CVE-2024-12797", @@ -2360,51 +2332,51 @@ interactions: }, { "id": "DEBIAN-CVE-2024-13176", - "modified": "2026-01-10T14:00:51.432887Z" + "modified": "2026-01-10T14:06:53.941794Z" }, { "id": "DEBIAN-CVE-2024-2511", - "modified": "2025-11-19T02:04:38.588479Z" + "modified": "2025-11-20T10:17:05.139581Z" }, { "id": "DEBIAN-CVE-2024-4603", - "modified": "2025-11-19T02:04:28.636018Z" + "modified": "2025-11-20T10:17:43.955114Z" }, { "id": "DEBIAN-CVE-2024-4741", - "modified": "2025-11-19T01:01:56.969337Z" + "modified": "2025-11-20T10:17:26.990307Z" }, { "id": "DEBIAN-CVE-2024-5535", - "modified": "2025-11-19T02:02:53.246805Z" + "modified": "2025-11-20T10:17:48.194687Z" }, { "id": "DEBIAN-CVE-2024-6119", - "modified": "2025-11-19T02:04:35.555400Z" + "modified": "2025-11-20T10:17:53.824117Z" }, { "id": "DEBIAN-CVE-2024-9143", - "modified": "2025-11-19T01:01:56.791165Z" + "modified": "2025-11-20T10:17:55.864918Z" }, { "id": "DEBIAN-CVE-2025-11187", - "modified": "2026-02-01T20:01:22.848980Z" + "modified": "2026-02-01T20:15:44.382340Z" }, { "id": "DEBIAN-CVE-2025-15467", - "modified": "2026-02-26T08:01:15.079280Z" + "modified": "2026-02-01T20:16:03.195403Z" }, { "id": "DEBIAN-CVE-2025-15468", - "modified": "2026-02-01T20:01:21.279895Z" + "modified": "2026-02-01T20:15:50.413366Z" }, { "id": "DEBIAN-CVE-2025-15469", - "modified": "2026-02-01T20:01:16.747717Z" + "modified": "2026-02-01T20:15:56.347911Z" }, { "id": "DEBIAN-CVE-2025-27587", - "modified": "2025-11-19T01:03:13.852343Z" + "modified": "2025-11-20T10:18:06.745292Z" }, { "id": "DEBIAN-CVE-2025-4575", @@ -2412,143 +2384,135 @@ interactions: }, { "id": "DEBIAN-CVE-2025-66199", - "modified": "2026-02-01T20:01:23.308969Z" + "modified": "2026-02-01T20:15:59.468539Z" }, { "id": "DEBIAN-CVE-2025-68160", - "modified": "2026-02-23T15:01:30.829710Z" + "modified": "2026-02-01T20:15:53.558839Z" }, { "id": "DEBIAN-CVE-2025-69418", - "modified": "2026-02-23T15:01:34.534567Z" + "modified": "2026-02-01T20:16:10.273490Z" }, { "id": "DEBIAN-CVE-2025-69419", - "modified": "2026-02-23T15:01:26.866129Z" + "modified": "2026-02-01T20:16:13.803909Z" }, { "id": "DEBIAN-CVE-2025-69420", - "modified": "2026-02-23T15:01:24.396408Z" + "modified": "2026-02-01T20:15:47.671017Z" }, { "id": "DEBIAN-CVE-2025-69421", - "modified": "2026-02-23T15:01:33.767596Z" + "modified": "2026-02-03T11:16:34.961716Z" }, { "id": "DEBIAN-CVE-2025-9230", - "modified": "2025-11-19T02:02:49.060854Z" + "modified": "2025-11-20T10:18:28.690398Z" }, { "id": "DEBIAN-CVE-2025-9231", - "modified": "2025-11-19T02:04:23.949464Z" + "modified": "2025-11-20T10:18:28.713979Z" }, { "id": "DEBIAN-CVE-2025-9232", - "modified": "2025-11-19T02:02:53.725801Z" + "modified": "2025-11-20T10:18:28.748819Z" }, { "id": "DEBIAN-CVE-2026-22795", - "modified": "2026-02-23T15:01:35.146488Z" + "modified": "2026-02-01T20:15:40.679029Z" }, { "id": "DEBIAN-CVE-2026-22796", - "modified": "2026-02-23T15:01:28.414591Z" - }, - { - "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-14T16:48:13.279039Z" + "modified": "2026-02-01T20:16:16.928963Z" }, { "id": "DLA-3008-1", - "modified": "2026-03-09T01:23:33.375630Z" + "modified": "2025-05-26T07:22:45.706031Z" }, { "id": "DLA-3325-1", - "modified": "2026-03-09T01:19:40.983935Z" + "modified": "2025-05-26T07:22:47.806974Z" }, { "id": "DLA-3449-1", - "modified": "2026-03-09T01:22:47.322805Z" + "modified": "2025-05-26T07:23:20.191820Z" }, { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" }, { "id": "DLA-3942-1", - "modified": "2026-03-09T01:22:40.686044Z" + "modified": "2025-05-26T07:23:52.994725Z" }, { "id": "DLA-3942-2", - "modified": "2026-03-09T01:21:01.728730Z" + "modified": "2025-05-26T07:23:53.056205Z" }, { "id": "DLA-4176-1", - "modified": "2026-03-09T01:20:23.459313Z" + "modified": "2025-05-26T07:02:17.127596Z" }, { "id": "DLA-4321-1", "modified": "2025-10-03T16:33:24.717173Z" }, - { - "id": "DLA-4490-1", - "modified": "2026-02-23T10:30:28.927832Z" - }, { "id": "DSA-4539-1", - "modified": "2026-03-09T02:09:20.276054Z" + "modified": "2025-05-26T07:20:57.698150Z" }, { "id": "DSA-4539-3", - "modified": "2019-10-13T00:00:00Z" + "modified": "2025-05-26T07:05:14.261652Z" }, { "id": "DSA-4661-1", - "modified": "2026-03-09T02:08:53.792348Z" + "modified": "2025-05-26T07:21:44.983880Z" }, { "id": "DSA-4807-1", - "modified": "2026-03-09T02:10:20.442914Z" + "modified": "2025-05-26T07:21:45.227381Z" }, { "id": "DSA-4855-1", - "modified": "2026-03-09T02:11:29.405206Z" + "modified": "2025-05-26T07:20:57.944135Z" }, { "id": "DSA-4875-1", - "modified": "2026-03-09T02:10:05.387501Z" + "modified": "2025-05-26T07:22:25.295971Z" }, { "id": "DSA-4963-1", - "modified": "2026-03-09T02:10:15.488747Z" + "modified": "2025-05-26T07:22:29.610492Z" }, { "id": "DSA-5103-1", - "modified": "2026-03-09T02:09:42.407559Z" + "modified": "2025-05-26T07:22:36.298650Z" }, { "id": "DSA-5139-1", - "modified": "2026-03-09T02:09:17.334653Z" + "modified": "2025-05-26T07:22:45.765450Z" }, { "id": "DSA-5169-1", - "modified": "2026-03-09T02:09:37.692763Z" + "modified": "2025-05-26T07:22:47.687377Z" }, { "id": "DSA-5343-1", - "modified": "2026-03-09T02:09:47.149297Z" + "modified": "2025-05-26T07:22:47.870882Z" }, { "id": "DSA-5417-1", - "modified": "2026-03-09T02:09:39.950679Z" + "modified": "2025-05-26T07:23:20.254324Z" }, { "id": "DSA-5532-1", - "modified": "2026-03-09T02:08:31.395482Z" + "modified": "2025-05-26T07:23:52.176093Z" }, { "id": "DSA-5764-1", - "modified": "2026-03-09T02:09:02.723874Z" + "modified": "2025-05-26T07:24:15.576601Z" }, { "id": "DSA-6015-1", @@ -2556,7 +2520,7 @@ interactions: }, { "id": "DSA-6113-1", - "modified": "2026-01-27T20:30:04.397078Z" + "modified": "2026-01-27T20:15:37.634049Z" } ] }, @@ -2565,7 +2529,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-4116", - "modified": "2025-11-19T01:08:48.534508Z" + "modified": "2025-11-20T10:10:50.058601Z" }, { "id": "DEBIAN-CVE-2017-12837", @@ -2621,11 +2585,11 @@ interactions: }, { "id": "DEBIAN-CVE-2020-16156", - "modified": "2025-11-19T02:04:25.146090Z" + "modified": "2025-11-20T10:14:36.701112Z" }, { "id": "DEBIAN-CVE-2021-36770", - "modified": "2025-11-19T01:08:50.244924Z" + "modified": "2025-11-20T10:15:44.080114Z" }, { "id": "DEBIAN-CVE-2022-48522", @@ -2633,31 +2597,31 @@ interactions: }, { "id": "DEBIAN-CVE-2023-31484", - "modified": "2025-11-19T01:01:55.072028Z" + "modified": "2025-11-20T10:17:35.627220Z" }, { "id": "DEBIAN-CVE-2023-31486", - "modified": "2025-11-19T01:06:23.122275Z" + "modified": "2025-11-20T10:17:36.081192Z" }, { "id": "DEBIAN-CVE-2023-47038", - "modified": "2025-11-19T02:02:47.808046Z" + "modified": "2025-11-20T10:16:46.343364Z" }, { "id": "DEBIAN-CVE-2024-56406", - "modified": "2025-11-19T02:04:37.240014Z" + "modified": "2025-11-20T10:17:48.686371Z" }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-19T01:12:36.316842Z" + "modified": "2025-11-20T10:18:21.143971Z" }, { "id": "DLA-3926-1", - "modified": "2026-03-09T01:20:46.118633Z" + "modified": "2025-05-26T07:21:42.385892Z" }, { "id": "DSA-5902-1", - "modified": "2026-03-09T02:09:19.793163Z" + "modified": "2025-05-26T07:24:14.898997Z" } ] }, @@ -2669,35 +2633,35 @@ interactions: "vulns": [ { "id": "DLA-3072-1", - "modified": "2026-03-09T01:22:24.680239Z" + "modified": "2025-05-26T07:22:56.848703Z" }, { "id": "DLA-3189-1", - "modified": "2022-11-15T00:00:00Z" + "modified": "2025-05-26T07:01:07.887113Z" }, { "id": "DLA-3316-1", - "modified": "2023-02-10T00:00:00Z" + "modified": "2025-05-26T07:01:13.127412Z" }, { "id": "DLA-3422-1", - "modified": "2026-03-09T01:20:56.692752Z" + "modified": "2025-05-26T07:23:26.375715Z" }, { "id": "DLA-3600-1", - "modified": "2026-03-09T01:17:49.966197Z" + "modified": "2025-05-26T07:23:40.030714Z" }, { "id": "DLA-3651-1", - "modified": "2026-03-09T01:18:05.310519Z" + "modified": "2025-05-26T07:23:53.368012Z" }, { "id": "DLA-3764-1", - "modified": "2026-03-09T01:23:22.273526Z" + "modified": "2025-05-26T07:23:55.849014Z" }, { "id": "DSA-5135-1", - "modified": "2026-03-09T02:11:21.646978Z" + "modified": "2025-05-26T07:22:46.760638Z" } ] }, @@ -2720,7 +2684,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2005-2541", - "modified": "2025-11-19T02:02:39.239715Z" + "modified": "2025-11-20T10:09:01.923782Z" }, { "id": "DEBIAN-CVE-2018-20482", @@ -2736,15 +2700,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-48303", - "modified": "2025-11-19T01:01:59.298206Z" + "modified": "2025-11-20T10:16:07.552593Z" }, { "id": "DEBIAN-CVE-2023-39804", - "modified": "2025-11-19T02:02:53.596262Z" + "modified": "2025-11-20T10:16:41.587973Z" }, { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -2752,47 +2716,47 @@ interactions: "vulns": [ { "id": "DLA-3051-1", - "modified": "2022-06-15T00:00:00Z" + "modified": "2025-05-26T07:01:56.257796Z" }, { "id": "DLA-3134-1", - "modified": "2022-10-03T00:00:00Z" + "modified": "2025-05-26T07:01:01.500124Z" }, { "id": "DLA-3161-1", - "modified": "2022-10-26T00:00:00Z" + "modified": "2025-05-26T07:01:03.882213Z" }, { "id": "DLA-3366-1", - "modified": "2023-03-24T00:00:00Z" + "modified": "2025-05-26T07:01:17.027142Z" }, { "id": "DLA-3412-1", - "modified": "2023-05-02T00:00:00Z" + "modified": "2025-05-26T07:01:20.109212Z" }, { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" }, { "id": "DLA-3972-1", - "modified": "2024-11-28T00:00:00Z" + "modified": "2025-05-26T07:02:05.284676Z" }, { "id": "DLA-4085-1", - "modified": "2025-03-18T00:00:00Z" + "modified": "2025-05-26T07:02:10.958749Z" }, { "id": "DLA-4105-1", - "modified": "2025-04-01T00:00:00Z" + "modified": "2025-05-26T07:02:13.921097Z" }, { "id": "DLA-4403-1", - "modified": "2025-12-12T00:00:00Z" + "modified": "2025-12-12T10:13:37.154747Z" } ] }, @@ -2800,7 +2764,7 @@ interactions: "vulns": [ { "id": "DLA-4016-1", - "modified": "2025-01-16T00:00:00Z" + "modified": "2025-05-26T07:02:06.504254Z" } ] }, @@ -2812,7 +2776,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-7738", - "modified": "2025-11-19T02:04:41.803240Z" + "modified": "2025-11-20T10:13:54.493707Z" }, { "id": "DEBIAN-CVE-2021-37600", @@ -2820,39 +2784,35 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3995", - "modified": "2025-11-19T01:12:36.252792Z" + "modified": "2025-11-20T10:15:45.587792Z" }, { "id": "DEBIAN-CVE-2021-3996", - "modified": "2025-11-19T02:02:48.032233Z" + "modified": "2025-11-20T10:15:45.602424Z" }, { "id": "DEBIAN-CVE-2022-0563", - "modified": "2025-11-19T01:01:57.875266Z" + "modified": "2025-11-20T10:15:24.228408Z" }, { "id": "DEBIAN-CVE-2024-28085", - "modified": "2025-11-19T01:02:00.375077Z" + "modified": "2025-11-20T10:17:41.612682Z" }, { "id": "DEBIAN-CVE-2025-14104", - "modified": "2026-03-05T17:00:58.361610Z" - }, - { - "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2025-12-29T10:11:41.788817Z" }, { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" }, { "id": "DSA-5055-1", - "modified": "2026-03-09T02:10:40.826335Z" + "modified": "2025-05-26T07:22:33.646795Z" }, { "id": "DSA-5650-1", - "modified": "2026-03-09T02:08:30.371343Z" + "modified": "2025-05-26T07:24:03.887524Z" } ] }, @@ -2860,7 +2820,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DEBIAN-CVE-2024-3094", @@ -2868,15 +2828,15 @@ interactions: }, { "id": "DEBIAN-CVE-2025-31115", - "modified": "2025-11-19T02:02:42.561876Z" + "modified": "2025-11-20T10:18:07.484724Z" }, { "id": "DSA-5123-1", - "modified": "2026-03-09T02:10:46.054497Z" + "modified": "2025-05-26T07:22:45.643786Z" }, { "id": "DSA-5895-1", - "modified": "2026-03-09T02:08:52.515269Z" + "modified": "2025-05-26T07:24:22.556406Z" } ] }, @@ -2895,7 +2855,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -2906,19 +2866,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] } @@ -2926,7 +2878,7 @@ interactions: } headers: Content-Length: - - "22183" + - "21592" Content-Type: - application/json status: 200 OK @@ -3997,7 +3949,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 21427 + content_length: 21124 body: | { "results": [ @@ -4014,7 +3966,7 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" } ] }, @@ -4025,19 +3977,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:01:05.382517Z" + "modified": "2025-12-03T22:47:03.844688Z" }, { "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:01:07.191575Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2025-12-03T22:50:43.469206Z" } ] }, @@ -4046,7 +3990,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-3374", - "modified": "2025-11-19T02:02:53.209453Z" + "modified": "2025-11-20T10:07:04.572010Z" }, { "id": "DEBIAN-CVE-2018-0501", @@ -4066,11 +4010,11 @@ interactions: }, { "id": "DSA-4685-1", - "modified": "2026-03-09T02:09:03.263738Z" + "modified": "2025-05-26T07:21:59.359875Z" }, { "id": "DSA-4808-1", - "modified": "2026-03-09T02:11:17.119108Z" + "modified": "2025-05-26T07:21:52.187597Z" } ] }, @@ -4084,7 +4028,7 @@ interactions: }, { "id": "DEBIAN-CVE-2022-3715", - "modified": "2025-11-19T01:08:50.887794Z" + "modified": "2025-11-20T10:15:59.798571Z" } ] }, @@ -4093,11 +4037,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-2781", - "modified": "2025-11-19T01:01:52.991827Z" + "modified": "2025-11-20T10:12:10.315580Z" }, { "id": "DEBIAN-CVE-2017-18018", - "modified": "2025-11-19T02:04:37.225425Z" + "modified": "2025-11-20T10:13:03.410084Z" }, { "id": "DEBIAN-CVE-2024-0684", @@ -4105,7 +4049,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-5278", - "modified": "2025-11-19T02:02:46.085480Z" + "modified": "2025-11-20T10:18:24.026350Z" } ] }, @@ -4115,7 +4059,7 @@ interactions: "vulns": [ { "id": "DLA-3482-1", - "modified": "2023-07-07T00:00:00Z" + "modified": "2025-05-26T07:01:25.263124Z" } ] }, @@ -4126,23 +4070,19 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1664", - "modified": "2025-11-19T02:02:46.659008Z" + "modified": "2025-11-20T10:15:48.083782Z" }, { "id": "DEBIAN-CVE-2025-6297", - "modified": "2025-11-19T02:04:34.056218Z" - }, - { - "id": "DEBIAN-CVE-2026-2219", - "modified": "2026-03-14T15:06:12.109941Z" + "modified": "2025-11-20T10:18:27.456848Z" }, { "id": "DLA-3022-1", - "modified": "2026-03-09T01:23:37.553205Z" + "modified": "2025-05-26T07:22:47.007443Z" }, { "id": "DSA-5147-1", - "modified": "2026-03-09T02:10:11.335992Z" + "modified": "2025-05-26T07:22:47.069263Z" } ] }, @@ -4159,15 +4099,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-1304", - "modified": "2025-11-19T02:02:38.540864Z" + "modified": "2025-11-20T10:15:47.847878Z" }, { "id": "DLA-3910-1", - "modified": "2026-03-09T01:22:32.343795Z" + "modified": "2025-05-26T07:22:45.827447Z" }, { "id": "DSA-4535-1", - "modified": "2026-03-09T02:10:12.902574Z" + "modified": "2025-05-26T07:21:16.735871Z" } ] }, @@ -4205,7 +4145,7 @@ interactions: }, { "id": "GHSA-v95c-p5hm-xq8f", - "modified": "2026-03-13T22:16:11.684125Z" + "modified": "2026-02-04T04:14:39.014326Z" }, { "id": "GHSA-vpvm-3wq2-2wvm", @@ -4221,19 +4161,19 @@ interactions: }, { "id": "GO-2022-0452", - "modified": "2026-02-04T03:17:02.340230Z" + "modified": "2026-02-05T00:56:58.617380Z" }, { "id": "GO-2023-1627", - "modified": "2026-02-04T03:58:42.107712Z" + "modified": "2026-02-04T06:40:30.956132Z" }, { "id": "GO-2023-1682", - "modified": "2026-02-04T02:59:23.815900Z" + "modified": "2026-02-05T01:12:55.466513Z" }, { "id": "GO-2023-1683", - "modified": "2026-02-04T04:01:58.343687Z" + "modified": "2026-02-04T06:56:17.304906Z" }, { "id": "GO-2024-2491", @@ -4241,7 +4181,7 @@ interactions: }, { "id": "GO-2024-3110", - "modified": "2026-02-04T02:23:26.560077Z" + "modified": "2026-02-04T17:25:12.514853Z" }, { "id": "GO-2025-4096", @@ -4253,7 +4193,7 @@ interactions: }, { "id": "GO-2025-4098", - "modified": "2026-02-04T02:52:46.004719Z" + "modified": "2026-02-05T09:13:43.863740Z" } ] }, @@ -4278,11 +4218,11 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DSA-5122-1", - "modified": "2026-03-09T02:09:10.163691Z" + "modified": "2025-05-26T07:22:45.579215Z" } ] }, @@ -4324,7 +4264,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-6829", - "modified": "2026-03-10T05:05:47.263837Z" + "modified": "2025-11-20T10:13:52.315674Z" }, { "id": "DEBIAN-CVE-2019-13627", @@ -4332,7 +4272,7 @@ interactions: }, { "id": "DEBIAN-CVE-2021-33560", - "modified": "2026-03-10T05:07:08.938163Z" + "modified": "2025-11-20T10:15:42.132245Z" }, { "id": "DEBIAN-CVE-2021-40528", @@ -4340,7 +4280,7 @@ interactions: }, { "id": "DEBIAN-CVE-2024-2236", - "modified": "2026-03-10T05:09:58.705229Z" + "modified": "2025-11-20T10:17:03.685651Z" } ] }, @@ -4406,27 +4346,27 @@ interactions: }, { "id": "DEBIAN-CVE-2021-46848", - "modified": "2025-11-19T02:01:15.883722Z" + "modified": "2025-11-20T10:15:14.681077Z" }, { "id": "DEBIAN-CVE-2024-12133", - "modified": "2025-11-19T01:12:36.661080Z" + "modified": "2025-11-20T10:17:02.620233Z" }, { "id": "DEBIAN-CVE-2025-13151", - "modified": "2026-01-20T05:01:23.018954Z" + "modified": "2026-01-20T05:13:20.502324Z" }, { "id": "DLA-3263-1", - "modified": "2026-03-09T01:22:34.273046Z" + "modified": "2025-05-26T07:22:42.617563Z" }, { "id": "DLA-4061-1", - "modified": "2026-03-09T01:20:16.124977Z" + "modified": "2025-05-26T07:23:58.435350Z" }, { "id": "DSA-5863-1", - "modified": "2026-03-09T02:08:50.747280Z" + "modified": "2025-05-26T07:23:58.495667Z" } ] }, @@ -4438,7 +4378,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2016-3709", - "modified": "2025-11-19T02:04:33.864716Z" + "modified": "2025-11-20T10:12:11.931996Z" }, { "id": "DEBIAN-CVE-2016-9318", @@ -4546,139 +4486,139 @@ interactions: }, { "id": "DEBIAN-CVE-2022-2309", - "modified": "2025-11-19T01:19:06.888Z" + "modified": "2025-11-20T10:15:28.694644Z" }, { "id": "DEBIAN-CVE-2022-23308", - "modified": "2025-11-19T02:01:18.152974Z" + "modified": "2025-11-20T10:15:29.029152Z" }, { "id": "DEBIAN-CVE-2022-29824", - "modified": "2025-11-19T02:04:38.738903Z" + "modified": "2025-11-20T10:15:52.814213Z" }, { "id": "DEBIAN-CVE-2022-40303", - "modified": "2025-11-19T01:01:57.785896Z" + "modified": "2025-11-20T10:16:01.982632Z" }, { "id": "DEBIAN-CVE-2022-40304", - "modified": "2025-11-19T01:06:26.094431Z" + "modified": "2025-11-20T10:16:01.918054Z" }, { "id": "DEBIAN-CVE-2022-49043", - "modified": "2025-11-19T02:02:50.782379Z" + "modified": "2025-11-20T10:16:12.358770Z" }, { "id": "DEBIAN-CVE-2023-28484", - "modified": "2025-11-19T01:19:08.743303Z" + "modified": "2025-11-20T10:16:35.199991Z" }, { "id": "DEBIAN-CVE-2023-29469", - "modified": "2025-11-19T01:19:08.724068Z" + "modified": "2025-11-20T10:17:34.943682Z" }, { "id": "DEBIAN-CVE-2023-39615", - "modified": "2025-11-19T02:02:52.012148Z" + "modified": "2025-11-20T10:16:41.593841Z" }, { "id": "DEBIAN-CVE-2023-45322", - "modified": "2025-11-19T01:06:25.116541Z" + "modified": "2025-11-20T10:16:44.891362Z" }, { "id": "DEBIAN-CVE-2024-25062", - "modified": "2025-11-19T01:08:46.580742Z" + "modified": "2025-11-20T10:17:04.986212Z" }, { "id": "DEBIAN-CVE-2024-34459", - "modified": "2025-11-19T02:02:47.091764Z" + "modified": "2025-11-20T10:17:41.570595Z" }, { "id": "DEBIAN-CVE-2024-56171", - "modified": "2025-11-19T02:02:52.483954Z" + "modified": "2025-11-20T10:17:48.605695Z" }, { "id": "DEBIAN-CVE-2025-24928", - "modified": "2025-11-19T02:02:46.051341Z" + "modified": "2025-11-20T10:18:05.778161Z" }, { "id": "DEBIAN-CVE-2025-27113", - "modified": "2025-11-19T01:03:10.967990Z" + "modified": "2025-11-20T10:18:06.358243Z" }, { "id": "DEBIAN-CVE-2025-32414", - "modified": "2025-11-19T01:03:12.180021Z" + "modified": "2025-11-20T10:18:08.076077Z" }, { "id": "DEBIAN-CVE-2025-32415", - "modified": "2025-11-19T01:19:04.543204Z" + "modified": "2025-11-20T10:18:08.251077Z" }, { "id": "DEBIAN-CVE-2025-49794", - "modified": "2025-11-19T02:02:44.020678Z" + "modified": "2025-11-20T10:18:23.322205Z" }, { "id": "DEBIAN-CVE-2025-49796", - "modified": "2025-11-19T01:04:38.934970Z" + "modified": "2025-11-20T10:18:23.585429Z" }, { "id": "DEBIAN-CVE-2025-6021", - "modified": "2025-11-19T01:19:06.898251Z" + "modified": "2025-11-20T10:18:26.314947Z" }, { "id": "DEBIAN-CVE-2025-6170", - "modified": "2025-11-19T02:02:49.894877Z" + "modified": "2025-11-20T10:18:26.670728Z" }, { "id": "DEBIAN-CVE-2025-8732", - "modified": "2025-12-14T10:01:32.599913Z" + "modified": "2025-12-14T10:13:26.467517Z" }, { "id": "DEBIAN-CVE-2025-9714", - "modified": "2026-01-10T14:00:56.039647Z" + "modified": "2026-01-10T14:08:12.148171Z" }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:01:10.004195Z" + "modified": "2026-01-16T11:05:07.928323Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:01:06.477646Z" + "modified": "2026-01-16T11:05:23.527352Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:01:12.961282Z" + "modified": "2026-01-16T11:05:10.515041Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:01:11.767706Z" + "modified": "2026-02-03T11:16:44.779248Z" }, { "id": "DLA-3012-1", - "modified": "2026-03-09T01:20:46.878115Z" + "modified": "2025-05-26T07:23:01.266561Z" }, { "id": "DLA-3172-1", - "modified": "2026-03-09T01:19:54.747665Z" + "modified": "2025-05-26T07:23:10.448009Z" }, { "id": "DLA-3405-1", - "modified": "2026-03-09T01:01:29.748040Z" + "modified": "2025-05-26T07:23:30.714665Z" }, { "id": "DLA-3878-1", - "modified": "2026-03-09T01:20:38.676387Z" + "modified": "2025-05-26T07:18:39.626843Z" }, { "id": "DLA-4064-1", - "modified": "2026-03-09T01:20:30.558703Z" + "modified": "2025-05-26T07:23:19.568188Z" }, { "id": "DLA-4146-1", - "modified": "2026-03-09T01:22:43.732573Z" + "modified": "2025-05-26T06:58:47.071983Z" }, { "id": "DLA-4251-1", - "modified": "2026-03-09T02:11:12.986866Z" + "modified": "2025-07-26T19:45:29.054316Z" }, { "id": "DLA-4319-1", @@ -4686,19 +4626,19 @@ interactions: }, { "id": "DSA-5142-1", - "modified": "2026-03-09T02:10:58.737631Z" + "modified": "2025-05-26T07:23:01.328825Z" }, { "id": "DSA-5271-1", - "modified": "2026-03-09T02:10:55.154283Z" + "modified": "2025-05-26T07:23:10.510965Z" }, { "id": "DSA-5391-1", - "modified": "2026-03-09T02:09:39.164621Z" + "modified": "2025-05-26T07:23:30.774960Z" }, { "id": "DSA-5949-1", - "modified": "2026-03-09T02:09:32.257423Z" + "modified": "2025-06-25T19:16:29.342484Z" }, { "id": "DSA-5990-1", @@ -4781,31 +4721,31 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3711", - "modified": "2025-11-19T01:03:12.176806Z" + "modified": "2025-11-20T10:15:44.121033Z" }, { "id": "DEBIAN-CVE-2021-3712", - "modified": "2025-11-19T01:06:25.943191Z" + "modified": "2025-11-20T10:15:44.130193Z" }, { "id": "DEBIAN-CVE-2021-4160", - "modified": "2025-11-19T02:02:49.031761Z" + "modified": "2025-11-20T10:15:10.185497Z" }, { "id": "DEBIAN-CVE-2022-0778", - "modified": "2025-11-19T01:19:03.832130Z" + "modified": "2025-11-20T10:15:47.332694Z" }, { "id": "DEBIAN-CVE-2022-1292", - "modified": "2025-11-19T02:02:51.844077Z" + "modified": "2025-11-20T10:15:25.471825Z" }, { "id": "DEBIAN-CVE-2022-2068", - "modified": "2025-11-19T02:02:42.085448Z" + "modified": "2025-11-20T10:15:27.022420Z" }, { "id": "DEBIAN-CVE-2022-2097", - "modified": "2025-11-19T01:02:00.163331Z" + "modified": "2025-11-20T10:15:27.065089Z" }, { "id": "DEBIAN-CVE-2022-2274", @@ -4833,15 +4773,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-4304", - "modified": "2025-11-19T01:12:34.364246Z" + "modified": "2025-11-20T10:16:04.313466Z" }, { "id": "DEBIAN-CVE-2022-4450", - "modified": "2025-11-19T01:03:13.857958Z" + "modified": "2025-11-20T10:16:05.367442Z" }, { "id": "DEBIAN-CVE-2023-0215", - "modified": "2025-11-19T02:01:14.351313Z" + "modified": "2025-11-20T10:16:27.838296Z" }, { "id": "DEBIAN-CVE-2023-0216", @@ -4853,7 +4793,7 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0286", - "modified": "2025-11-19T02:04:31.583209Z" + "modified": "2025-11-20T10:16:27.985311Z" }, { "id": "DEBIAN-CVE-2023-0401", @@ -4861,15 +4801,15 @@ interactions: }, { "id": "DEBIAN-CVE-2023-0464", - "modified": "2025-11-19T02:02:47.611909Z" + "modified": "2025-11-20T10:16:28.057931Z" }, { "id": "DEBIAN-CVE-2023-0465", - "modified": "2025-11-19T01:19:04.585309Z" + "modified": "2025-11-20T10:16:28.143046Z" }, { "id": "DEBIAN-CVE-2023-0466", - "modified": "2025-11-19T02:02:51.634240Z" + "modified": "2025-11-20T10:16:28.053837Z" }, { "id": "DEBIAN-CVE-2023-1255", @@ -4877,39 +4817,39 @@ interactions: }, { "id": "DEBIAN-CVE-2023-2650", - "modified": "2025-11-19T01:06:23.059084Z" + "modified": "2025-11-20T10:17:34.439123Z" }, { "id": "DEBIAN-CVE-2023-2975", - "modified": "2025-11-19T01:12:34.218584Z" + "modified": "2025-11-20T10:16:36.112183Z" }, { "id": "DEBIAN-CVE-2023-3446", - "modified": "2025-11-19T02:02:48.905632Z" + "modified": "2025-11-20T10:16:38.860251Z" }, { "id": "DEBIAN-CVE-2023-3817", - "modified": "2025-11-19T01:08:51.044831Z" + "modified": "2025-11-20T10:17:35.737266Z" }, { "id": "DEBIAN-CVE-2023-5363", - "modified": "2025-11-19T02:04:32.554455Z" + "modified": "2025-11-20T10:16:59.430619Z" }, { "id": "DEBIAN-CVE-2023-5678", - "modified": "2025-11-19T01:04:41.738503Z" + "modified": "2025-11-20T10:17:38.719690Z" }, { "id": "DEBIAN-CVE-2023-6129", - "modified": "2025-11-19T01:01:55.283596Z" + "modified": "2025-11-20T10:17:39.029757Z" }, { "id": "DEBIAN-CVE-2023-6237", - "modified": "2025-11-19T02:02:39.792151Z" + "modified": "2025-11-20T10:17:39.218097Z" }, { "id": "DEBIAN-CVE-2024-0727", - "modified": "2025-11-19T01:04:40.537945Z" + "modified": "2025-11-20T10:17:01.258658Z" }, { "id": "DEBIAN-CVE-2024-12797", @@ -4917,51 +4857,51 @@ interactions: }, { "id": "DEBIAN-CVE-2024-13176", - "modified": "2026-01-10T14:00:51.432887Z" + "modified": "2026-01-10T14:06:53.941794Z" }, { "id": "DEBIAN-CVE-2024-2511", - "modified": "2025-11-19T02:04:38.588479Z" + "modified": "2025-11-20T10:17:05.139581Z" }, { "id": "DEBIAN-CVE-2024-4603", - "modified": "2025-11-19T02:04:28.636018Z" + "modified": "2025-11-20T10:17:43.955114Z" }, { "id": "DEBIAN-CVE-2024-4741", - "modified": "2025-11-19T01:01:56.969337Z" + "modified": "2025-11-20T10:17:26.990307Z" }, { "id": "DEBIAN-CVE-2024-5535", - "modified": "2025-11-19T02:02:53.246805Z" + "modified": "2025-11-20T10:17:48.194687Z" }, { "id": "DEBIAN-CVE-2024-6119", - "modified": "2025-11-19T02:04:35.555400Z" + "modified": "2025-11-20T10:17:53.824117Z" }, { "id": "DEBIAN-CVE-2024-9143", - "modified": "2025-11-19T01:01:56.791165Z" + "modified": "2025-11-20T10:17:55.864918Z" }, { "id": "DEBIAN-CVE-2025-11187", - "modified": "2026-02-01T20:01:22.848980Z" + "modified": "2026-02-01T20:15:44.382340Z" }, { "id": "DEBIAN-CVE-2025-15467", - "modified": "2026-02-26T08:01:15.079280Z" + "modified": "2026-02-01T20:16:03.195403Z" }, { "id": "DEBIAN-CVE-2025-15468", - "modified": "2026-02-01T20:01:21.279895Z" + "modified": "2026-02-01T20:15:50.413366Z" }, { "id": "DEBIAN-CVE-2025-15469", - "modified": "2026-02-01T20:01:16.747717Z" + "modified": "2026-02-01T20:15:56.347911Z" }, { "id": "DEBIAN-CVE-2025-27587", - "modified": "2025-11-19T01:03:13.852343Z" + "modified": "2025-11-20T10:18:06.745292Z" }, { "id": "DEBIAN-CVE-2025-4575", @@ -4969,143 +4909,135 @@ interactions: }, { "id": "DEBIAN-CVE-2025-66199", - "modified": "2026-02-01T20:01:23.308969Z" + "modified": "2026-02-01T20:15:59.468539Z" }, { "id": "DEBIAN-CVE-2025-68160", - "modified": "2026-02-23T15:01:30.829710Z" + "modified": "2026-02-01T20:15:53.558839Z" }, { "id": "DEBIAN-CVE-2025-69418", - "modified": "2026-02-23T15:01:34.534567Z" + "modified": "2026-02-01T20:16:10.273490Z" }, { "id": "DEBIAN-CVE-2025-69419", - "modified": "2026-02-23T15:01:26.866129Z" + "modified": "2026-02-01T20:16:13.803909Z" }, { "id": "DEBIAN-CVE-2025-69420", - "modified": "2026-02-23T15:01:24.396408Z" + "modified": "2026-02-01T20:15:47.671017Z" }, { "id": "DEBIAN-CVE-2025-69421", - "modified": "2026-02-23T15:01:33.767596Z" + "modified": "2026-02-03T11:16:34.961716Z" }, { "id": "DEBIAN-CVE-2025-9230", - "modified": "2025-11-19T02:02:49.060854Z" + "modified": "2025-11-20T10:18:28.690398Z" }, { "id": "DEBIAN-CVE-2025-9231", - "modified": "2025-11-19T02:04:23.949464Z" + "modified": "2025-11-20T10:18:28.713979Z" }, { "id": "DEBIAN-CVE-2025-9232", - "modified": "2025-11-19T02:02:53.725801Z" + "modified": "2025-11-20T10:18:28.748819Z" }, { "id": "DEBIAN-CVE-2026-22795", - "modified": "2026-02-23T15:01:35.146488Z" + "modified": "2026-02-01T20:15:40.679029Z" }, { "id": "DEBIAN-CVE-2026-22796", - "modified": "2026-02-23T15:01:28.414591Z" - }, - { - "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-14T16:48:13.279039Z" + "modified": "2026-02-01T20:16:16.928963Z" }, { "id": "DLA-3008-1", - "modified": "2026-03-09T01:23:33.375630Z" + "modified": "2025-05-26T07:22:45.706031Z" }, { "id": "DLA-3325-1", - "modified": "2026-03-09T01:19:40.983935Z" + "modified": "2025-05-26T07:22:47.806974Z" }, { "id": "DLA-3449-1", - "modified": "2026-03-09T01:22:47.322805Z" + "modified": "2025-05-26T07:23:20.191820Z" }, { "id": "DLA-3530-1", - "modified": "2026-03-09T01:19:28.929204Z" + "modified": "2025-05-26T07:23:36.219658Z" }, { "id": "DLA-3942-1", - "modified": "2026-03-09T01:22:40.686044Z" + "modified": "2025-05-26T07:23:52.994725Z" }, { "id": "DLA-3942-2", - "modified": "2026-03-09T01:21:01.728730Z" + "modified": "2025-05-26T07:23:53.056205Z" }, { "id": "DLA-4176-1", - "modified": "2026-03-09T01:20:23.459313Z" + "modified": "2025-05-26T07:02:17.127596Z" }, { "id": "DLA-4321-1", "modified": "2025-10-03T16:33:24.717173Z" }, - { - "id": "DLA-4490-1", - "modified": "2026-02-23T10:30:28.927832Z" - }, { "id": "DSA-4539-1", - "modified": "2026-03-09T02:09:20.276054Z" + "modified": "2025-05-26T07:20:57.698150Z" }, { "id": "DSA-4539-3", - "modified": "2019-10-13T00:00:00Z" + "modified": "2025-05-26T07:05:14.261652Z" }, { "id": "DSA-4661-1", - "modified": "2026-03-09T02:08:53.792348Z" + "modified": "2025-05-26T07:21:44.983880Z" }, { "id": "DSA-4807-1", - "modified": "2026-03-09T02:10:20.442914Z" + "modified": "2025-05-26T07:21:45.227381Z" }, { "id": "DSA-4855-1", - "modified": "2026-03-09T02:11:29.405206Z" + "modified": "2025-05-26T07:20:57.944135Z" }, { "id": "DSA-4875-1", - "modified": "2026-03-09T02:10:05.387501Z" + "modified": "2025-05-26T07:22:25.295971Z" }, { "id": "DSA-4963-1", - "modified": "2026-03-09T02:10:15.488747Z" + "modified": "2025-05-26T07:22:29.610492Z" }, { "id": "DSA-5103-1", - "modified": "2026-03-09T02:09:42.407559Z" + "modified": "2025-05-26T07:22:36.298650Z" }, { "id": "DSA-5139-1", - "modified": "2026-03-09T02:09:17.334653Z" + "modified": "2025-05-26T07:22:45.765450Z" }, { "id": "DSA-5169-1", - "modified": "2026-03-09T02:09:37.692763Z" + "modified": "2025-05-26T07:22:47.687377Z" }, { "id": "DSA-5343-1", - "modified": "2026-03-09T02:09:47.149297Z" + "modified": "2025-05-26T07:22:47.870882Z" }, { "id": "DSA-5417-1", - "modified": "2026-03-09T02:09:39.950679Z" + "modified": "2025-05-26T07:23:20.254324Z" }, { "id": "DSA-5532-1", - "modified": "2026-03-09T02:08:31.395482Z" + "modified": "2025-05-26T07:23:52.176093Z" }, { "id": "DSA-5764-1", - "modified": "2026-03-09T02:09:02.723874Z" + "modified": "2025-05-26T07:24:15.576601Z" }, { "id": "DSA-6015-1", @@ -5113,7 +5045,7 @@ interactions: }, { "id": "DSA-6113-1", - "modified": "2026-01-27T20:30:04.397078Z" + "modified": "2026-01-27T20:15:37.634049Z" } ] }, @@ -5122,7 +5054,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2011-4116", - "modified": "2025-11-19T01:08:48.534508Z" + "modified": "2025-11-20T10:10:50.058601Z" }, { "id": "DEBIAN-CVE-2017-12837", @@ -5178,11 +5110,11 @@ interactions: }, { "id": "DEBIAN-CVE-2020-16156", - "modified": "2025-11-19T02:04:25.146090Z" + "modified": "2025-11-20T10:14:36.701112Z" }, { "id": "DEBIAN-CVE-2021-36770", - "modified": "2025-11-19T01:08:50.244924Z" + "modified": "2025-11-20T10:15:44.080114Z" }, { "id": "DEBIAN-CVE-2022-48522", @@ -5190,31 +5122,31 @@ interactions: }, { "id": "DEBIAN-CVE-2023-31484", - "modified": "2025-11-19T01:01:55.072028Z" + "modified": "2025-11-20T10:17:35.627220Z" }, { "id": "DEBIAN-CVE-2023-31486", - "modified": "2025-11-19T01:06:23.122275Z" + "modified": "2025-11-20T10:17:36.081192Z" }, { "id": "DEBIAN-CVE-2023-47038", - "modified": "2025-11-19T02:02:47.808046Z" + "modified": "2025-11-20T10:16:46.343364Z" }, { "id": "DEBIAN-CVE-2024-56406", - "modified": "2025-11-19T02:04:37.240014Z" + "modified": "2025-11-20T10:17:48.686371Z" }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-19T01:12:36.316842Z" + "modified": "2025-11-20T10:18:21.143971Z" }, { "id": "DLA-3926-1", - "modified": "2026-03-09T01:20:46.118633Z" + "modified": "2025-05-26T07:21:42.385892Z" }, { "id": "DSA-5902-1", - "modified": "2026-03-09T02:09:19.793163Z" + "modified": "2025-05-26T07:24:14.898997Z" } ] }, @@ -5226,35 +5158,35 @@ interactions: "vulns": [ { "id": "DLA-3072-1", - "modified": "2026-03-09T01:22:24.680239Z" + "modified": "2025-05-26T07:22:56.848703Z" }, { "id": "DLA-3189-1", - "modified": "2022-11-15T00:00:00Z" + "modified": "2025-05-26T07:01:07.887113Z" }, { "id": "DLA-3316-1", - "modified": "2023-02-10T00:00:00Z" + "modified": "2025-05-26T07:01:13.127412Z" }, { "id": "DLA-3422-1", - "modified": "2026-03-09T01:20:56.692752Z" + "modified": "2025-05-26T07:23:26.375715Z" }, { "id": "DLA-3600-1", - "modified": "2026-03-09T01:17:49.966197Z" + "modified": "2025-05-26T07:23:40.030714Z" }, { "id": "DLA-3651-1", - "modified": "2026-03-09T01:18:05.310519Z" + "modified": "2025-05-26T07:23:53.368012Z" }, { "id": "DLA-3764-1", - "modified": "2026-03-09T01:23:22.273526Z" + "modified": "2025-05-26T07:23:55.849014Z" }, { "id": "DSA-5135-1", - "modified": "2026-03-09T02:11:21.646978Z" + "modified": "2025-05-26T07:22:46.760638Z" } ] }, @@ -5277,7 +5209,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2005-2541", - "modified": "2025-11-19T02:02:39.239715Z" + "modified": "2025-11-20T10:09:01.923782Z" }, { "id": "DEBIAN-CVE-2018-20482", @@ -5293,15 +5225,15 @@ interactions: }, { "id": "DEBIAN-CVE-2022-48303", - "modified": "2025-11-19T01:01:59.298206Z" + "modified": "2025-11-20T10:16:07.552593Z" }, { "id": "DEBIAN-CVE-2023-39804", - "modified": "2025-11-19T02:02:53.596262Z" + "modified": "2025-11-20T10:16:41.587973Z" }, { "id": "DLA-3755-1", - "modified": "2026-03-09T01:18:04.185679Z" + "modified": "2025-05-26T07:23:40.399798Z" } ] }, @@ -5309,47 +5241,47 @@ interactions: "vulns": [ { "id": "DLA-3051-1", - "modified": "2022-06-15T00:00:00Z" + "modified": "2025-05-26T07:01:56.257796Z" }, { "id": "DLA-3134-1", - "modified": "2022-10-03T00:00:00Z" + "modified": "2025-05-26T07:01:01.500124Z" }, { "id": "DLA-3161-1", - "modified": "2022-10-26T00:00:00Z" + "modified": "2025-05-26T07:01:03.882213Z" }, { "id": "DLA-3366-1", - "modified": "2023-03-24T00:00:00Z" + "modified": "2025-05-26T07:01:17.027142Z" }, { "id": "DLA-3412-1", - "modified": "2023-05-02T00:00:00Z" + "modified": "2025-05-26T07:01:20.109212Z" }, { "id": "DLA-3684-1", - "modified": "2023-12-07T00:00:00Z" + "modified": "2025-05-26T07:01:38.953691Z" }, { "id": "DLA-3788-1", - "modified": "2024-04-18T00:00:00Z" + "modified": "2025-05-26T07:01:46.700929Z" }, { "id": "DLA-3972-1", - "modified": "2024-11-28T00:00:00Z" + "modified": "2025-05-26T07:02:05.284676Z" }, { "id": "DLA-4085-1", - "modified": "2025-03-18T00:00:00Z" + "modified": "2025-05-26T07:02:10.958749Z" }, { "id": "DLA-4105-1", - "modified": "2025-04-01T00:00:00Z" + "modified": "2025-05-26T07:02:13.921097Z" }, { "id": "DLA-4403-1", - "modified": "2025-12-12T00:00:00Z" + "modified": "2025-12-12T10:13:37.154747Z" } ] }, @@ -5357,7 +5289,7 @@ interactions: "vulns": [ { "id": "DLA-4016-1", - "modified": "2025-01-16T00:00:00Z" + "modified": "2025-05-26T07:02:06.504254Z" } ] }, @@ -5369,7 +5301,7 @@ interactions: }, { "id": "DEBIAN-CVE-2018-7738", - "modified": "2025-11-19T02:04:41.803240Z" + "modified": "2025-11-20T10:13:54.493707Z" }, { "id": "DEBIAN-CVE-2021-37600", @@ -5377,39 +5309,35 @@ interactions: }, { "id": "DEBIAN-CVE-2021-3995", - "modified": "2025-11-19T01:12:36.252792Z" + "modified": "2025-11-20T10:15:45.587792Z" }, { "id": "DEBIAN-CVE-2021-3996", - "modified": "2025-11-19T02:02:48.032233Z" + "modified": "2025-11-20T10:15:45.602424Z" }, { "id": "DEBIAN-CVE-2022-0563", - "modified": "2025-11-19T01:01:57.875266Z" + "modified": "2025-11-20T10:15:24.228408Z" }, { "id": "DEBIAN-CVE-2024-28085", - "modified": "2025-11-19T01:02:00.375077Z" + "modified": "2025-11-20T10:17:41.612682Z" }, { "id": "DEBIAN-CVE-2025-14104", - "modified": "2026-03-05T17:00:58.361610Z" - }, - { - "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2025-12-29T10:11:41.788817Z" }, { "id": "DLA-3782-1", - "modified": "2026-03-09T01:20:42.573872Z" + "modified": "2025-05-26T07:22:30.567107Z" }, { "id": "DSA-5055-1", - "modified": "2026-03-09T02:10:40.826335Z" + "modified": "2025-05-26T07:22:33.646795Z" }, { "id": "DSA-5650-1", - "modified": "2026-03-09T02:08:30.371343Z" + "modified": "2025-05-26T07:24:03.887524Z" } ] }, @@ -5417,7 +5345,7 @@ interactions: "vulns": [ { "id": "DEBIAN-CVE-2022-1271", - "modified": "2025-11-19T01:01:55.065616Z" + "modified": "2025-11-20T10:15:47.940295Z" }, { "id": "DEBIAN-CVE-2024-3094", @@ -5425,15 +5353,15 @@ interactions: }, { "id": "DEBIAN-CVE-2025-31115", - "modified": "2025-11-19T02:02:42.561876Z" + "modified": "2025-11-20T10:18:07.484724Z" }, { "id": "DSA-5123-1", - "modified": "2026-03-09T02:10:46.054497Z" + "modified": "2025-05-26T07:22:45.643786Z" }, { "id": "DSA-5895-1", - "modified": "2026-03-09T02:08:52.515269Z" + "modified": "2025-05-26T07:24:22.556406Z" } ] }, @@ -5443,7 +5371,7 @@ interactions: } headers: Content-Length: - - "21427" + - "21124" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml index 05edf39f6bf..8e5e718b1e7 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml @@ -41,11 +41,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2025-11-20T12:19:03.518975Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2025-11-20T12:19:06.047365Z" } ] }, @@ -100,11 +100,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2025-11-20T12:19:03.518975Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2025-11-20T12:19:06.047365Z" } ] }, @@ -148,7 +148,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2593 + content_length: 2914 body: | { "results": [ @@ -156,163 +156,183 @@ interactions: "vulns": [ { "id": "CVE-2016-2177", - "modified": "2026-03-15T14:17:21.434685Z" + "modified": "2026-02-04T17:07:20.830265Z" }, { "id": "CVE-2016-2182", - "modified": "2026-03-15T13:53:28.133239Z" + "modified": "2026-02-11T00:23:46.507687Z" + }, + { + "id": "CVE-2021-3449", + "modified": "2026-02-11T01:28:51.287057Z" }, { "id": "CVE-2022-2274", - "modified": "2026-03-14T00:45:56.901948Z" + "modified": "2026-02-04T08:39:06.636392Z" }, { "id": "CVE-2022-3358", - "modified": "2026-03-15T14:47:31.604761Z" + "modified": "2026-02-04T02:48:23.725190Z" + }, + { + "id": "CVE-2022-3602", + "modified": "2026-02-09T05:16:32.600597Z" + }, + { + "id": "CVE-2022-3786", + "modified": "2026-02-09T05:16:35.075756Z" }, { "id": "CVE-2022-3996", - "modified": "2026-03-14T11:52:58.776255Z" + "modified": "2026-02-10T04:36:10.071493Z" }, { "id": "CVE-2022-4203", - "modified": "2026-03-14T11:56:48.298901Z" + "modified": "2026-02-05T10:28:51.668112Z" }, { "id": "CVE-2022-4304", - "modified": "2026-03-14T11:57:20.473258Z" + "modified": "2026-02-05T10:28:49.470536Z" }, { "id": "CVE-2022-4450", - "modified": "2026-03-15T14:48:08.469047Z" + "modified": "2026-02-05T10:28:50.484996Z" }, { "id": "CVE-2023-0215", - "modified": "2026-03-15T14:49:23.597965Z" - }, - { - "id": "CVE-2023-0216", - "modified": "2026-03-14T14:54:02.977746Z" + "modified": "2026-02-05T10:28:51.134913Z" }, { "id": "CVE-2023-0217", - "modified": "2026-03-14T15:00:51.319767Z" + "modified": "2026-02-05T10:28:50.543834Z" }, { "id": "CVE-2023-0286", - "modified": "2026-03-14T11:56:55.751641Z" - }, - { - "id": "CVE-2023-0401", - "modified": "2026-03-14T12:00:52.936954Z" + "modified": "2026-02-09T05:16:33.253789Z" }, { "id": "CVE-2023-0464", - "modified": "2026-03-15T14:49:30.035544Z" + "modified": "2026-02-09T22:18:10.293356Z" }, { "id": "CVE-2023-0465", - "modified": "2026-03-15T14:49:30.574986Z" + "modified": "2026-02-09T22:18:17.592831Z" }, { "id": "CVE-2023-0466", - "modified": "2026-03-15T14:11:19.362636Z" + "modified": "2026-02-09T22:18:11.967923Z" }, { "id": "CVE-2023-1255", - "modified": "2026-03-14T12:01:08.330785Z" + "modified": "2026-02-09T22:18:18.267878Z" }, { "id": "CVE-2023-2650", - "modified": "2026-03-15T14:49:52.213092Z" + "modified": "2026-02-09T22:18:26.080181Z" }, { "id": "CVE-2023-2975", - "modified": "2026-03-15T14:49:55.221034Z" + "modified": "2026-02-10T04:37:18.998512Z" + }, + { + "id": "CVE-2023-3446", + "modified": "2026-02-09T22:19:12.057679Z" }, { "id": "CVE-2023-3817", - "modified": "2026-03-15T13:45:23.042540Z" + "modified": "2026-02-09T22:19:25.885150Z" }, { "id": "CVE-2023-4807", - "modified": "2026-03-14T12:23:37.361743Z" + "modified": "2026-02-09T22:19:43.155188Z" }, { "id": "CVE-2023-5363", - "modified": "2026-03-15T14:48:38.264647Z" + "modified": "2026-02-09T22:20:03.990636Z" }, { "id": "CVE-2023-5678", - "modified": "2026-03-15T14:48:52.838608Z" + "modified": "2026-02-09T22:20:08.013474Z" }, { "id": "CVE-2023-6129", - "modified": "2026-03-15T14:48:42.862404Z" + "modified": "2026-02-09T22:20:10.369349Z" }, { "id": "CVE-2023-6237", - "modified": "2026-03-15T14:49:12.869757Z" + "modified": "2026-02-04T16:58:48.362437Z" + }, + { + "id": "CVE-2024-0727", + "modified": "2026-02-11T01:56:44.818513Z" }, { "id": "CVE-2024-13176", - "modified": "2026-03-15T14:51:45.713332Z" + "modified": "2026-02-10T04:39:15.938128Z" }, { "id": "CVE-2024-2511", - "modified": "2026-03-15T14:51:57.642942Z" + "modified": "2026-02-04T13:58:53.696486Z" }, { "id": "CVE-2024-4603", - "modified": "2026-03-15T13:45:23.443979Z" + "modified": "2026-02-05T21:45:27.541955Z" }, { "id": "CVE-2024-4741", - "modified": "2026-03-15T14:52:19.943734Z" + "modified": "2026-02-06T05:13:28.501835Z" }, { "id": "CVE-2024-5535", - "modified": "2026-03-15T14:13:49.948991Z" + "modified": "2026-02-05T09:13:53.570915Z" + }, + { + "id": "CVE-2024-6119", + "modified": "2026-02-09T05:19:55.844811Z" }, { "id": "CVE-2024-9143", - "modified": "2026-03-15T14:52:43.827010Z" + "modified": "2026-02-09T05:19:22.729717Z" }, { "id": "CVE-2025-15467", - "modified": "2026-03-15T14:53:03.311608Z" + "modified": "2026-02-11T02:52:15.745075Z" }, { "id": "CVE-2025-68160", - "modified": "2026-03-15T14:54:12.653472Z" + "modified": "2026-02-11T01:38:55.882307Z" }, { "id": "CVE-2025-69418", - "modified": "2026-03-14T12:45:25.725090Z" + "modified": "2026-02-11T01:49:18.912304Z" }, { "id": "CVE-2025-69419", - "modified": "2026-03-15T14:54:15.145493Z" + "modified": "2026-02-11T01:49:18.331310Z" }, { "id": "CVE-2025-69420", - "modified": "2026-03-15T14:54:02.448397Z" + "modified": "2026-02-11T01:50:20.280417Z" + }, + { + "id": "CVE-2025-69421", + "modified": "2026-02-11T01:50:20.995301Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-15T14:54:18.484012Z" + "modified": "2026-02-04T03:20:05.701563Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-15T14:54:15.246161Z" + "modified": "2026-02-04T03:11:15.966181Z" }, { "id": "CVE-2026-22795", - "modified": "2026-03-15T14:55:17.107605Z" + "modified": "2026-02-04T21:35:16.876104Z" }, { "id": "CVE-2026-22796", - "modified": "2026-03-14T15:07:15.748012Z" + "modified": "2026-02-04T21:35:18.187133Z" } ] } @@ -320,7 +340,7 @@ interactions: } headers: Content-Length: - - "2593" + - "2914" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml index 8137a140483..92a91d5c979 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml @@ -170,7 +170,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4278 body: | { "results": [ @@ -189,10 +189,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" - }, { "id": "GHSA-h46c-h94j-95f3", "modified": "2026-02-04T03:44:39.385253Z" @@ -375,7 +371,7 @@ interactions: }, { "id": "GHSA-rpr3-cw39-3pxh", - "modified": "2026-03-13T22:01:03.241551Z" + "modified": "2026-02-04T04:07:52.719878Z" }, { "id": "GHSA-v585-23hc-c647", @@ -421,7 +417,7 @@ interactions: "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", - "modified": "2026-03-13T22:01:09.359414Z" + "modified": "2026-02-04T02:37:14.415320Z" }, { "id": "GHSA-hmr7-m48g-48f6", @@ -430,10 +426,6 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" - }, - { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" } ] }, @@ -446,7 +438,7 @@ interactions: }, { "id": "GHSA-gwcr-j4wh-j3cq", - "modified": "2026-03-13T21:59:32.515061Z" + "modified": "2026-02-04T04:36:55.164608Z" }, { "id": "GHSA-j26w-f9rq-mr2q", @@ -467,7 +459,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4278" Content-Type: - application/json status: 200 OK @@ -642,7 +634,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4348 body: | { "results": [ @@ -847,7 +839,7 @@ interactions: }, { "id": "GHSA-rpr3-cw39-3pxh", - "modified": "2026-03-13T22:01:03.241551Z" + "modified": "2026-02-04T04:07:52.719878Z" }, { "id": "GHSA-v585-23hc-c647", @@ -893,7 +885,7 @@ interactions: "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", - "modified": "2026-03-13T22:01:09.359414Z" + "modified": "2026-02-04T02:37:14.415320Z" }, { "id": "GHSA-hmr7-m48g-48f6", @@ -902,10 +894,6 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" - }, - { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" } ] }, @@ -918,7 +906,7 @@ interactions: }, { "id": "GHSA-gwcr-j4wh-j3cq", - "modified": "2026-03-13T21:59:32.515061Z" + "modified": "2026-02-04T04:36:55.164608Z" }, { "id": "GHSA-j26w-f9rq-mr2q", @@ -939,7 +927,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4348" Content-Type: - application/json status: 200 OK @@ -1107,14 +1095,14 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis + - TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis_disabled url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4348 body: | { "results": [ @@ -1319,7 +1307,7 @@ interactions: }, { "id": "GHSA-rpr3-cw39-3pxh", - "modified": "2026-03-13T22:01:03.241551Z" + "modified": "2026-02-04T04:07:52.719878Z" }, { "id": "GHSA-v585-23hc-c647", @@ -1365,7 +1353,7 @@ interactions: "vulns": [ { "id": "GHSA-cj7v-27pg-wf7q", - "modified": "2026-03-13T22:01:09.359414Z" + "modified": "2026-02-04T02:37:14.415320Z" }, { "id": "GHSA-hmr7-m48g-48f6", @@ -1374,10 +1362,470 @@ interactions: { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-3gh6-v5v9-6v9j", + "modified": "2026-02-04T03:12:16.534413Z" + }, + { + "id": "GHSA-gwcr-j4wh-j3cq", + "modified": "2026-02-04T04:36:55.164608Z" + }, + { + "id": "GHSA-j26w-f9rq-mr2q", + "modified": "2026-02-04T03:32:43.162423Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-264p-99wq-f4j6", + "modified": "2026-02-04T03:21:48.913313Z" + } + ] + } + ] + } + headers: + Content-Length: + - "4348" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3196 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:aws-java-sdk-core" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:aws-java-sdk-kms" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:aws-java-sdk-s3" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.amazonaws:jmespath-java" + }, + "version": "1.11.327" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.example:hello-tester" + }, + "version": "1.0-SNAPSHOT" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.core:jackson-annotations" + }, + "version": "2.6.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.core:jackson-core" + }, + "version": "2.14.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.core:jackson-databind" + }, + "version": "2.6.7.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor" + }, + "version": "2.6.7" + }, + { + "package": { + "ecosystem": "Maven", + "name": "commons-codec:commons-codec" + }, + "version": "1.10" + }, + { + "package": { + "ecosystem": "Maven", + "name": "commons-logging:commons-logging" + }, + "version": "1.1.3" + }, + { + "package": { + "ecosystem": "Maven", + "name": "joda-time:joda-time" + }, + "version": "2.8.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.commons:commons-lang3" + }, + "version": "3.12.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.httpcomponents:httpclient" + }, + "version": "4.5.5" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.httpcomponents:httpcore" + }, + "version": "4.4.9" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-continuation" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-http" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-io" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-servlets" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.eclipse.jetty:jetty-util" + }, + "version": "9.4.40.v20210413" + }, + { + "package": { + "ecosystem": "Maven", + "name": "software.amazon.ion:ion-java" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 4278 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-c28r-hw5m-5gv3", + "modified": "2023-11-08T04:09:28.159861Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-h46c-h94j-95f3", + "modified": "2026-02-04T03:44:39.385253Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-288c-cq4h-88gq", + "modified": "2026-02-04T04:33:29.159339Z" + }, + { + "id": "GHSA-4gq5-ch57-c2mg", + "modified": "2024-03-15T05:20:21.411726Z" + }, + { + "id": "GHSA-4w82-r329-3q67", + "modified": "2024-03-16T05:18:54.922179Z" + }, + { + "id": "GHSA-57j2-w4cx-62h2", + "modified": "2026-02-04T04:26:14.546092Z" + }, + { + "id": "GHSA-5949-rw7g-wx7w", + "modified": "2025-09-15T07:42:14.888352Z" + }, + { + "id": "GHSA-5r5r-6hpj-8gg9", + "modified": "2024-02-18T05:42:28.539166Z" + }, + { + "id": "GHSA-5ww9-j83m-q7qx", + "modified": "2024-03-15T01:17:50.016820Z" + }, + { + "id": "GHSA-645p-88qh-w398", + "modified": "2024-03-16T05:19:17.936174Z" + }, + { + "id": "GHSA-6fpp-rgj9-8rwc", + "modified": "2024-03-15T05:18:54.134884Z" + }, + { + "id": "GHSA-85cw-hj65-qqv9", + "modified": "2024-03-15T05:20:15.574552Z" + }, + { + "id": "GHSA-89qr-369f-5m5x", + "modified": "2024-02-18T05:37:27.581808Z" + }, + { + "id": "GHSA-8c4j-34r4-xr8g", + "modified": "2024-02-18T05:31:52.762759Z" + }, + { + "id": "GHSA-8w26-6f25-cm9x", + "modified": "2024-02-18T05:30:48.085017Z" }, { - "id": "GHSA-wjpw-4j6x-6rwh", - "modified": "2026-03-09T11:29:07.402944Z" + "id": "GHSA-9gph-22xh-8x98", + "modified": "2024-02-18T05:33:27.617261Z" + }, + { + "id": "GHSA-9m6f-7xcq-8vf8", + "modified": "2024-02-18T05:32:25.400029Z" + }, + { + "id": "GHSA-c8hm-7hpq-7jhg", + "modified": "2024-03-15T01:17:19.251183Z" + }, + { + "id": "GHSA-cf6r-3wgc-h863", + "modified": "2024-02-18T05:32:56.325249Z" + }, + { + "id": "GHSA-cggj-fvv3-cqwv", + "modified": "2024-03-15T01:18:46.938616Z" + }, + { + "id": "GHSA-cjjf-94ff-43w7", + "modified": "2024-03-11T05:19:23.395848Z" + }, + { + "id": "GHSA-cmfg-87vq-g5g4", + "modified": "2024-03-15T01:18:17.903231Z" + }, + { + "id": "GHSA-cvm9-fjm9-3572", + "modified": "2024-02-18T05:25:36.165759Z" + }, + { + "id": "GHSA-f3j5-rmmp-3fc5", + "modified": "2024-03-15T05:20:35.120151Z" + }, + { + "id": "GHSA-f9xh-2qgp-cq57", + "modified": "2024-02-18T05:32:05.421673Z" + }, + { + "id": "GHSA-fmmc-742q-jg75", + "modified": "2024-03-16T05:19:55.172981Z" + }, + { + "id": "GHSA-fqwf-pjwf-7vqv", + "modified": "2024-07-03T21:22:37.578162Z" + }, + { + "id": "GHSA-gjmw-vf9h-g25v", + "modified": "2024-03-16T05:19:37.211801Z" + }, + { + "id": "GHSA-gwp4-hfv6-p7hw", + "modified": "2024-03-13T05:27:58.436849Z" + }, + { + "id": "GHSA-gww7-p5w4-wrfv", + "modified": "2024-03-15T01:05:18.790961Z" + }, + { + "id": "GHSA-h3cw-g4mq-c5x2", + "modified": "2024-02-18T05:30:45.329621Z" + }, + { + "id": "GHSA-h592-38cm-4ggp", + "modified": "2024-03-15T01:16:50.905794Z" + }, + { + "id": "GHSA-h822-r4r5-v8jg", + "modified": "2026-02-04T02:19:17.186100Z" + }, + { + "id": "GHSA-jjjh-jjxp-wpff", + "modified": "2026-02-04T02:23:59.070528Z" + }, + { + "id": "GHSA-m6x4-97wx-4q27", + "modified": "2024-02-18T05:21:54.725837Z" + }, + { + "id": "GHSA-mph4-vhrx-mv67", + "modified": "2024-03-15T01:16:21.467932Z" + }, + { + "id": "GHSA-mx7p-6679-8g3q", + "modified": "2024-03-15T01:01:46.432481Z" + }, + { + "id": "GHSA-p43x-xfjf-5jhr", + "modified": "2024-03-15T00:33:14.700288Z" + }, + { + "id": "GHSA-q93h-jc49-78gg", + "modified": "2024-03-16T05:19:47.711015Z" + }, + { + "id": "GHSA-qjw2-hr98-qgfh", + "modified": "2024-02-18T05:20:56.894470Z" + }, + { + "id": "GHSA-qr7j-h6gg-jmgc", + "modified": "2024-03-11T05:21:14.313980Z" + }, + { + "id": "GHSA-r3gr-cxrf-hg25", + "modified": "2024-06-25T14:20:21.323050Z" + }, + { + "id": "GHSA-r695-7vr9-jgc2", + "modified": "2024-02-18T05:30:45.856594Z" + }, + { + "id": "GHSA-rfx6-vp9g-rh7v", + "modified": "2024-03-11T05:17:47.425595Z" + }, + { + "id": "GHSA-rgv9-q543-rqg4", + "modified": "2026-02-04T02:40:22.352009Z" + }, + { + "id": "GHSA-rpr3-cw39-3pxh", + "modified": "2026-02-04T04:07:52.719878Z" + }, + { + "id": "GHSA-v585-23hc-c647", + "modified": "2024-02-18T05:22:38.024460Z" + }, + { + "id": "GHSA-vfqx-33qm-g869", + "modified": "2024-02-18T05:24:26.785781Z" + }, + { + "id": "GHSA-w3f4-3q6j-rh82", + "modified": "2024-03-11T05:18:22.727055Z" + }, + { + "id": "GHSA-wh8g-3j2c-rqj5", + "modified": "2024-03-15T00:31:15.123603Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-j288-q9x7-2f5v", + "modified": "2026-02-04T03:18:02.851501Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-7r82-7xv7-xcpj", + "modified": "2026-02-04T02:20:49.137443Z" + } + ] + }, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cj7v-27pg-wf7q", + "modified": "2026-02-04T02:37:14.415320Z" + }, + { + "id": "GHSA-hmr7-m48g-48f6", + "modified": "2026-02-04T03:59:52.327364Z" + }, + { + "id": "GHSA-qh8g-58pp-2wxh", + "modified": "2026-02-04T05:13:21.910792Z" } ] }, @@ -1390,7 +1838,7 @@ interactions: }, { "id": "GHSA-gwcr-j4wh-j3cq", - "modified": "2026-03-13T21:59:32.515061Z" + "modified": "2026-02-04T04:36:55.164608Z" }, { "id": "GHSA-j26w-f9rq-mr2q", @@ -1411,7 +1859,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4278" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml index 418d85d7930..051fdf7e018 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml @@ -586,7 +586,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -604,6 +604,81 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 529 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + }, + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Licenses/Some_packages_with_ignored_licenses + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {}, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml index 660f7fe0eaf..6934f81eddf 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml @@ -214,7 +214,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -246,6 +246,111 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 763 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 268 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "268" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -327,7 +432,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -359,6 +464,111 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 763 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic_2 + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 268 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "268" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -463,7 +673,7 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-02-04T03:17:54.277407Z" } ] }, @@ -487,3 +697,93 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 641 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/when_an_explicit_parse-as_is_given,_it's_applied_to_that_file + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 186 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "186" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml index f516414b0fc..6ac6f8708bb 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml @@ -364,7 +364,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 526 + content_length: 456 body: | { "results": [ @@ -406,10 +406,6 @@ interactions: { "id": "GHSA-vvfq-8hwr-qm4m", "modified": "2026-02-04T03:58:31.466756Z" - }, - { - "id": "GHSA-wx95-c6cv-8532", - "modified": "2026-02-25T10:44:01.279701Z" } ] }, @@ -427,7 +423,7 @@ interactions: } headers: Content-Length: - - "526" + - "456" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml index 0df654bb784..e63f4907e1a 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml @@ -5,7 +5,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 9305 + content_length: 172 host: api.osv.dev body: | { @@ -13,329 +13,768 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "com.android.support:animated-vector-drawable" - }, - "version": "24.0.0" - }, - { - "package": { - "ecosystem": "Maven", - "name": "com.android.support:appcompat-v7" + "name": "org.apache.logging.log4j:log4j-web" }, - "version": "24.0.0" - }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/does_not_scan_transitive_dependencies_for_pom.xml_with_no-resolve + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 16 + body: | + { + "results": [ + {} + ] + } + headers: + Content-Length: + - "16" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 386 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.android.support:mediarouter-v7" + "ecosystem": "PyPI", + "name": "django" }, - "version": "24.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "com.android.support:palette-v7" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "24.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.android.support:support-annotations" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "24.0.0" - }, + "version": "2.20.0" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/does_not_scan_transitive_dependencies_for_requirements.txt_with_no-resolve + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1011 + body: | + { + "results": [ { - "package": { - "ecosystem": "Maven", - "name": "com.android.support:support-v4" - }, - "version": "24.0.0" + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.android.support:support-vector-drawable" - }, - "version": "24.0.0" + "vulns": [ + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" - }, - "version": "10.0.0" - }, + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } + ] + } + headers: + Content-Length: + - "1011" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 997 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads" + "ecosystem": "PyPI", + "name": "click" }, - "version": "10.0.0" + "version": "8.3.1" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads-lite" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics" + "ecosystem": "PyPI", + "name": "flask-cors" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics-impl" + "ecosystem": "PyPI", + "name": "itsdangerous" }, - "version": "10.0.0" + "version": "2.2.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-appinvite" + "ecosystem": "PyPI", + "name": "jinja2" }, - "version": "10.0.0" + "version": "3.1.6" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth" + "ecosystem": "PyPI", + "name": "markupsafe" }, - "version": "10.0.0" + "version": "3.0.3" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth-base" + "ecosystem": "PyPI", + "name": "pandas" }, - "version": "10.0.0" + "version": "0.23.4" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-awareness" + "ecosystem": "PyPI", + "name": "werkzeug" }, - "version": "10.0.0" - }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/fall_back_to_the_offline_extractor_if_resolution_failed + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 880 + body: | + { + "results": [ + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-base" - }, - "version": "10.0.0" - }, + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "880" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 386 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-basement" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast" + "ecosystem": "PyPI", + "name": "flask-cors" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast-framework" + "ecosystem": "PyPI", + "name": "pandas" }, - "version": "10.0.0" + "version": "0.23.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/fall_back_to_the_offline_extractor_if_resolution_failed + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 795 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] }, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + } + ] + } + headers: + Content-Length: + - "795" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 9305 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-clearcut" + "name": "com.android.support:animated-vector-drawable" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-drive" + "name": "com.android.support:appcompat-v7" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-fitness" + "name": "com.android.support:mediarouter-v7" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-games" + "name": "com.android.support:palette-v7" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gass" + "name": "com.android.support:support-annotations" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gcm" + "name": "com.android.support:support-v4" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-identity" + "name": "com.android.support:support-vector-drawable" }, - "version": "10.0.0" + "version": "24.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-iid" + "name": "com.google.android.gms:play-services" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-instantapps" + "name": "com.google.android.gms:play-services-ads" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-location" + "name": "com.google.android.gms:play-services-ads-lite" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-maps" + "name": "com.google.android.gms:play-services-analytics" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-nearby" + "name": "com.google.android.gms:play-services-analytics-impl" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-panorama" + "name": "com.google.android.gms:play-services-appinvite" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-places" + "name": "com.google.android.gms:play-services-auth" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-plus" + "name": "com.google.android.gms:play-services-auth-base" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-safetynet" + "name": "com.google.android.gms:play-services-awareness" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager" + "name": "com.google.android.gms:play-services-base" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-api" + "name": "com.google.android.gms:play-services-basement" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + "name": "com.google.android.gms:play-services-cast" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tasks" + "name": "com.google.android.gms:play-services-cast-framework" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-vision" + "name": "com.google.android.gms:play-services-clearcut" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wallet" + "name": "com.google.android.gms:play-services-drive" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wearable" + "name": "com.google.android.gms:play-services-fitness" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics" + "name": "com.google.android.gms:play-services-games" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics-impl" + "name": "com.google.android.gms:play-services-gass" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-appindexing" + "name": "com.google.android.gms:play-services-gcm" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.firebase:firebase-auth" + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-places" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-plus" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-safetynet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-api" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tasks" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-vision" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wallet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wearable" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-appindexing" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-auth" }, "version": "10.0.0" }, @@ -539,58 +978,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 324 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" - }, - "version": "10.0.0" - }, - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" - }, - "version": "2.14.1" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/pom.xml_multiple_registries - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 19 - body: | - { - "results": [ - {}, - {} - ] - } - headers: - Content-Length: - - "19" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -639,7 +1026,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 147 + content_length: 286 host: api.osv.dev body: | { @@ -650,6 +1037,13 @@ interactions: "name": "junit:junit" }, "version": "4.12" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.hamcrest:hamcrest-core" + }, + "version": "1.3" } ] } @@ -664,7 +1058,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 95 + content_length: 98 body: | { "results": [ @@ -672,15 +1066,16 @@ interactions: "vulns": [ { "id": "GHSA-269g-pwp5-87pp", - "modified": "2026-03-13T22:15:22.410895Z" + "modified": "2026-02-04T02:50:44.928230Z" } ] - } + }, + {} ] } headers: Content-Length: - - "95" + - "98" Content-Type: - application/json status: 200 OK @@ -690,7 +1085,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 286 + content_length: 473 host: api.osv.dev body: | { @@ -698,16 +1093,23 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "junit:junit" + "name": "org.apache.logging.log4j:log4j-api" }, - "version": "4.12" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "org.hamcrest:hamcrest-core" + "name": "org.apache.logging.log4j:log4j-core" }, - "version": "1.3" + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" } ] } @@ -715,22 +1117,39 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_non_utf8_encoding + - TestCommand_Transitive/pom.xml_transitive_default url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 98 + content_length: 381 body: | { "results": [ + {}, { "vulns": [ { - "id": "GHSA-269g-pwp5-87pp", - "modified": "2026-03-13T22:15:22.410895Z" + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" } ] }, @@ -739,7 +1158,7 @@ interactions: } headers: Content-Length: - - "98" + - "381" Content-Type: - application/json status: 200 OK @@ -781,7 +1200,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_default + - TestCommand_Transitive/pom.xml_transitive_explicit_lockfile url: https://api.osv.dev/v1/querybatch method: POST response: @@ -832,7 +1251,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 172 + content_length: 9305 host: api.osv.dev body: | { @@ -840,33 +1259,2164 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "name": "com.android.support:animated-vector-drawable" }, - "version": "2.14.1" - } - ] - } + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:appcompat-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:mediarouter-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:palette-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-annotations" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-v4" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads-lite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-appinvite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-awareness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-basement" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast-framework" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-clearcut" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-drive" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-fitness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-games" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gass" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gcm" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-places" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-plus" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-safetynet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-api" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tasks" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-vision" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wallet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wearable" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-appindexing" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-config" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-crash" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database-connection" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-messaging" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-api" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-core" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/pom.xml_transitive_native_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 628 + body: | + { + "results": [ + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cm6r-892j-jv2g", + "modified": "2023-11-08T04:08:28.014834Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "628" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 386 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_no_resolve_no_transitive + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1081 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } + ] + } + headers: + Content-Length: + - "1081" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 997 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask-cors" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pandas" + }, + "version": "0.23.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_resolution_fallback + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 880 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "880" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.0.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1604 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_native_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 9305 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:animated-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:appcompat-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:mediarouter-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:palette-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-annotations" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-v4" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads-lite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-appinvite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-awareness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-basement" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast-framework" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-clearcut" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-drive" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-fitness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-games" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gass" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gcm" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-places" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-plus" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-safetynet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-api" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-tasks" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-vision" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wallet" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-wearable" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-appindexing" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-config" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-crash" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-database-connection" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-messaging" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage-common" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-api" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-core" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/resolves_transitive_dependencies_with_native_data_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 628 + body: | + { + "results": [ + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cm6r-892j-jv2g", + "modified": "2023-11-08T04:08:28.014834Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "628" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1598 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2025.2" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" + } + ] + } headers: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_default + - TestCommand_Transitive/resolves_transitive_dependencies_with_native_data_source_for_Python_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 16 + content_length: 2083 body: | { "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, {} ] } headers: Content-Length: - - "16" + - "2083" Content-Type: - application/json status: 200 OK @@ -876,31 +3426,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 473 + content_length: 505 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-api" + "ecosystem": "PyPI", + "name": "django" }, - "version": "2.14.1" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-core" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "2.14.1" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "2.14.1" + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "numpy" + }, + "version": "2.3.1" } ] } @@ -908,39 +3465,82 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_explicit_lockfile + - TestCommand_Transitive/scan_local_disk_transitive_dependencies url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 381 + content_length: 1014 body: | { "results": [ - {}, { "vulns": [ { - "id": "GHSA-7rjr-3q55-vv33", - "modified": "2025-10-22T19:37:53.742023Z" + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" }, { - "id": "GHSA-8489-44mv-ggj8", - "modified": "2025-05-09T13:12:38.923602Z" + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" }, { - "id": "GHSA-jfh8-c2jp-5v3q", - "modified": "2025-10-22T19:37:02.616807Z" + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" }, { - "id": "GHSA-p6xc-xr62-6r2g", - "modified": "2025-05-09T13:12:54.089856Z" + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" }, { - "id": "GHSA-vc5p-v9hr-52mj", - "modified": "2026-02-04T03:10:00.616806Z" + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" } ] }, @@ -949,7 +3549,7 @@ interactions: } headers: Content-Length: - - "381" + - "1014" Content-Type: - application/json status: 200 OK @@ -959,7 +3559,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 172 + content_length: 9305 host: api.osv.dev body: | { @@ -967,459 +3567,1201 @@ interactions: { "package": { "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "name": "com.android.support:animated-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:appcompat-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:mediarouter-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:palette-v7" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-annotations" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-v4" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.android.support:support-vector-drawable" + }, + "version": "24.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-ads-lite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-analytics-impl" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-appinvite" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-auth-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-awareness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-base" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-basement" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-cast-framework" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-clearcut" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-drive" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-fitness" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-games" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gass" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-gcm" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-identity" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-iid" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-instantapps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-location" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-maps" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-nearby" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.android.gms:play-services-panorama" }, - "version": "2.14.1" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 16 - body: | - { - "results": [ - {} - ] - } - headers: - Content-Length: - - "16" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 9305 - host: api.osv.dev - body: | - { - "queries": [ + "version": "10.0.0" + }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:animated-vector-drawable" + "name": "com.google.android.gms:play-services-places" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:appcompat-v7" + "name": "com.google.android.gms:play-services-plus" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:mediarouter-v7" + "name": "com.google.android.gms:play-services-safetynet" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:palette-v7" + "name": "com.google.android.gms:play-services-tagmanager" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:support-annotations" + "name": "com.google.android.gms:play-services-tagmanager-api" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:support-v4" + "name": "com.google.android.gms:play-services-tagmanager-v4-impl" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.android.support:support-vector-drawable" + "name": "com.google.android.gms:play-services-tasks" }, - "version": "24.0.0" + "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" + "name": "com.google.android.gms:play-services-vision" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads" + "name": "com.google.android.gms:play-services-wallet" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-ads-lite" + "name": "com.google.android.gms:play-services-wearable" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics" + "name": "com.google.firebase:firebase-analytics" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-analytics-impl" + "name": "com.google.firebase:firebase-analytics-impl" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-appinvite" + "name": "com.google.firebase:firebase-appindexing" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth" + "name": "com.google.firebase:firebase-auth" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-auth-base" + "name": "com.google.firebase:firebase-common" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-awareness" + "name": "com.google.firebase:firebase-config" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-base" + "name": "com.google.firebase:firebase-crash" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-basement" + "name": "com.google.firebase:firebase-database" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast" + "name": "com.google.firebase:firebase-database-connection" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-cast-framework" + "name": "com.google.firebase:firebase-iid" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-clearcut" + "name": "com.google.firebase:firebase-messaging" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-drive" + "name": "com.google.firebase:firebase-storage" + }, + "version": "10.0.0" + }, + { + "package": { + "ecosystem": "Maven", + "name": "com.google.firebase:firebase-storage-common" }, "version": "10.0.0" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-fitness" + "name": "org.apache.logging.log4j:log4j-api" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-core" + }, + "version": "2.14.1" + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.logging.log4j:log4j-web" + }, + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_dependencies_from_multiple_registries + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 628 + body: | + { + "results": [ + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-cm6r-892j-jv2g", + "modified": "2023-11-08T04:08:28.014834Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "628" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 286 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Maven", + "name": "junit:junit" }, - "version": "10.0.0" + "version": "4.12" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-games" + "name": "org.hamcrest:hamcrest-core" }, - "version": "10.0.0" - }, + "version": "1.3" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_pom.xml_with_non_UTF-8_encoding + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 98 + body: | + { + "results": [ { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gass" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-269g-pwp5-87pp", + "modified": "2026-02-04T02:50:44.928230Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "98" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 473 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-gcm" + "name": "org.apache.logging.log4j:log4j-api" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-identity" + "name": "org.apache.logging.log4j:log4j-core" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-iid" + "name": "org.apache.logging.log4j:log4j-web" }, - "version": "10.0.0" + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_by_specifying_pom.xml + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 381 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "381" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 473 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-instantapps" + "name": "org.apache.logging.log4j:log4j-api" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-location" + "name": "org.apache.logging.log4j:log4j-core" }, - "version": "10.0.0" + "version": "2.14.1" }, { "package": { "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-maps" + "name": "org.apache.logging.log4j:log4j-web" }, - "version": "10.0.0" + "version": "2.14.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_for_pom.xml_by_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 381 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-7rjr-3q55-vv33", + "modified": "2025-10-22T19:37:53.742023Z" + }, + { + "id": "GHSA-8489-44mv-ggj8", + "modified": "2025-05-09T13:12:38.923602Z" + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "modified": "2025-10-22T19:37:02.616807Z" + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "modified": "2025-05-09T13:12:54.089856Z" + }, + { + "id": "GHSA-vc5p-v9hr-52mj", + "modified": "2026-02-04T03:10:00.616806Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "381" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 507 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-nearby" + "ecosystem": "PyPI", + "name": "django" }, - "version": "10.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-panorama" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-places" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "10.0.0" + "version": "2025.2.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-plus" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "10.0.0" + "version": "2.20.0" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_by_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1084 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-safetynet" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] }, + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager" - }, - "version": "10.0.0" - }, + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } + ] + } + headers: + Content-Length: + - "1084" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-api" + "ecosystem": "PyPI", + "name": "certifi" }, - "version": "10.0.0" + "version": "2026.2.25" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tagmanager-v4-impl" + "ecosystem": "PyPI", + "name": "chardet" }, - "version": "10.0.0" + "version": "3.0.4" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-tasks" + "ecosystem": "PyPI", + "name": "click" }, - "version": "10.0.0" + "version": "8.3.1" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-vision" + "ecosystem": "PyPI", + "name": "django" }, - "version": "10.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wallet" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services-wearable" + "ecosystem": "PyPI", + "name": "idna" }, - "version": "10.0.0" + "version": "2.7.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics" + "ecosystem": "PyPI", + "name": "itsdangerous" }, - "version": "10.0.0" + "version": "2.2.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-analytics-impl" + "ecosystem": "PyPI", + "name": "jinja2" }, - "version": "10.0.0" + "version": "3.1.6" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-appindexing" + "ecosystem": "PyPI", + "name": "markupsafe" }, - "version": "10.0.0" + "version": "3.0.3" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-auth" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "10.0.0" + "version": "2026.1.0.post1" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-common" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "10.0.0" + "version": "2.20.0" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-config" + "ecosystem": "PyPI", + "name": "urllib3" }, - "version": "10.0.0" + "version": "1.24.3" }, { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-crash" + "ecosystem": "PyPI", + "name": "werkzeug" }, - "version": "10.0.0" - }, + "version": "3.1.6" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_with_deps.dev_API_by_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-database" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-database-connection" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-iid" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] }, + {}, + {}, + {}, + {}, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-messaging" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] }, { - "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-storage" - }, - "version": "10.0.0" + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 513 + host: api.osv.dev + body: | + { + "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.firebase:firebase-storage-common" + "ecosystem": "PyPI", + "name": "django" }, - "version": "10.0.0" + "version": "1.11.29" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-api" + "ecosystem": "PyPI", + "name": "flask" }, - "version": "2.14.1" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-core" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "2.14.1" + "version": "2026.1.0.post1" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "ecosystem": "PyPI", + "name": "requests" }, - "version": "2.14.1" + "version": "2.20.0" } ] } @@ -1427,111 +4769,95 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_native_source + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_with_deps.dev_API_by_default url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 628 + content_length: 1084 body: | { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { "vulns": [ { - "id": "GHSA-cm6r-892j-jv2g", - "modified": "2023-11-08T04:08:28.014834Z" + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { "vulns": [ { - "id": "GHSA-7rjr-3q55-vv33", - "modified": "2025-10-22T19:37:53.742023Z" + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" }, { - "id": "GHSA-8489-44mv-ggj8", - "modified": "2025-05-09T13:12:38.923602Z" + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" }, { - "id": "GHSA-jfh8-c2jp-5v3q", - "modified": "2025-10-22T19:37:02.616807Z" + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" }, { - "id": "GHSA-p6xc-xr62-6r2g", - "modified": "2025-05-09T13:12:54.089856Z" + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" }, { - "id": "GHSA-vc5p-v9hr-52mj", - "modified": "2026-02-04T03:10:00.616806Z" + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" } ] - }, - {} + } ] } headers: Content-Length: - - "628" + - "1084" Content-Type: - application/json status: 200 OK @@ -1541,24 +4867,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 324 + content_length: 507 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "Maven", - "name": "com.google.android.gms:play-services" + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" }, - "version": "10.0.0" + "version": "1.0.0" }, { "package": { - "ecosystem": "Maven", - "name": "org.apache.logging.log4j:log4j-web" + "ecosystem": "PyPI", + "name": "pytz" }, - "version": "2.14.1" + "version": "2025.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" } ] } @@ -1566,24 +4906,95 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/pom.xml_transitive_native_source + - TestCommand_Transitive/scans_transitive_dependencies_in_requirements.txt_with_deps.dev_API_by_default url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 19 + content_length: 1084 body: | { "results": [ + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, {}, - {} + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + } ] } headers: Content-Length: - - "19" + - "1084" Content-Type: - application/json status: 200 OK @@ -1593,11 +5004,32 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 386 + content_length: 1604 host: api.osv.dev body: | { "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, { "package": { "ecosystem": "PyPI", @@ -1610,7 +5042,42 @@ interactions: "ecosystem": "PyPI", "name": "flask" }, - "version": "1.0.0" + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.post1" }, { "package": { @@ -1618,6 +5085,20 @@ interactions: "name": "requests" }, "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.6" } ] } @@ -1625,17 +5106,20 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_no_resolve_no_transitive + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1081 + content_length: 2083 body: | { "results": [ + {}, + {}, + {}, { "vulns": [ { @@ -1659,60 +5143,129 @@ interactions: "modified": "2025-11-27T09:10:30.649595Z" }, { - "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" }, { - "id": "GHSA-rrqc-c2jx-6jgv", - "modified": "2024-10-30T19:23:59.139649Z" + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" }, { - "id": "PYSEC-2021-98", - "modified": "2023-12-06T01:01:16.755410Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" }, { - "id": "GHSA-m2qf-hxjv-5gpq", - "modified": "2025-02-21T05:42:17.337040Z" + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" }, { - "id": "PYSEC-2023-62", - "modified": "2023-11-08T04:12:28.231927Z" - } - ] - }, - { - "vulns": [ + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, { - "id": "GHSA-9hjg-9r4m-mvj7", - "modified": "2026-02-04T03:44:00.676479Z" + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" }, { - "id": "GHSA-9wx4-h78v-vm56", - "modified": "2026-02-04T02:43:42.271895Z" + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" }, { - "id": "GHSA-j8r2-6x86-q33q", - "modified": "2026-02-04T03:34:13.807518Z" + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" }, { - "id": "PYSEC-2023-74", - "modified": "2023-11-08T04:12:35.436175Z" + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" } ] - } + }, + {} ] } headers: Content-Length: - - "1081" + - "2083" Content-Type: - application/json status: 200 OK @@ -1722,11 +5275,25 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 997 + content_length: 1598 host: api.osv.dev body: | { "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, { "package": { "ecosystem": "PyPI", @@ -1734,19 +5301,26 @@ interactions: }, "version": "8.3.1" }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, { "package": { "ecosystem": "PyPI", "name": "flask" }, - "version": "1.0.0" + "version": "1.0" }, { "package": { "ecosystem": "PyPI", - "name": "flask-cors" + "name": "idna" }, - "version": "1.0.0" + "version": "2.7" }, { "package": { @@ -1772,9 +5346,23 @@ interactions: { "package": { "ecosystem": "PyPI", - "name": "pandas" + "name": "pytz" }, - "version": "0.23.4" + "version": "2025.2" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" }, { "package": { @@ -1789,18 +5377,56 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_resolution_fallback + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 880 + content_length: 2083 body: | { "results": [ {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, { "vulns": [ { @@ -1820,47 +5446,88 @@ interactions: { "vulns": [ { - "id": "GHSA-43qf-4rqw-9q2g", - "modified": "2026-02-04T02:30:19.251090Z" - }, - { - "id": "GHSA-7rxf-gvfg-47g4", - "modified": "2026-02-04T04:27:15.173118Z" - }, - { - "id": "GHSA-84pr-m4jr-85g5", - "modified": "2026-02-04T02:57:32.875272Z" + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" }, { - "id": "GHSA-8vgw-p6qm-5gr7", - "modified": "2026-02-04T02:42:09.564281Z" - }, + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ { - "id": "GHSA-hxwh-jpp2-84pm", - "modified": "2026-02-04T02:15:39.891834Z" + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" }, { - "id": "GHSA-xc3p-ff3m-f46v", - "modified": "2024-09-20T20:01:25.449661Z" + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" }, { - "id": "PYSEC-2020-43", - "modified": "2025-10-09T07:22:50.566622Z" + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" }, { - "id": "PYSEC-2024-71", - "modified": "2025-10-09T08:27:44.186589Z" + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" } ] }, - {}, - {}, - {}, { "vulns": [ { - "id": "PYSEC-2020-73", - "modified": "2023-11-08T04:02:12.263851Z" + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" } ] }, @@ -1869,7 +5536,7 @@ interactions: } headers: Content-Length: - - "880" + - "2083" Content-Type: - application/json status: 200 OK @@ -1879,7 +5546,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 1610 + content_length: 1597 host: api.osv.dev body: | { @@ -1889,7 +5556,7 @@ interactions: "ecosystem": "PyPI", "name": "certifi" }, - "version": "2026.2.25" + "version": "2026.1.4" }, { "package": { @@ -1917,14 +5584,14 @@ interactions: "ecosystem": "PyPI", "name": "flask" }, - "version": "1.0.0" + "version": "1.0" }, { "package": { "ecosystem": "PyPI", "name": "idna" }, - "version": "2.7.0" + "version": "2.7" }, { "package": { @@ -1952,7 +5619,7 @@ interactions: "ecosystem": "PyPI", "name": "pytz" }, - "version": "2026.1.0.post1" + "version": "2025.2" }, { "package": { @@ -1981,7 +5648,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_default + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: @@ -2035,7 +5702,7 @@ interactions: "vulns": [ { "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" + "modified": "2026-02-22T23:32:08.859488Z" }, { "id": "GHSA-m2qf-hxjv-5gpq", @@ -2150,7 +5817,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 1604 + content_length: 1597 host: api.osv.dev body: | { @@ -2160,7 +5827,7 @@ interactions: "ecosystem": "PyPI", "name": "certifi" }, - "version": "2026.2.25" + "version": "2026.1.4" }, { "package": { @@ -2223,7 +5890,7 @@ interactions: "ecosystem": "PyPI", "name": "pytz" }, - "version": "2026.1.post1" + "version": "2025.2" }, { "package": { @@ -2244,7 +5911,7 @@ interactions: "ecosystem": "PyPI", "name": "werkzeug" }, - "version": "3.1.6" + "version": "3.1.5" } ] } @@ -2252,14 +5919,14 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_native_source + - TestCommand_Transitive/uses_native_data_source_for_requirements.txt url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2083 + content_length: 2013 body: | { "results": [ @@ -2304,10 +5971,6 @@ interactions: }, { "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "2025-02-21T05:42:17.337040Z" @@ -2411,7 +6074,7 @@ interactions: } headers: Content-Length: - - "2083" + - "2013" Content-Type: - application/json status: 200 OK diff --git a/docs/configuration.md b/docs/configuration.md index 98fe1acb6ef..01b9a89f0fc 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -96,6 +96,18 @@ ignore = true # ... and so on ``` +## Scan Go Mod Version + +By default, OSV-Scanner does not scan the Go version from `go.mod` files because the `go` directive specifies the minimum required language version, not necessarily the toolchain version used to build or run the project. This can lead to misleading vulnerabilities. + +You can enable scanning the Go version from `go.mod` by setting the `ScanGoModVersion` key to `true`. + +### Example + +```toml +ScanGoModVersion = true +``` + ## Go Version Override Use the `GoVersionOverride` key to override the Go version used for scanning. This is useful when the scanner fails to detect the correct Go version or when you want to force a specific version. diff --git a/docs/github-action.md b/docs/github-action.md index c59f8ca8060..e97b4f69307 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -54,7 +54,7 @@ permissions: jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.3.3" ``` ### View results @@ -97,7 +97,7 @@ permissions: jobs: scan-scheduled: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" ``` As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule). @@ -184,7 +184,7 @@ Examples ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: scan-args: |- --lockfile=./path/to/lockfile1 @@ -196,7 +196,7 @@ jobs: ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: scan-args: |- --recursive @@ -222,7 +222,7 @@ jobs: name: Vulnerability scanning # makes sure the extraction step is completed before running the scanner needs: extract-deps - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: # Download the artifact uploaded in extract-deps step download-artifact: converted-OSV-Scanner-deps @@ -272,7 +272,7 @@ jobs: {target_arch: armhf}, {target_arch: aarch64} ] - uses: "extract/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v2.3.4" + uses: "extract/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v2.3.3" with: download-artifact: "${{ matrix.platform.target_arch }}-OSV-Scanner-deps" matrix-property: "${{ matrix.platform.target_arch }}-" diff --git a/go.mod b/go.mod index f4a03b5cb5b..94defa83025 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/goccy/go-yaml v1.19.2 github.com/google/go-cmp v0.7.0 - github.com/google/osv-scalibr v0.4.6-0.20260312044221-295f3a8e913a + github.com/google/osv-scalibr v0.4.5-0.20260306165454-c7f2e9b7def6 github.com/ianlancetaylor/demangle v0.0.0-20251118225945-96ee0021ea0f github.com/jedib0t/go-pretty/v6 v6.7.8 github.com/modelcontextprotocol/go-sdk v1.4.0 diff --git a/go.sum b/go.sum index f34b2369109..04b3d85fedf 100644 --- a/go.sum +++ b/go.sum @@ -266,8 +266,8 @@ github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932 h1:5/4TSDzpDnHQ8rKEE github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932/go.mod h1:cC6EdPbj/17GFCPDK39NRarlMI+kt+O60S12cNB5J9Y= github.com/google/jsonschema-go v0.4.2 h1:tmrUohrwoLZZS/P3x7ex0WAVknEkBZM46iALbcqoRA8= github.com/google/jsonschema-go v0.4.2/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE= -github.com/google/osv-scalibr v0.4.6-0.20260312044221-295f3a8e913a h1:+gXGa5PHWGU94MoQBgS6MjHrVSuYFtkqHhc59BuMk8k= -github.com/google/osv-scalibr v0.4.6-0.20260312044221-295f3a8e913a/go.mod h1:cNGl//rZ1OcOiFkLXY5DNrhFN7JKMGf4ieQrENUfEZw= +github.com/google/osv-scalibr v0.4.5-0.20260306165454-c7f2e9b7def6 h1:RTPwT3tKKskNVRexMULZw/pHEtW+qMnb40FYRKlQWew= +github.com/google/osv-scalibr v0.4.5-0.20260306165454-c7f2e9b7def6/go.mod h1:cNGl//rZ1OcOiFkLXY5DNrhFN7JKMGf4ieQrENUfEZw= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= diff --git a/internal/config/config.go b/internal/config/config.go index 578eb886af2..65a2a353713 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -15,6 +15,7 @@ type Config struct { IgnoredVulns []*IgnoreEntry `toml:"IgnoredVulns"` PackageOverrides []PackageOverrideEntry `toml:"PackageOverrides"` GoVersionOverride string `toml:"GoVersionOverride"` + ScanGoModVersion bool `toml:"ScanGoModVersion"` // The path to config file that this config was loaded from, // set by the scanner after having successfully parsed the file LoadPath string `toml:"-"` diff --git a/internal/imodels/imodels.go b/internal/imodels/imodels.go index 839c12a99bb..ca023bef4ad 100644 --- a/internal/imodels/imodels.go +++ b/internal/imodels/imodels.go @@ -4,7 +4,6 @@ package imodels import ( "fmt" "strings" - "sync" "github.com/google/osv-scalibr/converter" "github.com/google/osv-scalibr/extractor" @@ -30,52 +29,20 @@ var gitExtractors = map[string]struct{}{ gitrepo.Name: {}, } -// todo: SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete -var cache = sync.Map{} // map[*extractor.Package]*models.PackageInfo - -func setCache(pkg *extractor.Package) { - pi := PackageInfo{Package: pkg} - if SourceType(pi) != models.SourceTypeSBOM { - return - } - - purlStruct := converter.ToPURL(pi.Package) - - if purlStruct == nil { - return - } - - if _, ok := cache.Load(pkg); !ok { - purlCache, _ := purl.ToPackage(purlStruct.String()) - cache.Store(pkg, &purlCache) - } -} - -func getCache(pkg *extractor.Package) *models.PackageInfo { - pi := PackageInfo{Package: pkg} - if SourceType(pi) != models.SourceTypeSBOM { - return nil - } - - v, ok := cache.Load(pkg) - - if !ok || v == nil { - return nil - } - - return v.(*models.PackageInfo) -} - // PackageInfo provides getter functions for commonly used fields of inventory // and applies transformations when required for use in osv-scanner type PackageInfo struct { *extractor.Package + + // purlCache is used to cache the special case for SBOMs where we convert Name, Version, and Ecosystem from purls + // extracted from the SBOM + purlCache *models.PackageInfo } func Name(pkg PackageInfo) string { // TODO(v2): SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete - if purlCache := getCache(pkg.Package); purlCache != nil { - return purlCache.Name + if pkg.purlCache != nil { + return pkg.purlCache.Name } // --- Make specific patches to names as necessary --- @@ -134,8 +101,8 @@ func Ecosystem(pkg PackageInfo) osvecosystem.Parsed { } // TODO(v2): SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete - if purlCache := getCache(pkg.Package); purlCache != nil { - newEco, err := osvecosystem.Parse(purlCache.Ecosystem) + if pkg.purlCache != nil { + newEco, err := osvecosystem.Parse(pkg.purlCache.Ecosystem) if err != nil { cmdlogger.Warnf("Warning: error parsing osvscanner.json ecosystem: %s", err.Error()) return eco @@ -149,8 +116,8 @@ func Ecosystem(pkg PackageInfo) osvecosystem.Parsed { func Version(pkg PackageInfo) string { // TODO(v2): SBOM special case, to be removed after PURL to ESI conversion within each extractor is complete - if purlCache := getCache(pkg.Package); purlCache != nil { - return purlCache.Version + if pkg.purlCache != nil { + return pkg.purlCache.Version } // Assume Go stdlib patch version as the latest version @@ -235,8 +202,13 @@ func OSPackageName(pkg PackageInfo) string { // FromPackage converts an extractor.Package into a PackageInfo. func FromPackage(pkg *extractor.Package) PackageInfo { pi := PackageInfo{Package: pkg} - - setCache(pkg) + if SourceType(pi) == models.SourceTypeSBOM { + purlStruct := converter.ToPURL(pi.Package) + if purlStruct != nil { + purlCache, _ := purl.ToPackage(purlStruct.String()) + pi.purlCache = &purlCache + } + } return pi } diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap index 1f7c79c5f5c..01a90f591b1 100755 --- a/internal/output/__snapshots__/sarif_test.snap +++ b/internal/output/__snapshots__/sarif_test.snap @@ -212,7 +212,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -262,7 +262,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -312,7 +312,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -362,7 +362,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -412,7 +412,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -462,7 +462,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -512,7 +512,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -562,7 +562,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -612,7 +612,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -662,7 +662,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -712,7 +712,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -762,7 +762,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -812,7 +812,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -862,7 +862,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -912,7 +912,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -962,7 +962,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1012,7 +1012,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1062,7 +1062,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1291,7 +1291,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1520,7 +1520,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1749,7 +1749,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1868,7 +1868,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -1918,7 +1918,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2037,7 +2037,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2156,7 +2156,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2275,7 +2275,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2394,7 +2394,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -2762,7 +2762,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3130,7 +3130,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3180,7 +3180,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3409,7 +3409,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -3777,7 +3777,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4145,7 +4145,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4513,7 +4513,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4563,7 +4563,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4613,7 +4613,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4663,7 +4663,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4713,7 +4713,7 @@ "rules": [], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -4888,7 +4888,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5007,7 +5007,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5126,7 +5126,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5245,7 +5245,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5364,7 +5364,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5483,7 +5483,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5639,7 +5639,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5795,7 +5795,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -5951,7 +5951,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6070,7 +6070,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6189,7 +6189,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6364,7 +6364,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6483,7 +6483,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, @@ -6647,7 +6647,7 @@ ], "supportedTaxonomies": [], "taxa": [], - "version": "2.3.4" + "version": "2.3.3" }, "extensions": [] }, diff --git a/internal/spdx/licenses.go b/internal/spdx/licenses.go index b57ef8788c1..94ffc3dbef0 100644 --- a/internal/spdx/licenses.go +++ b/internal/spdx/licenses.go @@ -69,7 +69,6 @@ var IDs = map[string]bool{ "blueoak-1.0.0": true, "boehm-gc": true, "boehm-gc-without-fee": true, - "bola-1.1": true, "borceux": true, "brian-gladman-2-clause": true, "brian-gladman-3-clause": true, @@ -564,7 +563,6 @@ var IDs = map[string]bool{ "opl-1.0": true, "opl-uk-3.0": true, "opubl-1.0": true, - "osc-1.0": true, "oset-pl-2.1": true, "osl-1.0": true, "osl-1.1": true, diff --git a/internal/version/version.go b/internal/version/version.go index 4556d26ba14..d407dac6f28 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -2,4 +2,4 @@ package version // OSVVersion is the current release version, you should update this variable when doing a release -const OSVVersion = "2.3.4" +const OSVVersion = "2.3.3" diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index f60a827fa27..1c2786ef2a2 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -216,7 +216,7 @@ func DoScan(actions ScannerActions) (models.VulnerabilityResults, error) { filterIgnoredPackages(&scanResult) // ----- Custom Overrides ----- - overrideGoVersion(&scanResult) + filterAndOverrideGoVersion(&scanResult) // --- Make Vulnerability Requests --- if accessors.VulnMatcher != nil { @@ -306,11 +306,10 @@ func DoContainerScan(actions ScannerActions) (models.VulnerabilityResults, error }() capabilities := &plugin.Capabilities{ - DirectFS: true, - RunningSystem: false, - Network: plugin.NetworkOnline, - OS: plugin.OSLinux, - AllowUnsafePlugins: true, + DirectFS: true, + RunningSystem: false, + Network: plugin.NetworkOnline, + OS: plugin.OSLinux, } if actions.CompareOffline { @@ -318,7 +317,6 @@ func DoContainerScan(actions ScannerActions) (models.VulnerabilityResults, error } plugins = plugin.FilterByCapabilities(plugins, capabilities) - logUnsafePlugins(plugins) // --- Do Scalibr Scan --- scanner := scalibr.New() @@ -533,16 +531,49 @@ func makeVulnRequestWithMatcher( return nil } -// Overrides Go version using osv-scanner.toml -func overrideGoVersion(scanResults *results.ScanResults) { +// Filters out Go version or Overrides it using osv-scanner.toml +func filterAndOverrideGoVersion(scanResults *results.ScanResults) { + // Filter package scan results + scanResults.PackageScanResults = slices.DeleteFunc(scanResults.PackageScanResults, func(pkg imodels.PackageInfo) bool { + if imodels.Name(pkg) == "stdlib" && imodels.Ecosystem(pkg).Ecosystem == osvconstants.EcosystemGo { + configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) + + return !configToUse.ScanGoModVersion + } + + return false + }) + + // Override versions for the remaining stdlib packages for i, pkg := range scanResults.PackageScanResults { if imodels.Name(pkg) == "stdlib" && imodels.Ecosystem(pkg).Ecosystem == osvconstants.EcosystemGo { configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) if configToUse.GoVersionOverride != "" { scanResults.PackageScanResults[i].Version = configToUse.GoVersionOverride } + } + } + + // Filter inventory packages + scanResults.Inventory.Packages = slices.DeleteFunc(scanResults.Inventory.Packages, func(pkg *extractor.Package) bool { + if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { + pi := imodels.FromPackage(pkg) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) - continue + return !configToUse.ScanGoModVersion + } + + return false + }) + + // Override versions for remaining inventory packages + for i, pkg := range scanResults.Inventory.Packages { + if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { + pi := imodels.FromPackage(pkg) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + if configToUse.GoVersionOverride != "" { + scanResults.Inventory.Packages[i].Version = configToUse.GoVersionOverride + } } } } diff --git a/pkg/osvscanner/scan.go b/pkg/osvscanner/scan.go index bb311623049..cfa947ee25f 100644 --- a/pkg/osvscanner/scan.go +++ b/pkg/osvscanner/scan.go @@ -32,14 +32,6 @@ import ( var ErrExtractorNotFound = errors.New("could not determine extractor suitable to this file") -func logUnsafePlugins(plugins []plugin.Plugin) { - for _, plug := range plugins { - if plug.Requirements() != nil && plug.Requirements().AllowUnsafePlugins { - cmdlogger.Warnf("Warning: plugin %s can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.", plug.Name()) - } - } -} - func configurePlugins(plugins []plugin.Plugin, accessors ExternalAccessors, actions ScannerActions) { for _, plug := range plugins { vendored.Configure(plug, vendored.Config{ @@ -220,25 +212,21 @@ SBOMLoop: return nil, fmt.Errorf("failed to parse exclude patterns: %w", err) } - capabilities := plugin.Capabilities{ - DirectFS: true, - RunningSystem: true, - Network: plugin.NetworkOnline, - OS: osCapability, - AllowUnsafePlugins: true, - } - - if actions.CompareOffline { - capabilities.Network = plugin.NetworkOffline - } - - filteredPlugins := append(plugin.FilterByCapabilities(plugins, &capabilities), gitDirectPlugin) - logUnsafePlugins(filteredPlugins) - // For each root, run scalibr's scan() once. for root, paths := range rootMap { + capabilities := plugin.Capabilities{ + DirectFS: true, + RunningSystem: true, + Network: plugin.NetworkOnline, + OS: osCapability, + } + + if actions.CompareOffline { + capabilities.Network = plugin.NetworkOffline + } + sr := scanner.Scan(context.Background(), &scalibr.ScanConfig{ - Plugins: filteredPlugins, + Plugins: append(plugin.FilterByCapabilities(plugins, &capabilities), gitDirectPlugin), Capabilities: &capabilities, ScanRoots: fs.RealFSScanRoots(root), PathsToExtract: paths,