From a3aaaa2d0d3aa8493d521be71b20b9eae5d04fe5 Mon Sep 17 00:00:00 2001 From: Xueqin Cui Date: Tue, 14 Apr 2026 14:52:47 +1000 Subject: [PATCH 1/4] refacotor: remove unsafe plugin warning --- cmd/osv-scanner/__snapshots__/main_test.snap | 3 - .../scan/__snapshots__/command_test.snap | 3 - .../source/__snapshots__/command_test.snap | 128 ------------------ pkg/osvscanner/osvscanner.go | 1 - pkg/osvscanner/scan.go | 9 -- 5 files changed, 144 deletions(-) diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 19423c2a7d4..0697ca2ccd3 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -61,7 +61,6 @@ built at: n/a Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -75,7 +74,6 @@ Warning: `scan` exists as both a subcommand of OSV-Scanner and as a file on the [Test_run_SubCommands/with_no_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -88,7 +86,6 @@ No issues found [Test_run_SubCommands/with_scan_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found diff --git a/cmd/osv-scanner/scan/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/__snapshots__/command_test.snap index a224271885f..5cc2e669135 100755 --- a/cmd/osv-scanner/scan/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/__snapshots__/command_test.snap @@ -3,7 +3,6 @@ Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -39,7 +38,6 @@ OPTIONS: [TestCommand_SubCommands/with_no_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -52,7 +50,6 @@ No issues found [TestCommand_SubCommands/with_scan_subcommand - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 5bdb7a12589..f0fbce2279f 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -3,7 +3,6 @@ Scanning dir ./testdata/locks-gitignore Scanned /testdata/locks-gitignore/Gemfile.lock file and found 1 package Scanned /testdata/locks-gitignore/subdir/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -28,7 +27,6 @@ No issues found [TestCommand/Empty_cyclonedx_1.4_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -48,7 +46,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_cyclonedx_1.5_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -60,7 +57,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_gh-annotations_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -119,7 +115,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_sarif_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -161,7 +156,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Empty_spdx_2.3_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -169,7 +163,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml [TestCommand/Go_project_with_an_overridden_go_version - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -185,7 +178,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package Scanned /testdata/go-project/nested/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -200,7 +192,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/Go_project_with_an_overridden_go_version_and_licences - 1] Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -220,7 +211,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/PURL_SBOM_case_sensitivity_(api) - 1] Scanning dir ./testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. @@ -400,7 +390,6 @@ Total 2 packages affected by 11 known vulnerabilities (3 Critical, 6 High, 2 Med [TestCommand/Sarif_with_vulns - 2] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -410,7 +399,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -425,7 +413,6 @@ No issues found Scanning dir ./testdata/locks-many-with-invalid Scanned /testdata/locks-many-with-invalid/Gemfile.lock file and found 1 package Scanned /testdata/locks-many-with-invalid/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. @@ -452,7 +439,6 @@ Scanned /testdata/locks-many-with-insecure/composer.lock file and found Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package Scanned /testdata/locks-many-with-insecure/yarn.lock file and found 1 package Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Package npm/has-flag/4.0.0 has been filtered out because: (no reason given) Package npm/wrappy/1.0.2 has been filtered out because: (no reason given) @@ -538,7 +524,6 @@ Total 6 packages affected by 10 known vulnerabilities (2 Critical, 2 High, 2 Med [TestCommand/config_file_is_invalid - 1] Scanning dir ./testdata/config-invalid Scanned /testdata/config-invalid/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. @@ -568,7 +553,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. ./testdata/osv-scanner-duplicate-config.toml has unused ignores: - GO-2022-0274 - GO-2022-0274 @@ -674,7 +658,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -769,7 +752,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -777,7 +759,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -791,7 +772,6 @@ No issues found Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -814,7 +794,6 @@ failed to parse exclude patterns: invalid regex pattern "[invalid": error parsin Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -828,7 +807,6 @@ No issues found Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -841,7 +819,6 @@ No issues found [TestCommand/exclude_with_regex_pattern - 1] Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -854,7 +831,6 @@ No issues found [TestCommand/folder_of_supported_sbom_with_only_unimportant - 1] Scanning dir ./testdata/sbom-insecure/only-unimportant.spdx.json Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -869,7 +845,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand/folder_of_supported_sbom_with_only_unimportant#01 - 1] Scanning dir ./testdata/sbom-insecure/only-unimportant.spdx.json Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -896,7 +871,6 @@ Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 pac Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 10 local/unscannable package/s from the scan. Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 56 Medium, 4 Low, 23 Unknown) from 4 ecosystems. @@ -1130,13 +1104,11 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5 [TestCommand/gh-annotations_with_vulns - 2] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. ::error file=testdata/locks-many-with-insecure/package-lock.json::testdata/locks-many-with-insecure/package-lock.json%0A+-----------+-------------------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+-----------+-------------------------------------+------+-----------------+---------------+%0A| ansi-html | https://osv.dev/GHSA-whgm-jr23-g3j9 | 7.5 | 0.0.1 | 0.0.8 |%0A+-----------+-------------------------------------+------+-----------------+---------------+ --- [TestCommand/go_packages_in_osv-scanner.json_format - 1] Scanned /testdata/locks-insecure/osv-scanner.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 24 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 24 Unknown) from 1 ecosystem. 24 vulnerabilities can be fixed. @@ -1229,7 +1201,6 @@ Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Packagist/sentry/sdk/2.0.4 has been filtered out because: (no reason given) Filtered 1 ignored package/s from the scan. GHSA-whgm-jr23-g3j9 and 1 alias have been filtered out because: (no reason given) @@ -1253,7 +1224,6 @@ Scanned /testdata/locks-gitignore/subdir/Gemfile.lock file and found 1 Scanned /testdata/locks-gitignore/subdir/composer.lock file and found 1 package Scanned /testdata/locks-gitignore/subdir/yarn.lock file and found 1 package Scanned /testdata/locks-gitignore/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -1288,7 +1258,6 @@ invalid verbosity level "unknown" - must be one of: error, warn, info [TestCommand/json_output - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml --- @@ -1297,7 +1266,6 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/nested/composer.lock file and found 1 package Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -1320,7 +1288,6 @@ failed to resolve path: stat /testdata/locks-none-does-not-exist: no su [TestCommand/no_lockfiles_with_recursion_and_with_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none Scanned /testdata/locks-none/nested/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -1333,7 +1300,6 @@ No issues found [TestCommand/no_lockfiles_with_recursion_but_without_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none Scanned /testdata/locks-none/nested/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -1345,7 +1311,6 @@ No issues found [TestCommand/no_lockfiles_without_recursion_but_with_allow_flag_are_fine - 1] Scanning dir ./testdata/locks-none -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No package sources found No issues found @@ -1358,7 +1323,6 @@ No issues found [TestCommand/no_lockfiles_without_recursion_or_allow_flag_give_an_error - 1] Scanning dir ./testdata/locks-none -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1391,7 +1355,6 @@ could not determine extractor, requested spdx [TestCommand/one_specific_supported_lockfile - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1405,7 +1368,6 @@ No issues found [TestCommand/one_specific_supported_lockfile_with_ignore - 1] Scanning dir ./testdata/locks-test-ignore/package-lock.json Scanned /testdata/locks-test-ignore/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-test-ignore/osv-scanner-test.toml CVE-2021-23424 and 1 alias have been filtered out because: Test manifest file (package-lock.json) Filtered 1 vulnerability from output @@ -1421,7 +1383,6 @@ No issues found [TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1435,7 +1396,6 @@ No issues found [TestCommand/one_specific_supported_sbom_with_duplicate_PURLs - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. @@ -1459,7 +1419,6 @@ Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_duplicate_PURLs_using_-L_flag - 1] Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. @@ -1484,7 +1443,6 @@ Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_invalid_PURLs - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 7 local/unscannable package/s from the scan. No issues found @@ -1497,7 +1455,6 @@ No issues found [TestCommand/one_specific_supported_sbom_with_invalid_PURLs_using_-L_flag - 1] Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 7 local/unscannable package/s from the scan. No issues found @@ -1511,7 +1468,6 @@ No issues found [TestCommand/one_specific_supported_sbom_with_vulns - 1] Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. @@ -1535,7 +1491,6 @@ Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medi [TestCommand/one_specific_supported_sbom_with_vulns_using_-L_flag - 1] Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. @@ -1559,7 +1514,6 @@ Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medi [TestCommand/one_specific_unsupported_lockfile - 1] Scanning dir ./testdata/locks-many/not-a-lockfile.toml -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1571,7 +1525,6 @@ No package sources found, --help for usage information. [TestCommand/only_the_files_in_the_given_directories_are_checked_by_default_(no_recursion) - 1] Scanning dir ./testdata/locks-one-with-nested Scanned /testdata/locks-one-with-nested/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -1584,7 +1537,6 @@ No issues found [TestCommand/output_format:_markdown_table - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -1879,7 +1831,6 @@ Scanning dir ./testdata/locks-insecure Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -1896,7 +1847,6 @@ No issues found [TestCommand/verbosity_level_=_info - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -1910,7 +1860,6 @@ No issues found [TestCommandNonGit/one_specific_supported_lockfile - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -1924,7 +1873,6 @@ No issues found [TestCommand_CallAnalysis/Run_with_govulncheck - 1] Scanning dir ./testdata/call-analysis-go-project Scanned /testdata/call-analysis-go-project/go.mod file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -1947,7 +1895,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, [TestCommand_CallAnalysis/Run_with_govulncheck_all_uncalled - 1] Scanning dir ./testdata/call-analysis-go-project-all-uncalled Scanned /testdata/call-analysis-go-project-all-uncalled/go.mod file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -1964,7 +1911,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_CallAnalysis/Run_with_govulncheck_all_uncalled_but_enabled_all-vulns_flag - 1] Scanning dir ./testdata/call-analysis-go-project-all-uncalled Scanned /testdata/call-analysis-go-project-all-uncalled/go.mod file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package Go/stdlib/1.19.99 has been filtered out because: Just want to test actual packages Filtered 1 ignored package/s from the scan. @@ -2036,7 +1982,6 @@ Total 8 packages affected by 30 known vulnerabilities (2 Critical, 10 High, 12 M [TestCommand_CommitSupport/online_uses_git_commits - 1] Scanned /testdata/locks-git/osv-scanner.json file and found 11 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 9 packages affected by 140 known vulnerabilities (20 Critical, 51 High, 58 Medium, 5 Low, 6 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -2195,7 +2140,6 @@ Total 9 packages affected by 140 known vulnerabilities (20 Critical, 51 High, 58 [TestCommand_Config_UnusedIgnores/unused_ignores_are_reported_with_specific_config_and_file - 1] Scanning dir testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2230,7 +2174,6 @@ Scanned /testdata/sbom-insecure/bad-purls.cdx.xml file and found 15 pac Scanned /testdata/sbom-insecure/only-unimportant.spdx.json file and found 1 package Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 10 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2463,7 +2406,6 @@ Scanning dir testdata/sbom-insecure/alpine.cdx.xml Scanning dir testdata/sbom-insecure/postgres-stretch.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found 136 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 2 local/unscannable package/s from the scan. CVE-2025-26519 and 1 alias have been filtered out because: (no reason given) CVE-2018-25032 and 1 alias have been filtered out because: (no reason given) @@ -2695,7 +2637,6 @@ flag needs an argument: --experimental-plugins= --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_specified_individually - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2705,7 +2646,6 @@ No package sources found, --help for usage information. --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_specified_together - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2715,7 +2655,6 @@ No package sources found, --help for usage information. --- [TestCommand_ExplicitExtractors_WithDefaults/extractors_cancelled_out_with_presets - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -2730,7 +2669,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2747,7 +2685,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2764,7 +2701,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -2783,7 +2719,6 @@ Scanning dir ./testdata/locks-many Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2800,7 +2735,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2814,7 +2748,6 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_different_extractor_enabled - 1] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2828,7 +2761,6 @@ No issues found [TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_specific_extractor_enabled - 1] Scanning dir ./testdata/locks-many/package-lock.json Scanned /testdata/locks-many/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -2935,7 +2867,6 @@ Scanning dir ./testdata/locks-many Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -3029,7 +2960,6 @@ could not determine extractor, requested package-lock.json [TestCommand_Filter/Show_all_Packages_with_empty_config - 2] Scanned /testdata/locks-insecure/osv-scanner-with-unscannables.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. --- @@ -3050,7 +2980,6 @@ Filtered 1 local/unscannable package/s from the scan. [TestCommand_FlagDeprecatedPackages/package_deprecated_false_no_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/clean/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/clean/Cargo.lock file and found 5 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -3087,7 +3016,6 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_FlagDeprecatedPackages/package_deprecated_npm_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-npm/package-lock.json Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-npm/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -3124,14 +3052,12 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_FlagDeprecatedPackages/package_deprecated_true_no_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock file and found 36 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_FlagDeprecatedPackages/package_deprecated_true_no_vuln_table - 1] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-novuln/Cargo.lock file and found 36 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3192,14 +3118,12 @@ Total 1 package deprecated. [TestCommand_FlagDeprecatedPackages/package_deprecated_true_with_vuln_json - 2] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock file and found 7 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_FlagDeprecatedPackages/package_deprecated_true_with_vuln_table - 1] Scanning dir ./testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock Scanned /testdata/exp-plugins-pkgdeprecate/deprecated-vuln/Cargo.lock file and found 7 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -3230,7 +3154,6 @@ Total 1 package deprecated. [TestCommand_GithubActions/scanning_osv-scanner_custom_format - 1] Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3434,13 +3357,11 @@ Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Mediu [TestCommand_GithubActions/scanning_osv-scanner_custom_format_output_json - 2] Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_GithubActions/scanning_osv-scanner_custom_format_with_git_tag - 1] Scanned /testdata/locks-insecure/osv-scanner-custom-git-tag.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3565,7 +3486,6 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne [TestCommand_HtmlFile - 2] Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml HTML output available at: /report.html @@ -3579,7 +3499,6 @@ HTML output available at: /report.html Warning: --output has been deprecated in favor of --output-file Scanning dir ./testdata/locks-many/composer.lock Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml HTML output available at: /report.html @@ -3589,7 +3508,6 @@ HTML output available at: /report.html Scanning dir ./testdata/artifact/javareach_test.jar Java reachability enricher marked 14 packages as unreachable Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. failed to download package err jar not found: https://repo1.maven.org/maven2/com/example/hello-tester/1.0-SNAPSHOT/hello-tester-1.0-SNAPSHOT.jar Total 4 packages affected by 55 known vulnerabilities (18 Critical, 29 High, 6 Medium, 2 Low, 0 Unknown) from 1 ecosystem. @@ -3673,7 +3591,6 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 29 High, 6 M [TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis_and_disabled_enricher - 1] Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. 60 vulnerabilities can be fixed. @@ -3753,7 +3670,6 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 M [TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis - 1] Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. 60 vulnerabilities can be fixed. @@ -3860,14 +3776,12 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 M [TestCommand_Licenses/Licenses_in_summary_mode_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/Licenses_with_expressions - 1] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. overriding license for package npm/babel/6.23.0 with MIT AND (LGPL-2.1-or-later OR BSD-3-Clause) overriding license for package npm/human-signals/5.0.0 with LGPL-2.1-only OR MIT OR BSD-3-Clause overriding license for package npm/ms/2.1.3 with MIT WITH Bison-exception-2.2 @@ -3898,7 +3812,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_Licenses/Licenses_with_invalid_expression_in_config - 1] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. overriding license for package npm/babel/6.23.0 with MIT AND (LGPL-2.1-or-later OR BSD-3-Clause)) overriding license for package npm/human-signals/5.0.0 with LGPL-2.1-only OR OR BSD-3-Clause overriding license for package npm/ms/2.1.3 with MIT WITH (Bison-exception-2.2 AND somethingelse) @@ -4020,14 +3933,12 @@ license MIT WITH (Bison-exception-2.2 AND somethingelse) for package npm/ms/2.1. [TestCommand_Licenses/No_license_violations_and_show-all-packages_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/No_vulnerabilities_but_license_violations_with_allowlist - 1] Scanning dir ./testdata/locks-many/yarn.lock Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -4055,7 +3966,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -4081,7 +3991,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. @@ -4178,7 +4087,6 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi [TestCommand_Licenses/Show_all_Packages_with_license_summary_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -4192,7 +4100,6 @@ Scanned /testdata/locks-many/Gemfile.lock file and found 1 package Scanned /testdata/locks-many/composer.lock file and found 1 package Scanned /testdata/locks-many/package-lock.json file and found 1 package Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Package npm/has-flag/4.0.0 has been filtered out because: (no reason given) Package npm/wrappy/1.0.2 has been filtered out because: (no reason given) Package npm/ansi-html/0.0.8 has been filtered out because: (no reason given) @@ -4315,7 +4222,6 @@ Total 1 package affected by 1 known vulnerability (1 Critical, 0 High, 0 Medium, [TestCommand_Licenses/Some_packages_with_license_violations_and_show-all-packages_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -4373,14 +4279,12 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a [TestCommand_Licenses/Some_packages_with_license_violations_in_json - 2] Scanning dir ./testdata/locks-licenses/package-lock.json Scanned /testdata/locks-licenses/package-lock.json file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- [TestCommand_Licenses/Vulnerabilities_and_all_license_violations_allowlisted - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -4405,7 +4309,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, [TestCommand_Licenses/Vulnerabilities_and_license_summary - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -4430,7 +4333,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, [TestCommand_Licenses/Vulnerabilities_and_license_violations_with_allowlist - 1] Scanning dir ./testdata/locks-many-with-insecure/package-lock.json Scanned /testdata/locks-many-with-insecure/package-lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5398,7 +5300,6 @@ could not load db for PyPI ecosystem: unable to fetch OSV database: no offline v [TestCommand_LockfileWithExplicitParseAs/"apk-installed"_is_supported - 1] Scanned /testdata/locks-many/installed file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5411,7 +5312,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/"dpkg-status"_is_supported - 1] Scanned /testdata/locks-many/status file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5424,7 +5324,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/absolute_paths_are_automatically_escaped_on_windows - 1] Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5447,7 +5346,6 @@ extraction failed on specified lockfile [TestCommand_LockfileWithExplicitParseAs/absolute_paths_work_with_explicit_escaping - 1] Scanned /testdata/locks-many/yarn.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5460,7 +5358,6 @@ No issues found [TestCommand_LockfileWithExplicitParseAs/empty_is_default - 1] Scanned /testdata/locks-many/composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /testdata/locks-many/osv-scanner-test.toml No issues found @@ -5507,7 +5404,6 @@ Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/my-yarn.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 3 vulnerabilities can be fixed. @@ -5533,7 +5429,6 @@ Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/my-yarn.lock file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 3 vulnerabilities can be fixed. @@ -5554,7 +5449,6 @@ Total 3 packages affected by 3 known vulnerabilities (1 Critical, 2 High, 0 Medi [TestCommand_LockfileWithExplicitParseAs/one_lockfile_with_local_path - 1] Scanned /testdata/locks-many/replace-local.mod file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Filtered 1 local/unscannable package/s from the scan. No issues found @@ -5590,7 +5484,6 @@ Scanned /testdata/locks-insecure/bun.lock file and found 2 packages Scanned /testdata/locks-insecure/composer.lock file and found 1 package Scanned /testdata/locks-insecure/my-package-lock.json file and found 1 package Scanned /testdata/locks-insecure/osv-scanner-custom.json file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 2 known vulnerabilities (1 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 2 ecosystems. 2 vulnerabilities can be fixed. @@ -5609,7 +5502,6 @@ Total 2 packages affected by 2 known vulnerabilities (1 Critical, 1 High, 0 Medi --- [TestCommand_MoreLockfiles/Package.resolved_-_Unsupported_ecosystem,_should_not_be_scanned - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5619,7 +5511,6 @@ could not determine extractor suitable to this file: "/testdata/locks-s --- [TestCommand_MoreLockfiles/Podfile.lock_-_Unsupported_ecosystem,_should_not_be_scanned - 1] -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5630,7 +5521,6 @@ could not determine extractor suitable to this file: "/testdata/locks-s [TestCommand_MoreLockfiles/cabal.project.freeze - 1] Scanned /testdata/locks-scalibr/cabal.project.freeze file and found 6 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5649,7 +5539,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/depsjson - 1] Scanned /testdata/locks-scalibr/depsjson file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5668,7 +5557,6 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/gems.locked - 1] Scanned /testdata/locks-scalibr/gems.locked file and found 26 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medium, 0 Low, 3 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5692,7 +5580,6 @@ Total 2 packages affected by 6 known vulnerabilities (0 Critical, 2 High, 1 Medi [TestCommand_MoreLockfiles/packages.config - 1] Scanned /testdata/locks-scalibr/packages.config file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -5704,7 +5591,6 @@ No issues found [TestCommand_MoreLockfiles/packages.lock.json - 1] Scanned /testdata/locks-scalibr/packages.lock.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -5716,7 +5602,6 @@ No issues found [TestCommand_MoreLockfiles/stack.yaml.lock - 1] Scanned /testdata/locks-scalibr/stack.yaml.lock file and found 4 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. No issues found @@ -5728,7 +5613,6 @@ No issues found [TestCommand_MoreLockfiles/uv.lock - 1] Scanned /testdata/locks-scalibr/uv.lock file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 2 known vulnerabilities (0 Critical, 2 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 2 vulnerabilities can be fixed. @@ -5767,7 +5651,6 @@ No package sources found, --help for usage information. [TestCommand_Transitive/pom.xml_multiple_registries - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5803,7 +5686,6 @@ No issues found [TestCommand_Transitive/pom.xml_non_utf8_encoding - 1] Scanned /testdata/maven-transitive/encoding.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 1 vulnerability can be fixed. @@ -5836,7 +5718,6 @@ No issues found [TestCommand_Transitive/pom.xml_transitive_default - 1] Scanning dir ./testdata/maven-transitive/pom.xml Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 5 vulnerabilities can be fixed. @@ -5859,7 +5740,6 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu [TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - 1] Scanned /testdata/maven-transitive/abc.xml file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 5 vulnerabilities can be fixed. @@ -5882,7 +5762,6 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu [TestCommand_Transitive/pom.xml_transitive_native_source - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 6 vulnerabilities can be fixed. @@ -5906,7 +5785,6 @@ Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medi [TestCommand_Transitive/requirements.txt_enricher_requires_extractor - 1] Scanning dir ./testdata/locks-requirements/requirements-transitive.txt -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. --- @@ -5985,7 +5863,6 @@ Total 3 packages affected by 13 known vulnerabilities (1 Critical, 4 High, 7 Med [TestCommand_Transitive/requirements.txt_resolution_fallback - 1] Scanning dir ./testdata/locks-requirements/unresolvable-requirements.txt Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 9 vulnerabilities can be fixed. @@ -6015,7 +5892,6 @@ Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medi [TestCommand_Transitive/requirements.txt_transitive_default - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 23 vulnerabilities can be fixed. @@ -6063,7 +5939,6 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me [TestCommand_Transitive/requirements.txt_transitive_native_source - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem. 23 vulnerabilities can be fixed. @@ -6155,7 +6030,6 @@ No issues found Scanning dir /composer.lock Command "ssh -V": exit status 1 Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -6169,7 +6043,6 @@ No issues found [TestCommand_WithDetector_OnLinux/ssh_version_is_after_last_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -6183,7 +6056,6 @@ No issues found [TestCommand_WithDetector_OnLinux/ssh_version_is_before_first_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 430d40cfd84..02ae79f3797 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -313,7 +313,6 @@ func DoContainerScan(actions ScannerActions) (models.VulnerabilityResults, error } plugins = plugin.FilterByCapabilities(plugins, capabilities) - logUnsafePlugins(plugins) // --- Do Scalibr Scan --- scanner := scalibr.New() diff --git a/pkg/osvscanner/scan.go b/pkg/osvscanner/scan.go index bb311623049..dfe113b67eb 100644 --- a/pkg/osvscanner/scan.go +++ b/pkg/osvscanner/scan.go @@ -32,14 +32,6 @@ import ( var ErrExtractorNotFound = errors.New("could not determine extractor suitable to this file") -func logUnsafePlugins(plugins []plugin.Plugin) { - for _, plug := range plugins { - if plug.Requirements() != nil && plug.Requirements().AllowUnsafePlugins { - cmdlogger.Warnf("Warning: plugin %s can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.", plug.Name()) - } - } -} - func configurePlugins(plugins []plugin.Plugin, accessors ExternalAccessors, actions ScannerActions) { for _, plug := range plugins { vendored.Configure(plug, vendored.Config{ @@ -233,7 +225,6 @@ SBOMLoop: } filteredPlugins := append(plugin.FilterByCapabilities(plugins, &capabilities), gitDirectPlugin) - logUnsafePlugins(filteredPlugins) // For each root, run scalibr's scan() once. for root, paths := range rootMap { From 869360d1245e3d4ae8ec5bf4f8e53e026301bbd3 Mon Sep 17 00:00:00 2001 From: Xueqin Cui Date: Tue, 14 Apr 2026 16:06:35 +1000 Subject: [PATCH 2/4] snapshot --- .../scan/source/__snapshots__/command_test.snap | 7 ------- 1 file changed, 7 deletions(-) diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index f0fbce2279f..2da55f5258e 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -3420,8 +3420,6 @@ Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Me [TestCommand_HomebrewWithAnnotators/homebrew_extractor_explicitly_enabled_with_annotator - 1] Scanning dir ./testdata/homebrew/Cellar/ Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/INSTALL_RECEIPT.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. - Scanning Result (package view): Total 1 package affected by 5 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 5 Unknown) from 1 ecosystem. @@ -3452,8 +3450,6 @@ Scanning dir ./testdata/homebrew/Cellar/ Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/.brew/libssh2.rb file and found 0 packages Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/.brew/libssh2.rb file and found 0 packages Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/INSTALL_RECEIPT.json file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. - Scanning Result (package view): Total 1 package affected by 5 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 5 Unknown) from 1 ecosystem. @@ -5987,7 +5983,6 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me [TestCommand_WithDetector_OffLinux/ssh_version_errors - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -6001,7 +5996,6 @@ No issues found [TestCommand_WithDetector_OffLinux/ssh_version_is_after_last_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found @@ -6015,7 +6009,6 @@ No issues found [TestCommand_WithDetector_OffLinux/ssh_version_is_before_first_vuln_version - 1] Scanning dir /composer.lock Scanned /composer.lock file and found 1 package -Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding. Loaded filter from: /osv-scanner-test.toml No issues found From ff663d8487563b60d1d177c6a1217d4dc7fd5f77 Mon Sep 17 00:00:00 2001 From: Xueqin Cui Date: Tue, 14 Apr 2026 17:40:43 +1000 Subject: [PATCH 3/4] snapshot --- cmd/osv-scanner/scan/source/__snapshots__/command_test.snap | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 2da55f5258e..2a43088fdbf 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -3421,6 +3421,7 @@ Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Me Scanning dir ./testdata/homebrew/Cellar/ Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/INSTALL_RECEIPT.json file and found 1 package + Scanning Result (package view): Total 1 package affected by 5 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 5 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. @@ -3451,6 +3452,7 @@ Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/.brew/libssh2.rb file Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/.brew/libssh2.rb file and found 0 packages Scanned /testdata/homebrew/Cellar/libssh2/1.11.1/INSTALL_RECEIPT.json file and found 1 package + Scanning Result (package view): Total 1 package affected by 5 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 5 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. From a613b3206a619f1336288036b94687e2bcef91c4 Mon Sep 17 00:00:00 2001 From: Joey L Date: Thu, 23 Apr 2026 23:18:05 +0000 Subject: [PATCH 4/4] fix tests + update snapshots --- .../fix/__snapshots__/command_test.snap | 116 +- .../image/__snapshots__/command_test.snap | 608 +++-- ...mmand_ExplicitExtractors_WithDefaults.yaml | 4 +- ...nd_ExplicitExtractors_WithoutDefaults.yaml | 4 +- .../cassettes/TestCommand_OCIImage.yaml | 2195 ++++++++++++----- .../TestCommand_OCIImage_JSONFormat.yaml | 1338 +++++++--- .../ubuntu20-04-unimportant-config.toml | 11 + .../source/__snapshots__/command_test.snap | 280 ++- .../testdata/cassettes/TestCommand.yaml | 515 +++- .../cassettes/TestCommand_CallAnalysis.yaml | 20 +- .../cassettes/TestCommand_CommitSupport.yaml | 825 +------ .../TestCommand_Config_UnusedIgnores.yaml | 216 +- .../cassettes/TestCommand_GithubActions.yaml | 108 +- .../TestCommand_JavareachArchive.yaml | 30 +- .../cassettes/TestCommand_Transitive.yaml | 797 +----- 15 files changed, 3947 insertions(+), 3120 deletions(-) diff --git a/cmd/osv-scanner/fix/__snapshots__/command_test.snap b/cmd/osv-scanner/fix/__snapshots__/command_test.snap index 25ab91872ac..0276e8ad534 100755 --- a/cmd/osv-scanner/fix/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/fix/__snapshots__/command_test.snap @@ -5260,16 +5260,16 @@ unsupported strategy "force" - must be one of: in-place, relax, override [TestCommand/fix_non-interactive_in-place_package-lock.json - 1] Guided remediation (the fix command) can be risky when run on untrusted projects. It may trigger the package manager to execute scripts or follow external registries specified in the project. Please ensure you trust the source code and artifacts before proceeding. -Found 15 vulnerabilities matching the filter -Can fix 8/15 matching vulnerabilities by changing 5 dependencies +Found 16 vulnerabilities matching the filter +Can fix 8/16 matching vulnerabilities by changing 5 dependencies UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5 UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.14 -UPGRADED-PACKAGE: ajv,6.12.6,6.14.0 +UPGRADED-PACKAGE: ajv,6.12.6,6.15.0 UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1 UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9 FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw -REMAINING-VULNS: 7 -UNFIXABLE-VULNS: 7 +REMAINING-VULNS: 8 +UNFIXABLE-VULNS: 8 --- @@ -5293,9 +5293,9 @@ UNFIXABLE-VULNS: 7 } }, "node_modules/ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -6229,9 +6229,9 @@ UNFIXABLE-VULNS: 7 }, "dependencies": { "ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -7148,6 +7148,16 @@ UNFIXABLE-VULNS: 7 "version": "1.1.11" } ] + }, + { + "id": "GHSA-w5hq-g745-h8pq", + "packages": [ + { + "name": "uuid", + "version": "3.4.0" + } + ], + "unactionable": true } ], "patches": [ @@ -7225,7 +7235,7 @@ UNFIXABLE-VULNS: 7 { "name": "ajv", "versionFrom": "6.12.6", - "versionTo": "6.14.0", + "versionTo": "6.15.0", "transitive": true } ], @@ -7309,9 +7319,9 @@ Guided remediation (the fix command) can be risky when run on untrusted projects } }, "node_modules/ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -8245,9 +8255,9 @@ Guided remediation (the fix command) can be risky when run on untrusted projects }, "dependencies": { "ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -9437,6 +9447,16 @@ Guided remediation (the fix command) can be risky when run on untrusted projects } ], "unactionable": true + }, + { + "id": "GHSA-w5hq-g745-h8pq", + "packages": [ + { + "name": "uuid", + "version": "3.4.0" + } + ], + "unactionable": true } ], "patches": [ @@ -9575,12 +9595,12 @@ UNFIXABLE-VULNS: 0 [TestCommand/fix_non-interactive_relax_package.json - 1] Guided remediation (the fix command) can be risky when run on untrusted projects. It may trigger the package manager to execute scripts or follow external registries specified in the project. Please ensure you trust the source code and artifacts before proceeding. -Found 7 vulnerabilities matching the filter -Can fix 3/7 matching vulnerabilities by changing 1 dependencies +Found 8 vulnerabilities matching the filter +Can fix 3/8 matching vulnerabilities by changing 1 dependencies UPGRADED-PACKAGE: npm-registry-client,6.2.0,^7.5.0 FIXED-VULN-IDS: GHSA-43f8-2h32-f4cj,GHSA-c2qf-rxjj-qqgw,GHSA-c6rq-rjc2-86v2 -REMAINING-VULNS: 4 -UNFIXABLE-VULNS: 4 +REMAINING-VULNS: 5 +UNFIXABLE-VULNS: 5 --- @@ -9608,16 +9628,16 @@ UNFIXABLE-VULNS: 4 [TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 1] Guided remediation (the fix command) can be risky when run on untrusted projects. It may trigger the package manager to execute scripts or follow external registries specified in the project. Please ensure you trust the source code and artifacts before proceeding. -Found 15 vulnerabilities matching the filter -Can fix 8/15 matching vulnerabilities by changing 5 dependencies +Found 16 vulnerabilities matching the filter +Can fix 8/16 matching vulnerabilities by changing 5 dependencies UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5 UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.14 -UPGRADED-PACKAGE: ajv,6.12.6,6.14.0 +UPGRADED-PACKAGE: ajv,6.12.6,6.15.0 UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1 UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9 FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw -REMAINING-VULNS: 7 -UNFIXABLE-VULNS: 7 +REMAINING-VULNS: 8 +UNFIXABLE-VULNS: 8 --- @@ -9641,9 +9661,9 @@ UNFIXABLE-VULNS: 7 } }, "node_modules/ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -10577,9 +10597,9 @@ UNFIXABLE-VULNS: 7 }, "dependencies": { "ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -11427,16 +11447,16 @@ manifest or lockfile is required [TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 1] Guided remediation (the fix command) can be risky when run on untrusted projects. It may trigger the package manager to execute scripts or follow external registries specified in the project. Please ensure you trust the source code and artifacts before proceeding. -Found 15 vulnerabilities matching the filter -Can fix 8/15 matching vulnerabilities by changing 5 dependencies +Found 16 vulnerabilities matching the filter +Can fix 8/16 matching vulnerabilities by changing 5 dependencies UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5 UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.14 -UPGRADED-PACKAGE: ajv,6.12.6,6.14.0 +UPGRADED-PACKAGE: ajv,6.12.6,6.15.0 UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1 UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9 FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw -REMAINING-VULNS: 7 -UNFIXABLE-VULNS: 7 +REMAINING-VULNS: 8 +UNFIXABLE-VULNS: 8 --- @@ -11460,9 +11480,9 @@ UNFIXABLE-VULNS: 7 } }, "node_modules/ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -12396,9 +12416,9 @@ UNFIXABLE-VULNS: 7 }, "dependencies": { "ajv": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", - "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", + "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", "requires": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -13170,12 +13190,12 @@ UNFIXABLE-VULNS: 7 [TestCommand_OfflineDatabase/fix_non_interactive_relax_package_json_with_offline_vulns - 1] Guided remediation (the fix command) can be risky when run on untrusted projects. It may trigger the package manager to execute scripts or follow external registries specified in the project. Please ensure you trust the source code and artifacts before proceeding. -Found 7 vulnerabilities matching the filter -Can fix 3/7 matching vulnerabilities by changing 1 dependencies +Found 8 vulnerabilities matching the filter +Can fix 3/8 matching vulnerabilities by changing 1 dependencies UPGRADED-PACKAGE: npm-registry-client,6.2.0,^7.5.0 FIXED-VULN-IDS: GHSA-43f8-2h32-f4cj,GHSA-c2qf-rxjj-qqgw,GHSA-c6rq-rjc2-86v2 -REMAINING-VULNS: 4 -UNFIXABLE-VULNS: 4 +REMAINING-VULNS: 5 +UNFIXABLE-VULNS: 5 --- diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 22ceb3c9308..8a91e46a3cc 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -327,6 +327,7 @@ Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/xz-utils/5.2.4-1ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns @@ -348,10 +349,11 @@ Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/sed/4.7-1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns -Filtered 38 ignored package/s from the scan. +Filtered 40 ignored package/s from the scan. Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): @@ -386,6 +388,7 @@ Package Ubuntu:20.04/gcc-10/10.5.0-1ubuntu1~20.04 has been filtered out because: Package Ubuntu:20.04/libgcrypt20/1.8.5-5ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/gnutls28/3.6.13-2ubuntu1.12 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/lz4/1.9.2-2ubuntu0.20.04.1 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/xz-utils/5.2.4-1ubuntu1.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns @@ -407,10 +410,11 @@ Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just Package Ubuntu:20.04/ncurses/6.2-0ubuntu2.1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/shadow/1:4.8.1-1ubuntu5.20.04.5 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/perl/5.30.0-9ubuntu0.5 has been filtered out because: Just want to test only unimportant vulns +Package Ubuntu:20.04/sed/4.7-1 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/tar/1.30+dfsg-7ubuntu0.20.04.4 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/util-linux/2.34-0.1ubuntu9.6 has been filtered out because: Just want to test only unimportant vulns Package Ubuntu:20.04/zlib/1:1.2.11.dfsg-2ubuntu1.5 has been filtered out because: Just want to test only unimportant vulns -Filtered 38 ignored package/s from the scan. +Filtered 40 ignored package/s from the scan. Container Scanning Result (Ubuntu 20.04.6 LTS) (Based on "ubuntu" image): @@ -440,8 +444,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 46 known vulnerabilities (2 Critical, 15 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. +Total 25 packages affected by 62 known vulnerabilities (3 Critical, 17 High, 34 Medium, 5 Low, 3 Unknown) from 1 ecosystem. +27 vulnerabilities can be fixed. Ubuntu:22.04 @@ -453,24 +457,27 @@ Ubuntu:22.04 | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | | dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 6 | libc-bin, libc6 | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | | gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | +| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | | libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | | libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | +| ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | +| sed | 4.8-1ubuntu2 | No fix available | 1 | sed | # 4 Layer | ubuntu | | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | +| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 9 | libsystemd0... (2) | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu | +| util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 1 | bsdutils | # 4 Layer | ubuntu | +| util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 2 | libblkid1... (6) | # 4 Layer | ubuntu | +| xz-utils | 5.2.5-2ubuntu1 | No fix available | 1 | liblzma5 | # 4 Layer | ubuntu | | zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ @@ -489,8 +496,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 46 known vulnerabilities (2 Critical, 15 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. +Total 25 packages affected by 62 known vulnerabilities (3 Critical, 17 High, 34 Medium, 5 Low, 3 Unknown) from 1 ecosystem. +27 vulnerabilities can be fixed. Ubuntu:22.04 @@ -502,24 +509,27 @@ Ubuntu:22.04 | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | | dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 6 | libc-bin, libc6 | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | | gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | +| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | | libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | | libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | +| ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | +| sed | 4.8-1ubuntu2 | No fix available | 1 | sed | # 4 Layer | ubuntu | | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | +| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 9 | libsystemd0... (2) | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu | +| util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 1 | bsdutils | # 4 Layer | ubuntu | +| util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 2 | libblkid1... (6) | # 4 Layer | ubuntu | +| xz-utils | 5.2.5-2ubuntu1 | No fix available | 1 | liblzma5 | # 4 Layer | ubuntu | | zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ @@ -557,8 +567,8 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 22 packages affected by 46 known vulnerabilities (2 Critical, 15 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. +Total 25 packages affected by 62 known vulnerabilities (3 Critical, 17 High, 34 Medium, 5 Low, 3 Unknown) from 1 ecosystem. +27 vulnerabilities can be fixed. Ubuntu:22.04 @@ -570,24 +580,27 @@ Ubuntu:22.04 | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | | dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 6 | libc-bin, libc6 | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | | gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | -| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 1 | libcap2 | # 4 Layer | ubuntu | +| libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | | libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 1 | libgcrypt20 | # 4 Layer | ubuntu | | libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | -| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | +| ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | +| sed | 4.8-1ubuntu2 | No fix available | 1 | sed | # 4 Layer | ubuntu | | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | -| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu | -| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu | +| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 9 | libsystemd0... (2) | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu | +| util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 1 | bsdutils | # 4 Layer | ubuntu | +| util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 2 | libblkid1... (6) | # 4 Layer | ubuntu | +| xz-utils | 5.2.5-2ubuntu1 | No fix available | 1 | liblzma5 | # 4 Layer | ubuntu | | zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ @@ -606,8 +619,8 @@ Scanning local image tarball "./testdata/test-java-full.tar" Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 25 packages affected by 74 known vulnerabilities (3 Critical, 29 High, 37 Medium, 4 Low, 1 Unknown) from 2 ecosystems. -74 vulnerabilities can be fixed. +Total 26 packages affected by 91 known vulnerabilities (3 Critical, 41 High, 40 Medium, 4 Low, 3 Unknown) from 2 ecosystems. +91 vulnerabilities can be fixed. Maven @@ -622,8 +635,8 @@ Maven | commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | | dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- | | io.netty:netty-codec | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- | -| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 4 | # 12 Layer | -- | +| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | | io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | | io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | | io.netty:netty-handler | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | @@ -631,7 +644,7 @@ Maven | org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | | org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 2 | # 12 Layer | -- | | org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | -| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 2 | # 12 Layer | -- | +| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 3 | # 12 Layer | -- | +-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ Alpine:v3.21 +-----------------------------------------------------------------------------------------------------------------------------------+ @@ -642,12 +655,13 @@ Alpine:v3.21 | busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | | expat | 2.6.4-r0 | Fix Available | 7 | libexpat | # 5 Layer | eclipse-temurin | | gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | -| gnutls | 3.8.8-r0 | Fix Available | 7 | gnutls | # 5 Layer | eclipse-temurin | -| libpng | 1.6.44-r0 | Fix Available | 8 | libpng | # 5 Layer | eclipse-temurin | +| gnutls | 3.8.8-r0 | Fix Available | 8 | gnutls | # 5 Layer | eclipse-temurin | +| libpng | 1.6.44-r0 | Fix Available | 11 | libpng | # 5 Layer | eclipse-temurin | | libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | -| musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.3.2-r4 | Fix Available | 15 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | +| musl | 1.2.5-r8 | Fix Available | 3 | musl, musl-utils | # 0 Layer | alpine | +| openssl | 3.3.2-r4 | Fix Available | 21 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | | sqlite | 3.47.1-r0 | Fix Available | 4 | sqlite-libs | # 5 Layer | eclipse-temurin | +| zlib | 1.3.1-r2 | Fix Available | 2 | zlib | # 0 Layer | alpine | +----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. @@ -736,8 +750,8 @@ Scanning local image tarball "./testdata/test-python-full.tar" Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 21 packages affected by 53 known vulnerabilities (1 Critical, 18 High, 16 Medium, 3 Low, 15 Unknown) from 2 ecosystems. -53 vulnerabilities can be fixed. +Total 21 packages affected by 54 known vulnerabilities (1 Critical, 18 High, 17 Medium, 3 Low, 15 Unknown) from 2 ecosystems. +54 vulnerabilities can be fixed. PyPI @@ -788,7 +802,7 @@ PyPI +----------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +----------+-------------------+---------------+------------+------------------+---------------+ -| requests | 2.20.0 | Fix Available | 3 | # 17 Layer | -- | +| requests | 2.20.0 | Fix Available | 4 | # 17 Layer | -- | +----------+-------------------+---------------+------------+------------------+---------------+ +------------------------------------------------------------------------------------------------+ | Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA | @@ -850,8 +864,8 @@ Scanning local image tarball "./testdata/test-package-tracing.tar" Container Scanning Result (Alpine Linux v3.20) (Based on "alpine" image): -Total 9 packages affected by 213 known vulnerabilities (1 Critical, 7 High, 11 Medium, 2 Low, 192 Unknown) from 2 ecosystems. -213 vulnerabilities can be fixed. +Total 10 packages affected by 265 known vulnerabilities (1 Critical, 13 High, 13 Medium, 2 Low, 236 Unknown) from 2 ecosystems. +265 vulnerabilities can be fixed. Go @@ -860,42 +874,42 @@ Go +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 9 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 39 | # 9 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.2.0 | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 2 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 39 | # 2 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.3.0 | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 4 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 39 | # 4 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.3.0-moved | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 3 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 39 | # 3 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-1.4.0 | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 2 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 39 | # 2 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ | Source:artifact:/go/bin/ptf-vulnerable | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.22.4 | Fix Available | 32 | # 7 Layer | -- | +| stdlib | 1.22.4 | Fix Available | 39 | # 7 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ Alpine:v3.20 +------------------------------------------------------------------------------------------------------------------------------+ @@ -904,8 +918,9 @@ Alpine:v3.20 | SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | +----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ | busybox | 1.36.1-r29 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | -| musl | 1.2.5-r0 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine | -| openssl | 3.3.1-r0 | Fix Available | 18 | libcrypto3, libssl3 | # 0 Layer | alpine | +| musl | 1.2.5-r0 | Fix Available | 3 | musl, musl-utils | # 0 Layer | alpine | +| openssl | 3.3.1-r0 | Fix Available | 24 | libcrypto3, libssl3 | # 0 Layer | alpine | +| zlib | 1.3.1-r1 | Fix Available | 2 | zlib | # 0 Layer | alpine | +----------------+-------------------+---------------+------------+-------------------------+------------------+---------------+ For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve `. @@ -1404,11 +1419,12 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne "index": 17 } }, - "groups": 3, + "groups": 4, "vulnerabilities": [ "PYSEC-2023-74", "GHSA-9hjg-9r4m-mvj7", "GHSA-9wx4-h78v-vm56", + "GHSA-gc5v-m9x4-r6x2", "GHSA-j8r2-6x86-q33q" ] } @@ -2104,7 +2120,7 @@ Scanning local image tarball "./testdata/test-python-full.tar" "index": 0 } }, - "groups": 12, + "groups": 19, "vulnerabilities": [ "ALPINE-CVE-2025-11187", "ALPINE-CVE-2025-15467", @@ -2117,7 +2133,14 @@ Scanning local image tarball "./testdata/test-python-full.tar" "ALPINE-CVE-2025-69420", "ALPINE-CVE-2025-69421", "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" + "ALPINE-CVE-2026-22796", + "ALPINE-CVE-2026-2673", + "ALPINE-CVE-2026-28387", + "ALPINE-CVE-2026-28388", + "ALPINE-CVE-2026-28389", + "ALPINE-CVE-2026-28390", + "ALPINE-CVE-2026-31789", + "ALPINE-CVE-2026-31790" ] }, { @@ -2131,7 +2154,7 @@ Scanning local image tarball "./testdata/test-python-full.tar" "index": 0 } }, - "groups": 12, + "groups": 19, "vulnerabilities": [ "ALPINE-CVE-2025-11187", "ALPINE-CVE-2025-15467", @@ -2144,7 +2167,48 @@ Scanning local image tarball "./testdata/test-python-full.tar" "ALPINE-CVE-2025-69420", "ALPINE-CVE-2025-69421", "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" + "ALPINE-CVE-2026-22796", + "ALPINE-CVE-2026-2673", + "ALPINE-CVE-2026-28387", + "ALPINE-CVE-2026-28388", + "ALPINE-CVE-2026-28389", + "ALPINE-CVE-2026-28390", + "ALPINE-CVE-2026-31789", + "ALPINE-CVE-2026-31790" + ] + }, + { + "package": { + "name": "musl", + "os_package_name": "musl", + "version": "1.2.5-r10", + "ecosystem": "Alpine:v3.22", + "commit": "1a5f5e699b2eae883e73c93a789f87bd89a2a190", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2026-40200", + "ALPINE-CVE-2026-6042" + ] + }, + { + "package": { + "name": "musl", + "os_package_name": "musl-utils", + "version": "1.2.5-r10", + "ecosystem": "Alpine:v3.22", + "commit": "1a5f5e699b2eae883e73c93a789f87bd89a2a190", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2026-40200", + "ALPINE-CVE-2026-6042" ] }, { @@ -2163,6 +2227,23 @@ Scanning local image tarball "./testdata/test-python-full.tar" "ALPINE-CVE-2024-58251", "ALPINE-CVE-2025-46394" ] + }, + { + "package": { + "name": "zlib", + "os_package_name": "zlib", + "version": "1.3.1-r2", + "ecosystem": "Alpine:v3.22", + "commit": "4c2722e7ecc1c5e3ba882429044a101497121223", + "image_origin_details": { + "index": 0 + } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2026-22184", + "ALPINE-CVE-2026-27171" + ] } ] } @@ -2244,7 +2325,7 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "index": 2 } }, - "groups": 32, + "groups": 39, "vulnerabilities": [ "GO-2024-2963", "GO-2024-3105", @@ -2253,6 +2334,7 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "GO-2025-3373", "GO-2025-3420", "GO-2025-3447", + "GO-2025-3503", "GO-2025-3563", "GO-2025-3750", "GO-2025-3751", @@ -2277,7 +2359,13 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "GO-2026-4403", "GO-2026-4601", "GO-2026-4602", - "GO-2026-4603" + "GO-2026-4603", + "GO-2026-4864", + "GO-2026-4865", + "GO-2026-4869", + "GO-2026-4870", + "GO-2026-4946", + "GO-2026-4947" ] }, { @@ -2403,7 +2491,7 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "index": 0 } }, - "groups": 18, + "groups": 24, "vulnerabilities": [ "ALPINE-CVE-2024-12797", "ALPINE-CVE-2024-13176", @@ -2422,7 +2510,13 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "ALPINE-CVE-2025-9231", "ALPINE-CVE-2025-9232", "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" + "ALPINE-CVE-2026-22796", + "ALPINE-CVE-2026-28387", + "ALPINE-CVE-2026-28388", + "ALPINE-CVE-2026-28389", + "ALPINE-CVE-2026-28390", + "ALPINE-CVE-2026-31789", + "ALPINE-CVE-2026-31790" ] }, { @@ -2436,7 +2530,7 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "index": 0 } }, - "groups": 18, + "groups": 24, "vulnerabilities": [ "ALPINE-CVE-2024-12797", "ALPINE-CVE-2024-13176", @@ -2455,7 +2549,13 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "ALPINE-CVE-2025-9231", "ALPINE-CVE-2025-9232", "ALPINE-CVE-2026-22795", - "ALPINE-CVE-2026-22796" + "ALPINE-CVE-2026-22796", + "ALPINE-CVE-2026-28387", + "ALPINE-CVE-2026-28388", + "ALPINE-CVE-2026-28389", + "ALPINE-CVE-2026-28390", + "ALPINE-CVE-2026-31789", + "ALPINE-CVE-2026-31790" ] }, { @@ -2469,9 +2569,11 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "index": 0 } }, - "groups": 1, + "groups": 3, "vulnerabilities": [ - "ALPINE-CVE-2025-26519" + "ALPINE-CVE-2025-26519", + "ALPINE-CVE-2026-40200", + "ALPINE-CVE-2026-6042" ] }, { @@ -2485,9 +2587,11 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "index": 0 } }, - "groups": 1, + "groups": 3, "vulnerabilities": [ - "ALPINE-CVE-2025-26519" + "ALPINE-CVE-2025-26519", + "ALPINE-CVE-2026-40200", + "ALPINE-CVE-2026-6042" ] }, { @@ -2529,7 +2633,12 @@ Scanning local image tarball "./testdata/test-image-with-deprecated.tar" "image_origin_details": { "index": 0 } - } + }, + "groups": 2, + "vulnerabilities": [ + "ALPINE-CVE-2026-22184", + "ALPINE-CVE-2026-27171" + ] } ] } @@ -3095,6 +3204,21 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "type": "os" }, "packages": [ + { + "package": { + "name": "util-linux", + "os_package_name": "bsdutils", + "version": "1:2.37.2-4ubuntu3.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2026-27456" + ] + }, { "package": { "name": "coreutils", @@ -3155,13 +3279,12 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 5, + "groups": 4, "vulnerabilities": [ "USN-7412-1", "USN-7946-1", "UBUNTU-CVE-2022-3219", "UBUNTU-CVE-2025-30258", - "UBUNTU-CVE-2025-68972", "UBUNTU-CVE-2025-68973", "USN-7412-2" ] @@ -3176,8 +3299,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -3191,7 +3315,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 4, + "groups": 7, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -3203,7 +3327,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" + "UBUNTU-CVE-2026-0915", + "UBUNTU-CVE-2026-4046", + "UBUNTU-CVE-2026-4437", + "UBUNTU-CVE-2026-4438" ] }, { @@ -3216,7 +3343,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 4, + "groups": 7, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -3228,7 +3355,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" + "UBUNTU-CVE-2026-0915", + "UBUNTU-CVE-2026-4046", + "UBUNTU-CVE-2026-4437", + "UBUNTU-CVE-2026-4438" ] }, { @@ -3241,10 +3371,12 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ "USN-7287-1", - "UBUNTU-CVE-2025-1390" + "USN-8193-1", + "UBUNTU-CVE-2025-1390", + "UBUNTU-CVE-2026-4878" ] }, { @@ -3410,6 +3542,21 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-62813" ] }, + { + "package": { + "name": "xz-utils", + "os_package_name": "liblzma5", + "version": "5.2.5-2ubuntu1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2026-34743" + ] + }, { "package": { "name": "util-linux", @@ -3420,8 +3567,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -3435,10 +3583,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -3451,10 +3600,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -3467,12 +3617,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -3485,12 +3634,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -3503,12 +3651,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -3521,12 +3668,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -3569,8 +3715,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -3584,9 +3731,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 5, + "groups": 6, "vulnerabilities": [ "USN-7980-1", + "USN-8155-1", "USN-7786-1", "USN-7278-1", "UBUNTU-CVE-2024-13176", @@ -3601,7 +3749,13 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-69421", "UBUNTU-CVE-2025-9230", "UBUNTU-CVE-2026-22795", - "UBUNTU-CVE-2026-22796" + "UBUNTU-CVE-2026-22796", + "UBUNTU-CVE-2026-28387", + "UBUNTU-CVE-2026-28388", + "UBUNTU-CVE-2026-28389", + "UBUNTU-CVE-2026-28390", + "UBUNTU-CVE-2026-31789", + "UBUNTU-CVE-2026-31790" ] }, { @@ -3631,11 +3785,19 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 9, "vulnerabilities": [ "USN-7559-1", + "USN-8119-1", "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" + "UBUNTU-CVE-2025-4598", + "UBUNTU-CVE-2026-29111", + "UBUNTU-CVE-2026-40223", + "UBUNTU-CVE-2026-40224", + "UBUNTU-CVE-2026-40225", + "UBUNTU-CVE-2026-40226", + "UBUNTU-CVE-2026-40227", + "UBUNTU-CVE-2026-40228" ] }, { @@ -3667,10 +3829,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -3683,11 +3846,19 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 9, "vulnerabilities": [ "USN-7559-1", + "USN-8119-1", "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" + "UBUNTU-CVE-2025-4598", + "UBUNTU-CVE-2026-29111", + "UBUNTU-CVE-2026-40223", + "UBUNTU-CVE-2026-40224", + "UBUNTU-CVE-2026-40225", + "UBUNTU-CVE-2026-40226", + "UBUNTU-CVE-2026-40227", + "UBUNTU-CVE-2026-40228" ] }, { @@ -3700,8 +3871,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -3746,8 +3918,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -3761,10 +3934,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -3777,10 +3951,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -3819,6 +3994,21 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-40909" ] }, + { + "package": { + "name": "sed", + "os_package_name": "sed", + "version": "4.8-1ubuntu2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2026-5958" + ] + }, { "package": { "name": "tar", @@ -3829,9 +4019,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ - "UBUNTU-CVE-2025-45582" + "UBUNTU-CVE-2025-45582", + "UBUNTU-CVE-2026-5704" ] }, { @@ -3844,8 +4035,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -3960,7 +4152,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 7 } }, - "groups": 84, + "groups": 91, "vulnerabilities": [ "GO-2022-0477", "GO-2022-0493", @@ -4021,6 +4213,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "GO-2025-3373", "GO-2025-3420", "GO-2025-3447", + "GO-2025-3503", "GO-2025-3563", "GO-2025-3750", "GO-2025-3751", @@ -4045,7 +4238,13 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "GO-2026-4403", "GO-2026-4601", "GO-2026-4602", - "GO-2026-4603" + "GO-2026-4603", + "GO-2026-4864", + "GO-2026-4865", + "GO-2026-4869", + "GO-2026-4870", + "GO-2026-4946", + "GO-2026-4947" ] } ] @@ -4056,6 +4255,21 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "type": "os" }, "packages": [ + { + "package": { + "name": "util-linux", + "os_package_name": "bsdutils", + "version": "1:2.37.2-4ubuntu3.4", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2026-27456" + ] + }, { "package": { "name": "coreutils", @@ -4116,13 +4330,12 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 5, + "groups": 4, "vulnerabilities": [ "USN-7412-1", "USN-7946-1", "UBUNTU-CVE-2022-3219", "UBUNTU-CVE-2025-30258", - "UBUNTU-CVE-2025-68972", "UBUNTU-CVE-2025-68973", "USN-7412-2" ] @@ -4137,8 +4350,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -4152,7 +4366,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 4, + "groups": 7, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -4164,7 +4378,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" + "UBUNTU-CVE-2026-0915", + "UBUNTU-CVE-2026-4046", + "UBUNTU-CVE-2026-4437", + "UBUNTU-CVE-2026-4438" ] }, { @@ -4177,7 +4394,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 4, + "groups": 7, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -4189,7 +4406,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-4802", "UBUNTU-CVE-2025-8058", "UBUNTU-CVE-2026-0861", - "UBUNTU-CVE-2026-0915" + "UBUNTU-CVE-2026-0915", + "UBUNTU-CVE-2026-4046", + "UBUNTU-CVE-2026-4437", + "UBUNTU-CVE-2026-4438" ] }, { @@ -4202,10 +4422,12 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ "USN-7287-1", - "UBUNTU-CVE-2025-1390" + "USN-8193-1", + "UBUNTU-CVE-2025-1390", + "UBUNTU-CVE-2026-4878" ] }, { @@ -4371,6 +4593,21 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-62813" ] }, + { + "package": { + "name": "xz-utils", + "os_package_name": "liblzma5", + "version": "5.2.5-2ubuntu1", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2026-34743" + ] + }, { "package": { "name": "util-linux", @@ -4381,8 +4618,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -4396,10 +4634,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -4412,10 +4651,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -4428,12 +4668,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -4446,12 +4685,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -4464,12 +4702,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -4482,12 +4719,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020", - "UBUNTU-CVE-2025-8941" + "UBUNTU-CVE-2025-6020" ] }, { @@ -4530,8 +4766,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -4545,9 +4782,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 5, + "groups": 6, "vulnerabilities": [ "USN-7980-1", + "USN-8155-1", "USN-7786-1", "USN-7278-1", "UBUNTU-CVE-2024-13176", @@ -4562,7 +4800,13 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-69421", "UBUNTU-CVE-2025-9230", "UBUNTU-CVE-2026-22795", - "UBUNTU-CVE-2026-22796" + "UBUNTU-CVE-2026-22796", + "UBUNTU-CVE-2026-28387", + "UBUNTU-CVE-2026-28388", + "UBUNTU-CVE-2026-28389", + "UBUNTU-CVE-2026-28390", + "UBUNTU-CVE-2026-31789", + "UBUNTU-CVE-2026-31790" ] }, { @@ -4592,11 +4836,19 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 9, "vulnerabilities": [ "USN-7559-1", + "USN-8119-1", "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" + "UBUNTU-CVE-2025-4598", + "UBUNTU-CVE-2026-29111", + "UBUNTU-CVE-2026-40223", + "UBUNTU-CVE-2026-40224", + "UBUNTU-CVE-2026-40225", + "UBUNTU-CVE-2026-40226", + "UBUNTU-CVE-2026-40227", + "UBUNTU-CVE-2026-40228" ] }, { @@ -4628,10 +4880,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -4644,11 +4897,19 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 9, "vulnerabilities": [ "USN-7559-1", + "USN-8119-1", "UBUNTU-CVE-2023-7008", - "UBUNTU-CVE-2025-4598" + "UBUNTU-CVE-2025-4598", + "UBUNTU-CVE-2026-29111", + "UBUNTU-CVE-2026-40223", + "UBUNTU-CVE-2026-40224", + "UBUNTU-CVE-2026-40225", + "UBUNTU-CVE-2026-40226", + "UBUNTU-CVE-2026-40227", + "UBUNTU-CVE-2026-40228" ] }, { @@ -4661,8 +4922,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -4707,8 +4969,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, @@ -4722,10 +4985,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -4738,10 +5002,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "UBUNTU-CVE-2023-50495", - "UBUNTU-CVE-2025-6141" + "UBUNTU-CVE-2025-6141", + "UBUNTU-CVE-2025-69720" ] }, { @@ -4780,6 +5045,21 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-40909" ] }, + { + "package": { + "name": "sed", + "os_package_name": "sed", + "version": "4.8-1ubuntu2", + "ecosystem": "Ubuntu:22.04", + "image_origin_details": { + "index": 4 + } + }, + "groups": 1, + "vulnerabilities": [ + "UBUNTU-CVE-2026-5958" + ] + }, { "package": { "name": "tar", @@ -4790,9 +5070,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ - "UBUNTU-CVE-2025-45582" + "UBUNTU-CVE-2025-45582", + "UBUNTU-CVE-2026-5704" ] }, { @@ -4805,8 +5086,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ + "UBUNTU-CVE-2026-27456", "USN-8091-1" ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml index 922dd3b7be1..020084363f0 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithDefaults.yaml @@ -161,11 +161,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml index d817e7e5c15..15569856caf 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_ExplicitExtractors_WithoutDefaults.yaml @@ -42,11 +42,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml index c5a3284dc9a..8afac6c2878 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml @@ -681,7 +681,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 7442 + content_length: 7176 host: api.osv.dev body: | { @@ -917,13 +917,6 @@ interactions: }, "version": "2.2.0-2" }, - { - "package": { - "ecosystem": "Ubuntu:20.04", - "name": "xz-utils" - }, - "version": "5.2.4-1ubuntu1.1" - }, { "package": { "ecosystem": "Ubuntu:20.04", @@ -1036,13 +1029,6 @@ interactions: }, "version": "2:3.3.16-1ubuntu2.4" }, - { - "package": { - "ecosystem": "Ubuntu:20.04", - "name": "sed" - }, - "version": "4.7-1" - }, { "package": { "ecosystem": "Ubuntu:20.04", @@ -1077,7 +1063,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 256 + content_length: 250 body: | { "results": [ @@ -1116,12 +1102,11 @@ interactions: {}, {}, {}, - {}, { "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -1140,13 +1125,12 @@ interactions: {}, {}, {}, - {}, {} ] } headers: Content-Length: - - "256" + - "250" Content-Type: - application/json status: 200 OK @@ -1156,7 +1140,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 7442 + content_length: 7176 host: api.osv.dev body: | { @@ -1392,13 +1376,6 @@ interactions: }, "version": "2.2.0-2" }, - { - "package": { - "ecosystem": "Ubuntu:20.04", - "name": "xz-utils" - }, - "version": "5.2.4-1ubuntu1.1" - }, { "package": { "ecosystem": "Ubuntu:20.04", @@ -1511,13 +1488,6 @@ interactions: }, "version": "2:3.3.16-1ubuntu2.4" }, - { - "package": { - "ecosystem": "Ubuntu:20.04", - "name": "sed" - }, - "version": "4.7-1" - }, { "package": { "ecosystem": "Ubuntu:20.04", @@ -1552,7 +1522,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 256 + content_length: 250 body: | { "results": [ @@ -1591,12 +1561,11 @@ interactions: {}, {}, {}, - {}, { "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -1615,13 +1584,12 @@ interactions: {}, {}, {}, - {}, {} ] } headers: Content-Length: - - "256" + - "250" Content-Type: - application/json status: 200 OK @@ -2356,7 +2324,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11752 + content_length: 15011 body: | { "results": [ @@ -2365,7 +2333,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + } + ] + }, { "vulns": [ { @@ -2386,15 +2361,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-6297", - "modified": "2026-02-04T03:36:18.990840Z" + "modified": "2026-04-22T16:08:20.375647Z" }, { "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" + "modified": "2026-04-22T16:19:25.951290Z" }, { "id": "USN-7768-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:24.586547Z" } ] }, @@ -2404,15 +2379,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -2426,10 +2401,6 @@ interactions: "id": "UBUNTU-CVE-2025-30258", "modified": "2026-02-04T04:30:17.426918Z" }, - { - "id": "UBUNTU-CVE-2025-68972", - "modified": "2026-01-20T19:15:15.770361Z" - }, { "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" @@ -2459,9 +2430,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -2470,47 +2445,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -2518,47 +2505,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -2567,11 +2566,19 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-02-04T04:28:50.933288Z" + "modified": "2026-04-22T15:31:21.010462Z" + }, + { + "id": "UBUNTU-CVE-2026-4878", + "modified": "2026-04-22T16:34:39.990368Z" }, { "id": "USN-7287-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:35.745293Z" + }, + { + "id": "USN-8193-1", + "modified": "2026-04-22T16:44:18.251193Z" } ] }, @@ -2585,15 +2592,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -2601,7 +2608,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-01-20T17:51:42.649938Z" + "modified": "2026-04-22T14:40:28.941098Z" } ] }, @@ -2610,43 +2617,43 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-12243", - "modified": "2026-02-04T02:53:36.843010Z" + "modified": "2026-04-22T14:37:38.949616Z" }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-04-22T15:32:29.121051Z" }, { "id": "UBUNTU-CVE-2025-32988", - "modified": "2026-02-04T02:15:37.273955Z" + "modified": "2026-04-22T15:42:43.907567Z" }, { "id": "UBUNTU-CVE-2025-32989", - "modified": "2026-02-04T03:37:18.739300Z" + "modified": "2026-04-22T15:42:40.864729Z" }, { "id": "UBUNTU-CVE-2025-32990", - "modified": "2026-02-04T03:31:01.615385Z" + "modified": "2026-04-22T15:38:02.144648Z" }, { "id": "UBUNTU-CVE-2025-6395", - "modified": "2026-02-04T03:31:22.603031Z" + "modified": "2026-04-22T16:08:12.464527Z" }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-04-22T16:17:31.884178Z" }, { "id": "USN-7281-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:19.204031Z" }, { "id": "USN-7635-1", - "modified": "2026-02-10T04:49:34Z" + "modified": "2026-04-22T11:00:15.256152Z" }, { "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" + "modified": "2026-04-22T11:06:24.165916Z" } ] }, @@ -2655,39 +2662,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -2697,39 +2704,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -2738,39 +2745,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -2778,39 +2785,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -2822,12 +2829,23 @@ interactions: } ] }, - {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-34743", + "modified": "2026-04-22T16:32:01.706564Z" + } + ] + }, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -2835,11 +2853,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -2847,11 +2869,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -2862,19 +2888,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -2882,19 +2904,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -2902,19 +2920,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -2922,19 +2936,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -2942,7 +2952,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-41409", - "modified": "2025-10-24T04:53:52Z" + "modified": "2026-04-22T13:23:47.523941Z" } ] }, @@ -2950,7 +2960,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -2962,9 +2972,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -2973,67 +2987,95 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-04-22T14:37:49.989722Z" }, { "id": "UBUNTU-CVE-2024-41996", - "modified": "2026-02-06T21:00:29.439853Z" + "modified": "2026-04-22T15:01:48.931405Z" }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-04-22T15:27:52.071108Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-04-22T15:32:09.511968Z" }, { "id": "UBUNTU-CVE-2025-27587", - "modified": "2026-02-06T21:55:03.879396Z" + "modified": "2026-04-22T15:40:51.936226Z" }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-04-22T16:08:53.331860Z" }, { "id": "UBUNTU-CVE-2025-69418", - "modified": "2026-02-06T22:01:44.179826Z" + "modified": "2026-04-22T16:13:20.620457Z" }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-04-22T16:14:16.031636Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-04-22T16:14:09.437940Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-04-22T16:13:37.461613Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-04-22T16:17:29.833522Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-04-22T16:19:32.659001Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-04-22T16:19:34.875010Z" + }, + { + "id": "UBUNTU-CVE-2026-28387", + "modified": "2026-04-22T16:28:56.462034Z" + }, + { + "id": "UBUNTU-CVE-2026-28388", + "modified": "2026-04-22T16:29:14.747170Z" + }, + { + "id": "UBUNTU-CVE-2026-28389", + "modified": "2026-04-22T16:29:46.621840Z" + }, + { + "id": "UBUNTU-CVE-2026-28390", + "modified": "2026-04-22T16:29:12.148876Z" + }, + { + "id": "UBUNTU-CVE-2026-31789", + "modified": "2026-04-22T16:30:10.383244Z" + }, + { + "id": "UBUNTU-CVE-2026-31790", + "modified": "2026-04-22T16:29:58.821237Z" }, { "id": "USN-7278-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:54:48.564638Z" }, { "id": "USN-7786-1", - "modified": "2026-02-10T04:50:09Z" + "modified": "2026-04-22T11:02:28.476194Z" }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-04-22T11:05:05.881663Z" + }, + { + "id": "USN-8155-1", + "modified": "2026-04-22T11:07:30.162280Z" } ] }, @@ -3041,15 +3083,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -3057,15 +3099,47 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, @@ -3073,23 +3147,23 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-04-22T13:00:38.989006Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-04-22T14:38:21.767463Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-04-22T15:30:31.745395Z" }, { "id": "USN-7275-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:28.234701Z" }, { "id": "USN-7954-1", - "modified": "2026-02-10T04:50:47Z" + "modified": "2026-04-22T11:04:31.475896Z" } ] }, @@ -3097,11 +3171,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -3111,24 +3189,60 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -3137,7 +3251,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-4899", - "modified": "2025-09-08T16:49:53Z" + "modified": "2026-04-22T13:36:43.299894Z" } ] }, @@ -3149,7 +3263,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -3158,9 +3272,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -3168,11 +3286,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -3180,11 +3302,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -3196,7 +3322,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -3204,32 +3330,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2025-10-24T05:01:58Z" + "modified": "2026-04-22T14:06:40.537838Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2025-10-24T05:02:19Z" + "modified": "2026-04-22T14:15:27.303492Z" }, { "id": "UBUNTU-CVE-2024-56406", - "modified": "2026-02-04T02:50:55.689079Z" + "modified": "2026-04-22T15:21:32.149942Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-02-04T02:15:05.324531Z" + "modified": "2026-04-22T16:02:28.067448Z" }, { "id": "USN-7434-1", - "modified": "2026-02-10T04:47:48Z" + "modified": "2026-04-22T10:56:55.320362Z" }, { "id": "USN-7678-1", - "modified": "2026-02-10T04:49:41Z" + "modified": "2026-04-22T11:00:11.130172Z" } ] }, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-5958", + "modified": "2026-04-21T14:16:38.931992Z" + } + ] + }, {}, {}, { @@ -3237,6 +3370,10 @@ interactions: { "id": "UBUNTU-CVE-2025-45582", "modified": "2026-01-20T18:59:29.811906Z" + }, + { + "id": "UBUNTU-CVE-2026-5704", + "modified": "2026-04-13T09:31:27Z" } ] }, @@ -3244,9 +3381,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -3254,7 +3395,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" + "modified": "2026-04-22T16:26:51.108440Z" } ] } @@ -3262,7 +3403,7 @@ interactions: } headers: Content-Length: - - "11752" + - "15011" Content-Type: - application/json status: 200 OK @@ -3997,7 +4138,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11752 + content_length: 15011 body: | { "results": [ @@ -4006,7 +4147,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + } + ] + }, { "vulns": [ { @@ -4027,15 +4175,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-6297", - "modified": "2026-02-04T03:36:18.990840Z" + "modified": "2026-04-22T16:08:20.375647Z" }, { "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" + "modified": "2026-04-22T16:19:25.951290Z" }, { "id": "USN-7768-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:24.586547Z" } ] }, @@ -4045,15 +4193,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -4067,10 +4215,6 @@ interactions: "id": "UBUNTU-CVE-2025-30258", "modified": "2026-02-04T04:30:17.426918Z" }, - { - "id": "UBUNTU-CVE-2025-68972", - "modified": "2026-01-20T19:15:15.770361Z" - }, { "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" @@ -4100,9 +4244,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4111,47 +4259,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -4159,47 +4319,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -4208,11 +4380,19 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-02-04T04:28:50.933288Z" + "modified": "2026-04-22T15:31:21.010462Z" + }, + { + "id": "UBUNTU-CVE-2026-4878", + "modified": "2026-04-22T16:34:39.990368Z" }, { "id": "USN-7287-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:35.745293Z" + }, + { + "id": "USN-8193-1", + "modified": "2026-04-22T16:44:18.251193Z" } ] }, @@ -4226,15 +4406,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -4242,7 +4422,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-01-20T17:51:42.649938Z" + "modified": "2026-04-22T14:40:28.941098Z" } ] }, @@ -4251,43 +4431,43 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-12243", - "modified": "2026-02-04T02:53:36.843010Z" + "modified": "2026-04-22T14:37:38.949616Z" }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-04-22T15:32:29.121051Z" }, { "id": "UBUNTU-CVE-2025-32988", - "modified": "2026-02-04T02:15:37.273955Z" + "modified": "2026-04-22T15:42:43.907567Z" }, { "id": "UBUNTU-CVE-2025-32989", - "modified": "2026-02-04T03:37:18.739300Z" + "modified": "2026-04-22T15:42:40.864729Z" }, { "id": "UBUNTU-CVE-2025-32990", - "modified": "2026-02-04T03:31:01.615385Z" + "modified": "2026-04-22T15:38:02.144648Z" }, { "id": "UBUNTU-CVE-2025-6395", - "modified": "2026-02-04T03:31:22.603031Z" + "modified": "2026-04-22T16:08:12.464527Z" }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-04-22T16:17:31.884178Z" }, { "id": "USN-7281-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:19.204031Z" }, { "id": "USN-7635-1", - "modified": "2026-02-10T04:49:34Z" + "modified": "2026-04-22T11:00:15.256152Z" }, { "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" + "modified": "2026-04-22T11:06:24.165916Z" } ] }, @@ -4296,39 +4476,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4338,39 +4518,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4379,39 +4559,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4419,39 +4599,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4463,12 +4643,23 @@ interactions: } ] }, - {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-34743", + "modified": "2026-04-22T16:32:01.706564Z" + } + ] + }, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4476,11 +4667,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4488,11 +4683,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4503,19 +4702,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4523,19 +4718,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4543,19 +4734,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4563,19 +4750,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4583,7 +4766,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-41409", - "modified": "2025-10-24T04:53:52Z" + "modified": "2026-04-22T13:23:47.523941Z" } ] }, @@ -4591,7 +4774,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -4603,9 +4786,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4614,67 +4801,95 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-04-22T14:37:49.989722Z" }, { "id": "UBUNTU-CVE-2024-41996", - "modified": "2026-02-06T21:00:29.439853Z" + "modified": "2026-04-22T15:01:48.931405Z" }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-04-22T15:27:52.071108Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-04-22T15:32:09.511968Z" }, { "id": "UBUNTU-CVE-2025-27587", - "modified": "2026-02-06T21:55:03.879396Z" + "modified": "2026-04-22T15:40:51.936226Z" }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-04-22T16:08:53.331860Z" }, { "id": "UBUNTU-CVE-2025-69418", - "modified": "2026-02-06T22:01:44.179826Z" + "modified": "2026-04-22T16:13:20.620457Z" }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-04-22T16:14:16.031636Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-04-22T16:14:09.437940Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-04-22T16:13:37.461613Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-04-22T16:17:29.833522Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-04-22T16:19:32.659001Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-04-22T16:19:34.875010Z" + }, + { + "id": "UBUNTU-CVE-2026-28387", + "modified": "2026-04-22T16:28:56.462034Z" + }, + { + "id": "UBUNTU-CVE-2026-28388", + "modified": "2026-04-22T16:29:14.747170Z" + }, + { + "id": "UBUNTU-CVE-2026-28389", + "modified": "2026-04-22T16:29:46.621840Z" + }, + { + "id": "UBUNTU-CVE-2026-28390", + "modified": "2026-04-22T16:29:12.148876Z" + }, + { + "id": "UBUNTU-CVE-2026-31789", + "modified": "2026-04-22T16:30:10.383244Z" + }, + { + "id": "UBUNTU-CVE-2026-31790", + "modified": "2026-04-22T16:29:58.821237Z" }, { "id": "USN-7278-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:54:48.564638Z" }, { "id": "USN-7786-1", - "modified": "2026-02-10T04:50:09Z" + "modified": "2026-04-22T11:02:28.476194Z" }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-04-22T11:05:05.881663Z" + }, + { + "id": "USN-8155-1", + "modified": "2026-04-22T11:07:30.162280Z" } ] }, @@ -4682,15 +4897,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -4698,15 +4913,47 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, @@ -4714,23 +4961,23 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-04-22T13:00:38.989006Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-04-22T14:38:21.767463Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-04-22T15:30:31.745395Z" }, { "id": "USN-7275-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:28.234701Z" }, { "id": "USN-7954-1", - "modified": "2026-02-10T04:50:47Z" + "modified": "2026-04-22T11:04:31.475896Z" } ] }, @@ -4738,11 +4985,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4752,24 +5003,60 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4778,7 +5065,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-4899", - "modified": "2025-09-08T16:49:53Z" + "modified": "2026-04-22T13:36:43.299894Z" } ] }, @@ -4790,7 +5077,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -4799,9 +5086,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4809,11 +5100,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4821,11 +5116,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4837,7 +5136,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -4845,32 +5144,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2025-10-24T05:01:58Z" + "modified": "2026-04-22T14:06:40.537838Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2025-10-24T05:02:19Z" + "modified": "2026-04-22T14:15:27.303492Z" }, { "id": "UBUNTU-CVE-2024-56406", - "modified": "2026-02-04T02:50:55.689079Z" + "modified": "2026-04-22T15:21:32.149942Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-02-04T02:15:05.324531Z" + "modified": "2026-04-22T16:02:28.067448Z" }, { "id": "USN-7434-1", - "modified": "2026-02-10T04:47:48Z" + "modified": "2026-04-22T10:56:55.320362Z" }, { "id": "USN-7678-1", - "modified": "2026-02-10T04:49:41Z" + "modified": "2026-04-22T11:00:11.130172Z" } ] }, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-5958", + "modified": "2026-04-21T14:16:38.931992Z" + } + ] + }, {}, {}, { @@ -4878,6 +5184,10 @@ interactions: { "id": "UBUNTU-CVE-2025-45582", "modified": "2026-01-20T18:59:29.811906Z" + }, + { + "id": "UBUNTU-CVE-2026-5704", + "modified": "2026-04-13T09:31:27Z" } ] }, @@ -4885,9 +5195,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4895,7 +5209,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" + "modified": "2026-04-22T16:26:51.108440Z" } ] } @@ -4903,7 +5217,7 @@ interactions: } headers: Content-Length: - - "11752" + - "15011" Content-Type: - application/json status: 200 OK @@ -5652,7 +5966,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 16940 + content_length: 20640 body: | { "results": [ @@ -5661,7 +5975,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + } + ] + }, { "vulns": [ { @@ -5682,15 +6003,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-6297", - "modified": "2026-02-04T03:36:18.990840Z" + "modified": "2026-04-22T16:08:20.375647Z" }, { "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" + "modified": "2026-04-22T16:19:25.951290Z" }, { "id": "USN-7768-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:24.586547Z" } ] }, @@ -5701,15 +6022,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -5873,7 +6194,7 @@ interactions: }, { "id": "GO-2023-2102", - "modified": "2026-02-04T03:49:27.289895Z" + "modified": "2026-04-16T11:14:10.849204Z" }, { "id": "GO-2023-2185", @@ -5949,7 +6270,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -5965,7 +6290,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -6005,7 +6330,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -6013,15 +6338,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -6029,19 +6354,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -6050,6 +6375,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -6063,10 +6412,6 @@ interactions: "id": "UBUNTU-CVE-2025-30258", "modified": "2026-02-04T04:30:17.426918Z" }, - { - "id": "UBUNTU-CVE-2025-68972", - "modified": "2026-01-20T19:15:15.770361Z" - }, { "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" @@ -6096,9 +6441,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6107,47 +6456,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -6155,47 +6516,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -6204,11 +6577,19 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-02-04T04:28:50.933288Z" + "modified": "2026-04-22T15:31:21.010462Z" + }, + { + "id": "UBUNTU-CVE-2026-4878", + "modified": "2026-04-22T16:34:39.990368Z" }, { "id": "USN-7287-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:35.745293Z" + }, + { + "id": "USN-8193-1", + "modified": "2026-04-22T16:44:18.251193Z" } ] }, @@ -6222,15 +6603,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -6238,7 +6619,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-01-20T17:51:42.649938Z" + "modified": "2026-04-22T14:40:28.941098Z" } ] }, @@ -6247,43 +6628,43 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-12243", - "modified": "2026-02-04T02:53:36.843010Z" + "modified": "2026-04-22T14:37:38.949616Z" }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-04-22T15:32:29.121051Z" }, { "id": "UBUNTU-CVE-2025-32988", - "modified": "2026-02-04T02:15:37.273955Z" + "modified": "2026-04-22T15:42:43.907567Z" }, { "id": "UBUNTU-CVE-2025-32989", - "modified": "2026-02-04T03:37:18.739300Z" + "modified": "2026-04-22T15:42:40.864729Z" }, { "id": "UBUNTU-CVE-2025-32990", - "modified": "2026-02-04T03:31:01.615385Z" + "modified": "2026-04-22T15:38:02.144648Z" }, { "id": "UBUNTU-CVE-2025-6395", - "modified": "2026-02-04T03:31:22.603031Z" + "modified": "2026-04-22T16:08:12.464527Z" }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-04-22T16:17:31.884178Z" }, { "id": "USN-7281-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:19.204031Z" }, { "id": "USN-7635-1", - "modified": "2026-02-10T04:49:34Z" + "modified": "2026-04-22T11:00:15.256152Z" }, { "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" + "modified": "2026-04-22T11:06:24.165916Z" } ] }, @@ -6292,39 +6673,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6334,39 +6715,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6375,39 +6756,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6415,39 +6796,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6459,12 +6840,23 @@ interactions: } ] }, - {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-34743", + "modified": "2026-04-22T16:32:01.706564Z" + } + ] + }, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6472,11 +6864,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6484,11 +6880,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6499,19 +6899,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6519,19 +6915,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6539,19 +6931,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6559,19 +6947,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6579,7 +6963,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-41409", - "modified": "2025-10-24T04:53:52Z" + "modified": "2026-04-22T13:23:47.523941Z" } ] }, @@ -6587,7 +6971,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -6599,9 +6983,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6610,67 +6998,95 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-04-22T14:37:49.989722Z" }, { "id": "UBUNTU-CVE-2024-41996", - "modified": "2026-02-06T21:00:29.439853Z" + "modified": "2026-04-22T15:01:48.931405Z" }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-04-22T15:27:52.071108Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-04-22T15:32:09.511968Z" }, { "id": "UBUNTU-CVE-2025-27587", - "modified": "2026-02-06T21:55:03.879396Z" + "modified": "2026-04-22T15:40:51.936226Z" }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-04-22T16:08:53.331860Z" }, { "id": "UBUNTU-CVE-2025-69418", - "modified": "2026-02-06T22:01:44.179826Z" + "modified": "2026-04-22T16:13:20.620457Z" }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-04-22T16:14:16.031636Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-04-22T16:14:09.437940Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-04-22T16:13:37.461613Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-04-22T16:17:29.833522Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-04-22T16:19:32.659001Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-04-22T16:19:34.875010Z" + }, + { + "id": "UBUNTU-CVE-2026-28387", + "modified": "2026-04-22T16:28:56.462034Z" + }, + { + "id": "UBUNTU-CVE-2026-28388", + "modified": "2026-04-22T16:29:14.747170Z" + }, + { + "id": "UBUNTU-CVE-2026-28389", + "modified": "2026-04-22T16:29:46.621840Z" + }, + { + "id": "UBUNTU-CVE-2026-28390", + "modified": "2026-04-22T16:29:12.148876Z" + }, + { + "id": "UBUNTU-CVE-2026-31789", + "modified": "2026-04-22T16:30:10.383244Z" + }, + { + "id": "UBUNTU-CVE-2026-31790", + "modified": "2026-04-22T16:29:58.821237Z" }, { "id": "USN-7278-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:54:48.564638Z" }, { "id": "USN-7786-1", - "modified": "2026-02-10T04:50:09Z" + "modified": "2026-04-22T11:02:28.476194Z" }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-04-22T11:05:05.881663Z" + }, + { + "id": "USN-8155-1", + "modified": "2026-04-22T11:07:30.162280Z" } ] }, @@ -6678,15 +7094,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -6694,15 +7110,47 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, @@ -6710,23 +7158,23 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-04-22T13:00:38.989006Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-04-22T14:38:21.767463Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-04-22T15:30:31.745395Z" }, { "id": "USN-7275-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:28.234701Z" }, { "id": "USN-7954-1", - "modified": "2026-02-10T04:50:47Z" + "modified": "2026-04-22T11:04:31.475896Z" } ] }, @@ -6734,11 +7182,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6748,24 +7200,60 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6774,7 +7262,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-4899", - "modified": "2025-09-08T16:49:53Z" + "modified": "2026-04-22T13:36:43.299894Z" } ] }, @@ -6786,7 +7274,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -6795,9 +7283,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6805,11 +7297,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6817,11 +7313,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6833,7 +7333,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -6841,32 +7341,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2025-10-24T05:01:58Z" + "modified": "2026-04-22T14:06:40.537838Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2025-10-24T05:02:19Z" + "modified": "2026-04-22T14:15:27.303492Z" }, { "id": "UBUNTU-CVE-2024-56406", - "modified": "2026-02-04T02:50:55.689079Z" + "modified": "2026-04-22T15:21:32.149942Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-02-04T02:15:05.324531Z" + "modified": "2026-04-22T16:02:28.067448Z" }, { "id": "USN-7434-1", - "modified": "2026-02-10T04:47:48Z" + "modified": "2026-04-22T10:56:55.320362Z" }, { "id": "USN-7678-1", - "modified": "2026-02-10T04:49:41Z" + "modified": "2026-04-22T11:00:11.130172Z" } ] }, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-5958", + "modified": "2026-04-21T14:16:38.931992Z" + } + ] + }, {}, {}, { @@ -6874,6 +7381,10 @@ interactions: { "id": "UBUNTU-CVE-2025-45582", "modified": "2026-01-20T18:59:29.811906Z" + }, + { + "id": "UBUNTU-CVE-2026-5704", + "modified": "2026-04-13T09:31:27Z" } ] }, @@ -6881,9 +7392,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6891,7 +7406,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" + "modified": "2026-04-22T16:26:51.108440Z" } ] } @@ -6899,7 +7414,7 @@ interactions: } headers: Content-Length: - - "16940" + - "20640" Content-Type: - application/json status: 200 OK @@ -8355,7 +8870,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 10207 + content_length: 12439 body: | { "results": [ @@ -8398,7 +8913,7 @@ interactions: "vulns": [ { "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" + "modified": "2026-04-07T16:47:43.107166Z" }, { "id": "GHSA-h46c-h94j-95f3", @@ -8580,6 +9095,10 @@ interactions: { "id": "ALPINE-CVE-2025-9820", "modified": "2026-02-24T08:17:41.731734Z" + }, + { + "id": "ALPINE-CVE-2026-1584", + "modified": "2026-04-10T08:31:12.197948Z" } ] }, @@ -8669,6 +9188,10 @@ interactions: { "id": "GHSA-fghv-69vj-qj49", "modified": "2026-02-04T03:04:04.888405Z" + }, + { + "id": "GHSA-pwqr-wmgm-9rr8", + "modified": "2026-03-27T22:04:14.372867Z" } ] }, @@ -8677,6 +9200,10 @@ interactions: { "id": "GHSA-prj3-ccx8-p6x4", "modified": "2026-02-04T02:26:22.855609Z" + }, + { + "id": "GHSA-w9fj-cfpg-grvv", + "modified": "2026-03-27T22:05:04.574044Z" } ] }, @@ -8798,6 +9325,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -8875,6 +9426,18 @@ interactions: { "id": "ALPINE-CVE-2026-25646", "modified": "2026-02-24T12:00:36.302208Z" + }, + { + "id": "ALPINE-CVE-2026-33416", + "modified": "2026-03-27T09:31:22.645949Z" + }, + { + "id": "ALPINE-CVE-2026-33636", + "modified": "2026-03-27T09:31:27.847412Z" + }, + { + "id": "ALPINE-CVE-2026-34757", + "modified": "2026-04-10T18:26:46.468330Z" } ] }, @@ -8940,6 +9503,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -8962,6 +9549,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -8972,6 +9567,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -9039,6 +9642,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -9129,6 +9756,10 @@ interactions: {}, { "vulns": [ + { + "id": "GHSA-355h-qmc2-wpwf", + "modified": "2026-04-17T00:30:15.516948Z" + }, { "id": "GHSA-qh8g-58pp-2wxh", "modified": "2026-02-04T05:13:21.910792Z" @@ -9198,12 +9829,23 @@ interactions: {}, {}, {}, - {} + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-04-14T16:32:07.574001Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-04-14T16:32:22.282381Z" + } + ] + } ] } headers: Content-Length: - - "10207" + - "12439" Content-Type: - application/json status: 200 OK @@ -11112,7 +11754,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6240 + content_length: 6310 body: | { "results": [ @@ -11124,7 +11766,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -11136,11 +11778,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -11520,6 +12162,10 @@ interactions: "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, { "id": "GHSA-j8r2-6x86-q33q", "modified": "2026-02-04T03:34:13.807518Z" @@ -11673,7 +12319,7 @@ interactions: } headers: Content-Length: - - "6240" + - "6310" Content-Type: - application/json status: 200 OK @@ -11925,7 +12571,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 15478 + content_length: 19427 body: | { "results": [ @@ -11992,7 +12638,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -12008,7 +12658,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -12048,7 +12698,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -12056,15 +12706,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -12072,19 +12722,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -12093,6 +12743,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -12124,7 +12798,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -12140,7 +12818,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -12180,7 +12858,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -12188,15 +12866,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -12204,19 +12882,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -12225,6 +12903,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -12256,7 +12958,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -12272,7 +12978,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -12312,7 +13018,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -12320,15 +13026,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -12336,19 +13042,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -12357,6 +13063,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -12388,7 +13118,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -12404,7 +13138,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -12444,7 +13178,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -12452,15 +13186,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -12468,19 +13202,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -12489,6 +13223,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -12520,7 +13278,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -12536,7 +13298,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -12576,7 +13338,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -12584,15 +13346,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -12600,19 +13362,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -12621,6 +13383,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -12652,7 +13438,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -12668,7 +13458,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -12708,7 +13498,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -12716,15 +13506,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -12732,19 +13522,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -12753,6 +13543,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -12829,6 +13643,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -12905,6 +13743,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -12913,6 +13775,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -12921,6 +13791,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -12943,12 +13821,23 @@ interactions: } ] }, - {} + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-04-14T16:32:07.574001Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-04-14T16:32:22.282381Z" + } + ] + } ] } headers: Content-Length: - - "15478" + - "19427" Content-Type: - application/json status: 200 OK @@ -15628,9 +16517,9 @@ interactions: url: https://api.osv.dev/v1/querybatch method: POST response: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 content_length: 220 body: | { @@ -15643,11 +16532,11 @@ interactions: }, { "id": "CVE-2024-31755", - "modified": "2026-03-14T12:30:30.932017Z" + "modified": "2026-04-16T04:31:52.195461Z" }, { "id": "CVE-2025-57052", - "modified": "2026-03-23T05:11:28.908372Z" + "modified": "2026-04-10T05:30:21.542728Z" } ] } diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml index fe2f31e6ecd..85bc49b3b78 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml @@ -800,7 +800,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6240 + content_length: 6310 body: | { "results": [ @@ -812,7 +812,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -824,11 +824,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -1208,6 +1208,10 @@ interactions: "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, { "id": "GHSA-j8r2-6x86-q33q", "modified": "2026-02-04T03:34:13.807518Z" @@ -1361,7 +1365,7 @@ interactions: } headers: Content-Length: - - "6240" + - "6310" Content-Type: - application/json status: 200 OK @@ -1732,7 +1736,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2365 + content_length: 3828 body: | { "results": [ @@ -1827,6 +1831,34 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-2673", + "modified": "2026-04-09T22:30:42.256191Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -1879,12 +1911,62 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-2673", + "modified": "2026-04-09T22:30:42.256191Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, {}, - {}, - {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" + } + ] + }, + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" + } + ] + }, {}, {}, {}, @@ -1919,12 +2001,23 @@ interactions: {}, {}, {}, - {} + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-04-14T16:32:07.574001Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-04-14T16:32:22.282381Z" + } + ] + } ] } headers: Content-Length: - - "2365" + - "3828" Content-Type: - application/json status: 200 OK @@ -2071,7 +2164,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 5308 + content_length: 7052 body: | { "results": [ @@ -2133,7 +2226,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -2149,7 +2246,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -2189,7 +2286,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -2197,15 +2294,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -2213,19 +2310,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -2234,6 +2331,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -2310,6 +2431,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -2386,6 +2531,30 @@ interactions: { "id": "ALPINE-CVE-2026-22796", "modified": "2026-02-08T14:17:23.708503Z" + }, + { + "id": "ALPINE-CVE-2026-28387", + "modified": "2026-04-10T06:31:25.158219Z" + }, + { + "id": "ALPINE-CVE-2026-28388", + "modified": "2026-04-11T08:32:29.150074Z" + }, + { + "id": "ALPINE-CVE-2026-28389", + "modified": "2026-04-11T08:31:23.225175Z" + }, + { + "id": "ALPINE-CVE-2026-28390", + "modified": "2026-04-11T08:32:29.343363Z" + }, + { + "id": "ALPINE-CVE-2026-31789", + "modified": "2026-04-10T06:31:30.642935Z" + }, + { + "id": "ALPINE-CVE-2026-31790", + "modified": "2026-04-10T06:31:26.206813Z" } ] }, @@ -2394,6 +2563,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -2402,6 +2579,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -2419,12 +2604,23 @@ interactions: } ] }, - {} + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-04-14T16:32:07.574001Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-04-14T16:32:22.282381Z" + } + ] + } ] } headers: Content-Length: - - "5308" + - "7052" Content-Type: - application/json status: 200 OK @@ -3842,7 +4038,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11752 + content_length: 15011 body: | { "results": [ @@ -3851,7 +4047,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + } + ] + }, { "vulns": [ { @@ -3872,15 +4075,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-6297", - "modified": "2026-02-04T03:36:18.990840Z" + "modified": "2026-04-22T16:08:20.375647Z" }, { "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" + "modified": "2026-04-22T16:19:25.951290Z" }, { "id": "USN-7768-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:24.586547Z" } ] }, @@ -3890,15 +4093,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -3912,10 +4115,6 @@ interactions: "id": "UBUNTU-CVE-2025-30258", "modified": "2026-02-04T04:30:17.426918Z" }, - { - "id": "UBUNTU-CVE-2025-68972", - "modified": "2026-01-20T19:15:15.770361Z" - }, { "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" @@ -3945,9 +4144,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -3956,47 +4159,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -4004,47 +4219,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -4053,11 +4280,19 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-02-04T04:28:50.933288Z" + "modified": "2026-04-22T15:31:21.010462Z" + }, + { + "id": "UBUNTU-CVE-2026-4878", + "modified": "2026-04-22T16:34:39.990368Z" }, { "id": "USN-7287-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:35.745293Z" + }, + { + "id": "USN-8193-1", + "modified": "2026-04-22T16:44:18.251193Z" } ] }, @@ -4071,15 +4306,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -4087,7 +4322,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-01-20T17:51:42.649938Z" + "modified": "2026-04-22T14:40:28.941098Z" } ] }, @@ -4096,43 +4331,43 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-12243", - "modified": "2026-02-04T02:53:36.843010Z" + "modified": "2026-04-22T14:37:38.949616Z" }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-04-22T15:32:29.121051Z" }, { "id": "UBUNTU-CVE-2025-32988", - "modified": "2026-02-04T02:15:37.273955Z" + "modified": "2026-04-22T15:42:43.907567Z" }, { "id": "UBUNTU-CVE-2025-32989", - "modified": "2026-02-04T03:37:18.739300Z" + "modified": "2026-04-22T15:42:40.864729Z" }, { "id": "UBUNTU-CVE-2025-32990", - "modified": "2026-02-04T03:31:01.615385Z" + "modified": "2026-04-22T15:38:02.144648Z" }, { "id": "UBUNTU-CVE-2025-6395", - "modified": "2026-02-04T03:31:22.603031Z" + "modified": "2026-04-22T16:08:12.464527Z" }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-04-22T16:17:31.884178Z" }, { "id": "USN-7281-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:19.204031Z" }, { "id": "USN-7635-1", - "modified": "2026-02-10T04:49:34Z" + "modified": "2026-04-22T11:00:15.256152Z" }, { "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" + "modified": "2026-04-22T11:06:24.165916Z" } ] }, @@ -4141,39 +4376,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4183,39 +4418,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4224,39 +4459,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4264,39 +4499,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -4308,12 +4543,23 @@ interactions: } ] }, - {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-34743", + "modified": "2026-04-22T16:32:01.706564Z" + } + ] + }, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4321,11 +4567,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4333,11 +4583,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4348,19 +4602,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4368,19 +4618,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4388,19 +4634,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4408,19 +4650,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -4428,7 +4666,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-41409", - "modified": "2025-10-24T04:53:52Z" + "modified": "2026-04-22T13:23:47.523941Z" } ] }, @@ -4436,7 +4674,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -4448,9 +4686,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4459,67 +4701,95 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-04-22T14:37:49.989722Z" }, { "id": "UBUNTU-CVE-2024-41996", - "modified": "2026-02-06T21:00:29.439853Z" + "modified": "2026-04-22T15:01:48.931405Z" }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-04-22T15:27:52.071108Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-04-22T15:32:09.511968Z" }, { "id": "UBUNTU-CVE-2025-27587", - "modified": "2026-02-06T21:55:03.879396Z" + "modified": "2026-04-22T15:40:51.936226Z" }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-04-22T16:08:53.331860Z" }, { "id": "UBUNTU-CVE-2025-69418", - "modified": "2026-02-06T22:01:44.179826Z" + "modified": "2026-04-22T16:13:20.620457Z" }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-04-22T16:14:16.031636Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-04-22T16:14:09.437940Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-04-22T16:13:37.461613Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-04-22T16:17:29.833522Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-04-22T16:19:32.659001Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-04-22T16:19:34.875010Z" + }, + { + "id": "UBUNTU-CVE-2026-28387", + "modified": "2026-04-22T16:28:56.462034Z" + }, + { + "id": "UBUNTU-CVE-2026-28388", + "modified": "2026-04-22T16:29:14.747170Z" + }, + { + "id": "UBUNTU-CVE-2026-28389", + "modified": "2026-04-22T16:29:46.621840Z" + }, + { + "id": "UBUNTU-CVE-2026-28390", + "modified": "2026-04-22T16:29:12.148876Z" + }, + { + "id": "UBUNTU-CVE-2026-31789", + "modified": "2026-04-22T16:30:10.383244Z" + }, + { + "id": "UBUNTU-CVE-2026-31790", + "modified": "2026-04-22T16:29:58.821237Z" }, { "id": "USN-7278-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:54:48.564638Z" }, { "id": "USN-7786-1", - "modified": "2026-02-10T04:50:09Z" + "modified": "2026-04-22T11:02:28.476194Z" }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-04-22T11:05:05.881663Z" + }, + { + "id": "USN-8155-1", + "modified": "2026-04-22T11:07:30.162280Z" } ] }, @@ -4527,15 +4797,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -4543,15 +4813,47 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, @@ -4559,23 +4861,23 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-04-22T13:00:38.989006Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-04-22T14:38:21.767463Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-04-22T15:30:31.745395Z" }, { "id": "USN-7275-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:28.234701Z" }, { "id": "USN-7954-1", - "modified": "2026-02-10T04:50:47Z" + "modified": "2026-04-22T11:04:31.475896Z" } ] }, @@ -4583,11 +4885,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4597,24 +4903,60 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4623,7 +4965,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-4899", - "modified": "2025-09-08T16:49:53Z" + "modified": "2026-04-22T13:36:43.299894Z" } ] }, @@ -4635,7 +4977,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -4644,9 +4986,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4654,11 +5000,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4666,11 +5016,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -4682,7 +5036,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -4690,32 +5044,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2025-10-24T05:01:58Z" + "modified": "2026-04-22T14:06:40.537838Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2025-10-24T05:02:19Z" + "modified": "2026-04-22T14:15:27.303492Z" }, { "id": "UBUNTU-CVE-2024-56406", - "modified": "2026-02-04T02:50:55.689079Z" + "modified": "2026-04-22T15:21:32.149942Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-02-04T02:15:05.324531Z" + "modified": "2026-04-22T16:02:28.067448Z" }, { "id": "USN-7434-1", - "modified": "2026-02-10T04:47:48Z" + "modified": "2026-04-22T10:56:55.320362Z" }, { "id": "USN-7678-1", - "modified": "2026-02-10T04:49:41Z" + "modified": "2026-04-22T11:00:11.130172Z" } ] }, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-5958", + "modified": "2026-04-21T14:16:38.931992Z" + } + ] + }, {}, {}, { @@ -4723,6 +5084,10 @@ interactions: { "id": "UBUNTU-CVE-2025-45582", "modified": "2026-01-20T18:59:29.811906Z" + }, + { + "id": "UBUNTU-CVE-2026-5704", + "modified": "2026-04-13T09:31:27Z" } ] }, @@ -4730,9 +5095,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -4740,7 +5109,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" + "modified": "2026-04-22T16:26:51.108440Z" } ] } @@ -4748,7 +5117,7 @@ interactions: } headers: Content-Length: - - "11752" + - "15011" Content-Type: - application/json status: 200 OK @@ -5497,7 +5866,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 16940 + content_length: 20640 body: | { "results": [ @@ -5506,7 +5875,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + } + ] + }, { "vulns": [ { @@ -5527,15 +5903,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-6297", - "modified": "2026-02-04T03:36:18.990840Z" + "modified": "2026-04-22T16:08:20.375647Z" }, { "id": "UBUNTU-CVE-2026-2219", - "modified": "2026-03-14T09:17:58.405826Z" + "modified": "2026-04-22T16:19:25.951290Z" }, { "id": "USN-7768-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:24.586547Z" } ] }, @@ -5546,15 +5922,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -5718,7 +6094,7 @@ interactions: }, { "id": "GO-2023-2102", - "modified": "2026-02-04T03:49:27.289895Z" + "modified": "2026-04-16T11:14:10.849204Z" }, { "id": "GO-2023-2185", @@ -5794,7 +6170,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -5810,7 +6190,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -5850,7 +6230,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -5858,15 +6238,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -5874,19 +6254,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -5895,6 +6275,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -5908,10 +6312,6 @@ interactions: "id": "UBUNTU-CVE-2025-30258", "modified": "2026-02-04T04:30:17.426918Z" }, - { - "id": "UBUNTU-CVE-2025-68972", - "modified": "2026-01-20T19:15:15.770361Z" - }, { "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" @@ -5941,9 +6341,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -5952,47 +6356,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -6000,47 +6416,59 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2016-20013", - "modified": "2026-02-03T07:12:11.178156Z" + "modified": "2026-04-22T10:35:14.467259Z" }, { "id": "UBUNTU-CVE-2025-0395", - "modified": "2026-02-06T21:35:29.229625Z" + "modified": "2026-04-22T15:28:12.422655Z" }, { "id": "UBUNTU-CVE-2025-15281", - "modified": "2026-02-04T07:39:07.958164Z" + "modified": "2026-04-22T15:32:08.602157Z" }, { "id": "UBUNTU-CVE-2025-4802", - "modified": "2026-02-04T04:09:49.871743Z" + "modified": "2026-04-22T16:03:42.030514Z" }, { "id": "UBUNTU-CVE-2025-8058", - "modified": "2026-02-04T07:39:09.389770Z" + "modified": "2026-04-22T16:17:04.960379Z" }, { "id": "UBUNTU-CVE-2026-0861", - "modified": "2026-02-04T07:39:03.415441Z" + "modified": "2026-04-22T16:17:28.297278Z" }, { "id": "UBUNTU-CVE-2026-0915", - "modified": "2026-02-23T00:02:27.504192Z" + "modified": "2026-04-22T16:19:56.009535Z" + }, + { + "id": "UBUNTU-CVE-2026-4046", + "modified": "2026-04-22T16:32:19.968662Z" + }, + { + "id": "UBUNTU-CVE-2026-4437", + "modified": "2026-04-22T16:33:08.620683Z" + }, + { + "id": "UBUNTU-CVE-2026-4438", + "modified": "2026-04-22T16:32:45.992850Z" }, { "id": "USN-7259-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:18.855513Z" }, { "id": "USN-7541-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:58:59.498919Z" }, { "id": "USN-7760-1", - "modified": "2026-02-10T04:49:49Z" + "modified": "2026-04-22T11:02:08.935305Z" }, { "id": "USN-8005-1", - "modified": "2026-02-23T00:13:53.339268Z" + "modified": "2026-04-22T11:06:04.498787Z" } ] }, @@ -6049,11 +6477,19 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-02-04T04:28:50.933288Z" + "modified": "2026-04-22T15:31:21.010462Z" + }, + { + "id": "UBUNTU-CVE-2026-4878", + "modified": "2026-04-22T16:34:39.990368Z" }, { "id": "USN-7287-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:35.745293Z" + }, + { + "id": "USN-8193-1", + "modified": "2026-04-22T16:44:18.251193Z" } ] }, @@ -6067,15 +6503,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -6083,7 +6519,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-01-20T17:51:42.649938Z" + "modified": "2026-04-22T14:40:28.941098Z" } ] }, @@ -6092,43 +6528,43 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-12243", - "modified": "2026-02-04T02:53:36.843010Z" + "modified": "2026-04-22T14:37:38.949616Z" }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-02-28T05:58:56.935176Z" + "modified": "2026-04-22T15:32:29.121051Z" }, { "id": "UBUNTU-CVE-2025-32988", - "modified": "2026-02-04T02:15:37.273955Z" + "modified": "2026-04-22T15:42:43.907567Z" }, { "id": "UBUNTU-CVE-2025-32989", - "modified": "2026-02-04T03:37:18.739300Z" + "modified": "2026-04-22T15:42:40.864729Z" }, { "id": "UBUNTU-CVE-2025-32990", - "modified": "2026-02-04T03:31:01.615385Z" + "modified": "2026-04-22T15:38:02.144648Z" }, { "id": "UBUNTU-CVE-2025-6395", - "modified": "2026-02-04T03:31:22.603031Z" + "modified": "2026-04-22T16:08:12.464527Z" }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-02-28T06:16:45.816014Z" + "modified": "2026-04-22T16:17:31.884178Z" }, { "id": "USN-7281-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:55:19.204031Z" }, { "id": "USN-7635-1", - "modified": "2026-02-10T04:49:34Z" + "modified": "2026-04-22T11:00:15.256152Z" }, { "id": "USN-8043-1", - "modified": "2026-02-17T22:00:37.652199Z" + "modified": "2026-04-22T11:06:24.165916Z" } ] }, @@ -6137,39 +6573,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6179,39 +6615,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6220,39 +6656,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6260,39 +6696,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2018-5709", - "modified": "2025-10-24T04:46:51Z" + "modified": "2026-04-22T11:58:41.162059Z" }, { "id": "UBUNTU-CVE-2024-26458", - "modified": "2026-02-04T03:00:45.815615Z" + "modified": "2026-04-22T14:42:39.007560Z" }, { "id": "UBUNTU-CVE-2024-26461", - "modified": "2026-02-04T04:19:35.724133Z" + "modified": "2026-04-22T14:42:09.751970Z" }, { "id": "UBUNTU-CVE-2024-3596", - "modified": "2026-02-04T04:28:06.065165Z" + "modified": "2026-04-22T14:52:33.365782Z" }, { "id": "UBUNTU-CVE-2025-24528", - "modified": "2026-02-04T04:40:58.959893Z" + "modified": "2026-04-22T15:39:36.294220Z" }, { "id": "UBUNTU-CVE-2025-3576", - "modified": "2026-02-04T02:50:47.063994Z" + "modified": "2026-04-22T15:43:09.290181Z" }, { "id": "USN-7257-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:54:44.735114Z" }, { "id": "USN-7314-1", - "modified": "2026-02-10T04:47:17Z" + "modified": "2026-04-22T10:56:04.510559Z" }, { "id": "USN-7542-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:10.069007Z" } ] }, @@ -6304,12 +6740,23 @@ interactions: } ] }, - {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-34743", + "modified": "2026-04-22T16:32:01.706564Z" + } + ] + }, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6317,11 +6764,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6329,11 +6780,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6344,19 +6799,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6364,19 +6815,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6384,19 +6831,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6404,19 +6847,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-10041", - "modified": "2026-01-20T19:07:32.667161Z" + "modified": "2026-04-22T14:37:13.108514Z" }, { "id": "UBUNTU-CVE-2025-6020", - "modified": "2026-02-04T02:31:29.332885Z" - }, - { - "id": "UBUNTU-CVE-2025-8941", - "modified": "2026-01-20T18:46:31.526274Z" + "modified": "2026-04-22T16:08:04.179164Z" }, { "id": "USN-7580-1", - "modified": "2026-02-10T04:49:00Z" + "modified": "2026-04-22T11:00:07.090315Z" } ] }, @@ -6424,7 +6863,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-41409", - "modified": "2025-10-24T04:53:52Z" + "modified": "2026-04-22T13:23:47.523941Z" } ] }, @@ -6432,7 +6871,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -6444,9 +6883,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6455,67 +6898,95 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-13176", - "modified": "2026-03-09T11:29:11.736076Z" + "modified": "2026-04-22T14:37:49.989722Z" }, { "id": "UBUNTU-CVE-2024-41996", - "modified": "2026-02-06T21:00:29.439853Z" + "modified": "2026-04-22T15:01:48.931405Z" }, { "id": "UBUNTU-CVE-2024-9143", - "modified": "2026-03-09T11:29:50.088989Z" + "modified": "2026-04-22T15:27:52.071108Z" }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-03-05T18:42:43.606385Z" + "modified": "2026-04-22T15:32:09.511968Z" }, { "id": "UBUNTU-CVE-2025-27587", - "modified": "2026-02-06T21:55:03.879396Z" + "modified": "2026-04-22T15:40:51.936226Z" }, { "id": "UBUNTU-CVE-2025-68160", - "modified": "2026-02-12T06:59:44.011039Z" + "modified": "2026-04-22T16:08:53.331860Z" }, { "id": "UBUNTU-CVE-2025-69418", - "modified": "2026-02-06T22:01:44.179826Z" + "modified": "2026-04-22T16:13:20.620457Z" }, { "id": "UBUNTU-CVE-2025-69419", - "modified": "2026-02-12T06:59:40.921557Z" + "modified": "2026-04-22T16:14:16.031636Z" }, { "id": "UBUNTU-CVE-2025-69420", - "modified": "2026-02-12T06:58:38.833674Z" + "modified": "2026-04-22T16:14:09.437940Z" }, { "id": "UBUNTU-CVE-2025-69421", - "modified": "2026-03-02T12:02:19.670699Z" + "modified": "2026-04-22T16:13:37.461613Z" }, { "id": "UBUNTU-CVE-2025-9230", - "modified": "2026-03-09T12:25:45.048270Z" + "modified": "2026-04-22T16:17:29.833522Z" }, { "id": "UBUNTU-CVE-2026-22795", - "modified": "2026-02-12T06:58:35.942634Z" + "modified": "2026-04-22T16:19:32.659001Z" }, { "id": "UBUNTU-CVE-2026-22796", - "modified": "2026-02-12T06:59:02.005868Z" + "modified": "2026-04-22T16:19:34.875010Z" + }, + { + "id": "UBUNTU-CVE-2026-28387", + "modified": "2026-04-22T16:28:56.462034Z" + }, + { + "id": "UBUNTU-CVE-2026-28388", + "modified": "2026-04-22T16:29:14.747170Z" + }, + { + "id": "UBUNTU-CVE-2026-28389", + "modified": "2026-04-22T16:29:46.621840Z" + }, + { + "id": "UBUNTU-CVE-2026-28390", + "modified": "2026-04-22T16:29:12.148876Z" + }, + { + "id": "UBUNTU-CVE-2026-31789", + "modified": "2026-04-22T16:30:10.383244Z" + }, + { + "id": "UBUNTU-CVE-2026-31790", + "modified": "2026-04-22T16:29:58.821237Z" }, { "id": "USN-7278-1", - "modified": "2026-02-10T04:47:15Z" + "modified": "2026-04-22T10:54:48.564638Z" }, { "id": "USN-7786-1", - "modified": "2026-02-10T04:50:09Z" + "modified": "2026-04-22T11:02:28.476194Z" }, { "id": "USN-7980-1", - "modified": "2026-03-02T11:56:15.392710Z" + "modified": "2026-04-22T11:05:05.881663Z" + }, + { + "id": "USN-8155-1", + "modified": "2026-04-22T11:07:30.162280Z" } ] }, @@ -6523,15 +6994,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-27943", - "modified": "2026-02-25T19:00:26.332370Z" + "modified": "2026-04-22T13:20:56.236112Z" }, { "id": "UBUNTU-CVE-2023-4039", - "modified": "2026-03-14T09:09:23.235151Z" + "modified": "2026-04-22T14:11:22.610727Z" }, { "id": "USN-7700-1", - "modified": "2026-02-10T04:49:46Z" + "modified": "2026-04-22T11:00:38.812987Z" } ] }, @@ -6539,15 +7010,47 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, @@ -6555,23 +7058,23 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2021-46848", - "modified": "2026-02-12T06:44:04.921097Z" + "modified": "2026-04-22T13:00:38.989006Z" }, { "id": "UBUNTU-CVE-2024-12133", - "modified": "2026-02-12T06:31:24.332995Z" + "modified": "2026-04-22T14:38:21.767463Z" }, { "id": "UBUNTU-CVE-2025-13151", - "modified": "2026-02-12T06:43:59.770392Z" + "modified": "2026-04-22T15:30:31.745395Z" }, { "id": "USN-7275-1", - "modified": "2026-02-10T04:46:30Z" + "modified": "2026-04-22T10:55:28.234701Z" }, { "id": "USN-7954-1", - "modified": "2026-02-10T04:50:47Z" + "modified": "2026-04-22T11:04:31.475896Z" } ] }, @@ -6579,11 +7082,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6593,24 +7100,60 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-7008", - "modified": "2025-10-09T04:59:16Z" + "modified": "2026-04-22T14:35:51.676464Z" }, { "id": "UBUNTU-CVE-2025-4598", - "modified": "2026-02-04T02:49:04.264249Z" + "modified": "2026-04-22T16:03:19.927023Z" + }, + { + "id": "UBUNTU-CVE-2026-29111", + "modified": "2026-04-22T16:28:39.004822Z" + }, + { + "id": "UBUNTU-CVE-2026-40223", + "modified": "2026-04-22T16:32:32.032578Z" + }, + { + "id": "UBUNTU-CVE-2026-40224", + "modified": "2026-04-22T16:32:51.091222Z" + }, + { + "id": "UBUNTU-CVE-2026-40225", + "modified": "2026-04-22T16:33:21.831118Z" + }, + { + "id": "UBUNTU-CVE-2026-40226", + "modified": "2026-04-22T16:32:22.265436Z" + }, + { + "id": "UBUNTU-CVE-2026-40227", + "modified": "2026-04-22T16:32:51.914390Z" + }, + { + "id": "UBUNTU-CVE-2026-40228", + "modified": "2026-04-22T16:32:18.954949Z" }, { "id": "USN-7559-1", - "modified": "2026-02-10T04:48:59Z" + "modified": "2026-04-22T10:59:21.916844Z" + }, + { + "id": "USN-8119-1", + "modified": "2026-04-22T11:07:55.841597Z" } ] }, {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6619,7 +7162,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2022-4899", - "modified": "2025-09-08T16:49:53Z" + "modified": "2026-04-22T13:36:43.299894Z" } ] }, @@ -6631,7 +7174,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -6640,9 +7183,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6650,11 +7197,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6662,11 +7213,15 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-50495", - "modified": "2026-02-04T03:21:31.661318Z" + "modified": "2026-04-22T14:15:03.155150Z" }, { "id": "UBUNTU-CVE-2025-6141", - "modified": "2026-01-20T18:35:03.980742Z" + "modified": "2026-04-22T16:08:19.927561Z" + }, + { + "id": "UBUNTU-CVE-2025-69720", + "modified": "2026-04-22T16:13:35.392426Z" } ] }, @@ -6678,7 +7233,7 @@ interactions: }, { "id": "UBUNTU-CVE-2024-56433", - "modified": "2026-01-20T18:02:13.226633Z" + "modified": "2026-04-22T15:21:47.367594Z" } ] }, @@ -6686,32 +7241,39 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2025-10-24T05:01:58Z" + "modified": "2026-04-22T14:06:40.537838Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2025-10-24T05:02:19Z" + "modified": "2026-04-22T14:15:27.303492Z" }, { "id": "UBUNTU-CVE-2024-56406", - "modified": "2026-02-04T02:50:55.689079Z" + "modified": "2026-04-22T15:21:32.149942Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-02-04T02:15:05.324531Z" + "modified": "2026-04-22T16:02:28.067448Z" }, { "id": "USN-7434-1", - "modified": "2026-02-10T04:47:48Z" + "modified": "2026-04-22T10:56:55.320362Z" }, { "id": "USN-7678-1", - "modified": "2026-02-10T04:49:41Z" + "modified": "2026-04-22T11:00:11.130172Z" } ] }, {}, - {}, + { + "vulns": [ + { + "id": "UBUNTU-CVE-2026-5958", + "modified": "2026-04-21T14:16:38.931992Z" + } + ] + }, {}, {}, { @@ -6719,6 +7281,10 @@ interactions: { "id": "UBUNTU-CVE-2025-45582", "modified": "2026-01-20T18:59:29.811906Z" + }, + { + "id": "UBUNTU-CVE-2026-5704", + "modified": "2026-04-13T09:31:27Z" } ] }, @@ -6726,9 +7292,13 @@ interactions: {}, { "vulns": [ + { + "id": "UBUNTU-CVE-2026-27456", + "modified": "2026-04-22T16:27:24.598325Z" + }, { "id": "USN-8091-1", - "modified": "2026-03-13T23:29:29.779929Z" + "modified": "2026-04-22T11:07:02.475047Z" } ] }, @@ -6736,7 +7306,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-02-27T09:59:13Z" + "modified": "2026-04-22T16:26:51.108440Z" } ] } @@ -6744,7 +7314,7 @@ interactions: } headers: Content-Length: - - "16940" + - "20640" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/image/testdata/ubuntu20-04-unimportant-config.toml b/cmd/osv-scanner/scan/image/testdata/ubuntu20-04-unimportant-config.toml index 626c03adbe8..048175f3cdb 100644 --- a/cmd/osv-scanner/scan/image/testdata/ubuntu20-04-unimportant-config.toml +++ b/cmd/osv-scanner/scan/image/testdata/ubuntu20-04-unimportant-config.toml @@ -87,3 +87,14 @@ ignore = true name = "zlib" reason = "Just want to test only unimportant vulns" ignore = true + +[[PackageOverrides]] +name = "xz-utils" +reason = "Just want to test only unimportant vulns" +ignore = true + +[[PackageOverrides]] +name = "sed" +reason = "Just want to test only unimportant vulns" +ignore = true + diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 2a43088fdbf..c6fe16bf9ff 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -213,13 +213,15 @@ Scanning dir ./testdata/sbom-insecure/alpine.cdx.xml Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 7 known vulnerabilities (1 Critical, 4 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | @@ -470,8 +472,8 @@ overriding license for package Packagist/league/flysystem/1.0.8 with 0BSD overriding license for package Packagist/sentry/sdk/2.0.4 with 0BSD overriding license for package Packagist/theseer/tokenizer/1.1.3 with 0BSD -Total 6 packages affected by 10 known vulnerabilities (2 Critical, 2 High, 2 Medium, 3 Low, 1 Unknown) from 4 ecosystems. -6 vulnerabilities can be fixed. +Total 6 packages affected by 14 known vulnerabilities (2 Critical, 3 High, 3 Medium, 3 Low, 3 Unknown) from 4 ecosystems. +8 vulnerabilities can be fixed. +-----------------------------------------+------+-----------+-----------------------+-----------+---------------+--------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -485,9 +487,13 @@ Total 6 packages affected by 10 known vulnerabilities (2 Critical, 2 High, 2 Med | https://osv.dev/GHSA-h89p-5896-f4q8 | | | | | | | | https://osv.dev/DRUPAL-CORE-2025-008 | 3.7 | Packagist | drupal/core | 10.4.5 | 10.4.9 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/GHSA-mhpg-hpj5-73r2 | | | | | | | +| https://osv.dev/DRUPAL-CORE-2026-001 | | Packagist | drupal/core | 10.4.5 | 10.5.9 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/DRUPAL-CORE-2026-002 | | Packagist | drupal/core | 10.4.5 | 10.5.9 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CONTRIB-2025-083 | | Packagist | drupal/simple_sitemap | 4.2.1 | -- | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/GHSA-9f46-5r25-5wfm | 9.8 | Packagist | league/flysystem | 1.0.8 | 1.1.4 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.13-r0 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.13-r0 | -- | testdata/locks-many-with-insecure/alpine.cdx.xml | +-----------------------------------------+------+-----------+-----------------------+-----------+---------------+--------------------------------------------------+ @@ -873,7 +879,7 @@ Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages Filtered 10 local/unscannable package/s from the scan. -Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 56 Medium, 4 Low, 23 Unknown) from 4 ecosystems. +Total 27 packages affected by 199 known vulnerabilities (21 Critical, 84 High, 60 Medium, 5 Low, 29 Unknown) from 4 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -905,11 +911,15 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5 | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | @@ -936,6 +946,8 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1038,9 +1050,17 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1066,10 +1086,12 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1085,10 +1107,12 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-27456 | 4.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-3184 | 3.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ --- @@ -1110,8 +1134,8 @@ Scanned /testdata/locks-many-with-insecure/package-lock.json file and f [TestCommand/go_packages_in_osv-scanner.json_format - 1] Scanned /testdata/locks-insecure/osv-scanner.json file and found 2 packages -Total 2 packages affected by 24 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 24 Unknown) from 1 ecosystem. -24 vulnerabilities can be fixed. +Total 2 packages affected by 33 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 33 Unknown) from 1 ecosystem. +33 vulnerabilities can be fixed. +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -1137,9 +1161,18 @@ Total 2 packages affected by 24 known vulnerabilities (0 Critical, 0 High, 0 Med | https://osv.dev/GO-2026-4601 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4602 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4603 | | Go | stdlib | 1.24.4 | 1.25.8 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4864 | | Go | stdlib | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4865 | | Go | stdlib | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4869 | | Go | stdlib | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4870 | | Go | stdlib | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4946 | | Go | stdlib | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4947 | | Go | stdlib | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2025-3828 | | Go | toolchain | 1.24.4 | 1.24.5 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4339 | | Go | toolchain | 1.24.4 | 1.24.12 | testdata/locks-insecure/osv-scanner.json | | https://osv.dev/GO-2026-4433 | | Go | toolchain | 1.24.4 | 1.24.13 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4867 | | Go | toolchain | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4868 | | Go | toolchain | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +| https://osv.dev/GO-2026-4871 | | Go | toolchain | 1.24.4 | 1.25.9 | testdata/locks-insecure/osv-scanner.json | +------------------------------+------+-----------+-----------+---------+---------------+------------------------------------------+ --- @@ -1398,13 +1431,15 @@ Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 7 known vulnerabilities (1 Critical, 4 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | @@ -1421,13 +1456,15 @@ Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medi Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 7 known vulnerabilities (1 Critical, 4 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+------------------------------------------------+ | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | @@ -1470,13 +1507,15 @@ Warning: --sbom has been deprecated in favor of -L Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 7 known vulnerabilities (1 Critical, 4 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | @@ -1493,13 +1532,15 @@ Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medi Scanned /testdata/sbom-insecure/alpine.cdx.xml file and found 15 packages Filtered 1 local/unscannable package/s from the scan. -Total 2 packages affected by 5 known vulnerabilities (1 Critical, 3 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 7 known vulnerabilities (1 Critical, 4 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | https://osv.dev/ALPINE-CVE-2025-26519 | 7.0 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2018-25032 | 7.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | @@ -1570,8 +1611,8 @@ Scanned /testdata/locks-requirements/requirements.txt file and found 3 Scanned /testdata/locks-requirements/the_requirements_for_test.txt file and found 1 package Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages -Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 Medium, 4 Low, 1 Unknown) from 1 ecosystem. -50 vulnerabilities can be fixed. +Total 12 packages affected by 52 known vulnerabilities (5 Critical, 20 High, 22 Medium, 4 Low, 1 Unknown) from 1 ecosystem. +52 vulnerabilities can be fixed. +-------------------------------------+------+-----------+------------+---------+---------------+-----------------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -1595,6 +1636,7 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements-transitive.txt | +| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements-transitive.txt | | https://osv.dev/PYSEC-2021-439 | 7.3 | PyPI | django | 2.2.24 | 2.2.25 | testdata/locks-requirements/requirements.prod.txt | | https://osv.dev/GHSA-v6rh-hp5x-86rv | | | | | | | | https://osv.dev/PYSEC-2022-1 | 8.7 | PyPI | django | 2.2.24 | 2.2.26 | testdata/locks-requirements/requirements.prod.txt | @@ -1632,6 +1674,7 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt | +| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/unresolvable-requirements.txt | | https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | | | https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/unresolvable-requirements.txt | @@ -1983,7 +2026,7 @@ Total 8 packages affected by 30 known vulnerabilities (2 Critical, 10 High, 12 M [TestCommand_CommitSupport/online_uses_git_commits - 1] Scanned /testdata/locks-git/osv-scanner.json file and found 11 packages -Total 9 packages affected by 140 known vulnerabilities (20 Critical, 51 High, 58 Medium, 5 Low, 6 Unknown) from 1 ecosystem. +Total 9 packages affected by 34 known vulnerabilities (2 Critical, 10 High, 16 Medium, 0 Low, 6 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------------------------+----------------+---------------+-------------------------------------+ @@ -1999,116 +2042,12 @@ Total 9 packages affected by 140 known vulnerabilities (20 Critical, 51 High, 58 | https://osv.dev/CVE-2025-61927 | 7.2 | GIT | https://github.com/capricorn86/happy-dom.git | v11.1.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-62410 | 9.4 | GIT | https://github.com/capricorn86/happy-dom.git | v11.1.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-34226 | 7.5 | GIT | https://github.com/capricorn86/happy-dom.git | v11.1.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0701 | 3.7 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0702 | 5.1 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0703 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0704 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0705 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0797 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0798 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0799 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0800 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2105 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2106 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2107 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2108 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2109 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2176 | 8.2 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2177 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2178 | 5.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2179 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2181 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2182 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2842 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6302 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6303 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6304 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6305 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6306 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6307 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6308 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6309 | 9.8 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-7052 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-7053 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-7056 | 5.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-8610 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3730 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3731 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3732 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3733 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3735 | 5.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3737 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3738 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2018-0734 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2018-0735 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2018-5407 | 4.7 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2020-1968 | 3.7 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2021-23839 | 3.7 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2021-23841 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2021-3449 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2022-2068 | 7.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2022-2097 | 5.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-0215 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-0286 | 7.4 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-0401 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-3446 | 5.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-6237 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2024-12797 | 6.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2024-13176 | 4.1 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-2511 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-4603 | 5.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-4741 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-5535 | 9.1 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2024-9143 | 4.3 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2025-4575 | 6.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9231 | 6.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2026-2673 | 7.5 | GIT | https://github.com/openssl/openssl | | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0701 | 3.7 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0703 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0704 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0798 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0799 | 9.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-0800 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2106 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2108 | 9.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2109 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2176 | 8.2 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2177 | 9.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2179 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2181 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2182 | 9.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-2842 | 9.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6302 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6305 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6307 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6308 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-6309 | 9.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-7053 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-7056 | 5.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2016-8610 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3730 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3733 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3735 | 5.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2017-3737 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2020-1968 | 3.7 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2022-2068 | 7.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2022-2097 | 5.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-0215 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-0286 | 7.4 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-0401 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-3446 | 5.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-6129 | 6.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-6237 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-0727 | 5.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-13176 | 4.1 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-2511 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-4603 | 5.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-4741 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-5535 | 9.1 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-6119 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2024-9143 | 4.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-11187 | 6.1 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-15467 | 8.8 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2025-15468 | 5.9 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | @@ -2127,8 +2066,6 @@ Total 9 packages affected by 140 known vulnerabilities (20 Critical, 51 High, 58 | https://osv.dev/CVE-2026-22796 | 5.3 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2026-2673 | 7.5 | GIT | https://github.com/openssl/openssl | openssl-3.5.0 | -- | testdata/locks-git/osv-scanner.json | | https://osv.dev/CVE-2016-10931 | 8.1 | GIT | https://github.com/sfackler/rust-openssl | openssl-v0.8.1 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2018-20997 | 9.8 | GIT | https://github.com/sfackler/rust-openssl | openssl-v0.8.1 | -- | testdata/locks-git/osv-scanner.json | -| https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler/rust-openssl | openssl-v0.8.1 | -- | testdata/locks-git/osv-scanner.json | +--------------------------------+------+-----------+----------------------------------------------+----------------+---------------+-------------------------------------+ --- @@ -2149,12 +2086,14 @@ testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 - CVE-2022-1304 -Total 1 package affected by 3 known vulnerabilities (1 Critical, 1 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 2 packages affected by 5 known vulnerabilities (1 Critical, 2 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +---------------------------------------+------+-----------+---------+-----------+---------------+---------------------------------------+ +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | @@ -2185,7 +2124,7 @@ Filtered 8 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 55 Medium, 4 Low, 23 Unknown) from 4 ecosystems. +Total 27 packages affected by 193 known vulnerabilities (21 Critical, 79 High, 59 Medium, 5 Low, 29 Unknown) from 4 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ @@ -2214,9 +2153,13 @@ Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 5 | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.12-r1 | -- | testdata/sbom-insecure/alpine-zlib-16.cdx.json:lib/apk/db/installed | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/with-duplicates.cdx.xml | @@ -2240,6 +2183,8 @@ Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2342,9 +2287,17 @@ Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2370,10 +2323,12 @@ Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2389,10 +2344,12 @@ Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-27456 | 4.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-3184 | 3.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ --- @@ -2415,7 +2372,7 @@ Filtered 6 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 53 Medium, 4 Low, 23 Unknown) from 3 ecosystems. +Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 56 Medium, 5 Low, 29 Unknown) from 3 ecosystems. 10 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -2441,6 +2398,8 @@ Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 5 | https://osv.dev/GHSA-cgrx-mc8f-2prm | | | | | | | | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | +| https://osv.dev/ALPINE-CVE-2026-40200 | 8.1 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | +| https://osv.dev/ALPINE-CVE-2026-6042 | 4.8 | Alpine | musl | 1.2.3-r4 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2022-37434 | 9.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-22184 | 7.8 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | | https://osv.dev/ALPINE-CVE-2026-27171 | 5.5 | Alpine | zlib | 1.2.10-r0 | -- | testdata/sbom-insecure/alpine.cdx.xml | @@ -2464,6 +2423,8 @@ Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2566,9 +2527,17 @@ Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 5 | https://osv.dev/DEBIAN-CVE-2025-66199 | 5.9 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2025-9231 | 6.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-2673 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28386 | 9.1 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28387 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28388 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28389 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-28390 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31789 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-31790 | 7.5 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2594,10 +2563,12 @@ Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3755-1 | | | | | | | +| https://osv.dev/DEBIAN-CVE-2026-5704 | 5.0 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3051-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3134-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3161-1 | | Debian | tzdata | 2021a-0+deb9u3 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2613,10 +2584,12 @@ Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 5 | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-27456 | 4.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-3184 | 3.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-34743 | 1.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ --- @@ -3363,7 +3336,7 @@ Scanned /testdata/locks-insecure/osv-scanner-flutter-deps.json file and [TestCommand_GithubActions/scanning_osv-scanner_custom_format_with_git_tag - 1] Scanned /testdata/locks-insecure/osv-scanner-custom-git-tag.json file and found 1 package -Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 1 package affected by 45 known vulnerabilities (4 Critical, 18 High, 23 Medium, 0 Low, 0 Unknown) from 1 ecosystem. 0 vulnerabilities can be fixed. +--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+ @@ -3371,6 +3344,7 @@ Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Me +--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+ | https://osv.dev/CVE-2016-2177 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2016-2182 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2022-2097 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-2274 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-3358 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2022-3996 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | @@ -3388,23 +3362,27 @@ Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Me | https://osv.dev/CVE-2023-1255 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-2650 | 6.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-2975 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2023-3446 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-3817 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-4807 | 7.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-5363 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-5678 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-6129 | 6.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2023-6237 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2024-0727 | 5.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-13176 | 4.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-2511 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-4603 | 5.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-4741 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-5535 | 9.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2024-6119 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2024-9143 | 4.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-15467 | 8.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-68160 | 4.7 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69418 | 4.0 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69419 | 7.4 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-69420 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | +| https://osv.dev/CVE-2025-69421 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-9230 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2025-9232 | 5.9 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | | https://osv.dev/CVE-2026-22795 | 5.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json | @@ -3508,8 +3486,8 @@ Java reachability enricher marked 14 packages as unreachable Scanned /testdata/artifact/javareach_test.jar file and found 21 packages failed to download package err jar not found: https://repo1.maven.org/maven2/com/example/hello-tester/1.0-SNAPSHOT/hello-tester-1.0-SNAPSHOT.jar -Total 4 packages affected by 55 known vulnerabilities (18 Critical, 29 High, 6 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -55 vulnerabilities can be fixed. +Total 4 packages affected by 56 known vulnerabilities (18 Critical, 30 High, 6 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +56 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3565,6 +3543,7 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 29 High, 6 M | https://osv.dev/GHSA-w3f4-3q6j-rh82 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-wh8g-3j2c-rqj5 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j288-q9x7-2f5v | 6.5 | Maven | org.apache.commons:commons-lang3 | 3.12.0 | 3.18.0 | testdata/artifact/javareach_test.jar | +| https://osv.dev/GHSA-355h-qmc2-wpwf | 7.4 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.60 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | @@ -3590,8 +3569,8 @@ Total 4 packages affected by 55 known vulnerabilities (18 Critical, 29 High, 6 M Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -60 vulnerabilities can be fixed. +Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. +61 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3649,6 +3628,7 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 M | https://osv.dev/GHSA-wh8g-3j2c-rqj5 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j288-q9x7-2f5v | 6.5 | Maven | org.apache.commons:commons-lang3 | 3.12.0 | 3.18.0 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-7r82-7xv7-xcpj | 5.3 | Maven | org.apache.httpcomponents:httpclient | 4.5.5 | 4.5.13 | testdata/artifact/javareach_test.jar | +| https://osv.dev/GHSA-355h-qmc2-wpwf | 7.4 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.60 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | @@ -3669,8 +3649,8 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 M Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -60 vulnerabilities can be fixed. +Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. +61 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3728,6 +3708,7 @@ Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 M | https://osv.dev/GHSA-wh8g-3j2c-rqj5 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-j288-q9x7-2f5v | 6.5 | Maven | org.apache.commons:commons-lang3 | 3.12.0 | 3.18.0 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-7r82-7xv7-xcpj | 5.3 | Maven | org.apache.httpcomponents:httpclient | 4.5.5 | 4.5.13 | testdata/artifact/javareach_test.jar | +| https://osv.dev/GHSA-355h-qmc2-wpwf | 7.4 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.60 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-cj7v-27pg-wf7q | 2.7 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.47 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-hmr7-m48g-48f6 | 5.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 9.4.52 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-qh8g-58pp-2wxh | 6.3 | Maven | org.eclipse.jetty:jetty-http | 9.4.40.v20210413 | 12.0.12 | testdata/artifact/javareach_test.jar | @@ -4667,7 +4648,7 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 55 Medium, 5 Low, 25 Unknown) from 2 ecosystems. +Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 55 Medium, 5 Low, 29 Unknown) from 2 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -4717,6 +4698,8 @@ Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4829,6 +4812,7 @@ Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4854,6 +4838,7 @@ Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -4895,7 +4880,7 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 55 Medium, 5 Low, 25 Unknown) from 2 ecosystems. +Total 22 packages affected by 182 known vulnerabilities (18 Critical, 75 High, 55 Medium, 5 Low, 29 Unknown) from 2 ecosystems. 11 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ @@ -4945,6 +4930,8 @@ Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DEBIAN-CVE-2019-13627 | 6.3 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-33560 | 7.5 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2021-40528 | 5.9 | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41989 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-41990 | | Debian | libgcrypt20 | 1.7.6-2+deb9u4 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5863-1 | 5.3 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-10790 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-6003 | 7.5 | Debian | libtasn1-6 | 4.10-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5057,6 +5044,7 @@ Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DSA-5902-1 | 8.4 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12837 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-12883 | 9.1 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2017-20230 | | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-12015 | 7.5 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18311 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-18312 | 9.8 | Debian | perl | 5.24.1-3+deb9u7 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5082,6 +5070,7 @@ Total 21 packages affected by 178 known vulnerabilities (18 Critical, 75 High, 5 | https://osv.dev/DLA-3600-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3651-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3764-1 | | Debian | postgresql-11 | 11.15-1.pgdg90+1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-5958 | | Debian | sed | 4.4-1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2017-17512 | 8.8 | Debian | sensible-utils | 0.0.9+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2018-20482 | 4.7 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2023-39804 | 6.2 | Debian | tar | 1.29b-1.1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5650,13 +5639,15 @@ No package sources found, --help for usage information. [TestCommand_Transitive/pom.xml_multiple_registries - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -6 vulnerabilities can be fixed. +Total 2 packages affected by 8 known vulnerabilities (2 Critical, 1 High, 5 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +8 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | https://osv.dev/GHSA-cm6r-892j-jv2g | 6.1 | Maven | com.google.android.gms:play-services-basement | 10.0.0 | 18.0.2 | testdata/maven-transitive/registry.xml | +| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | +| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/registry.xml | @@ -5717,12 +5708,14 @@ No issues found Scanning dir ./testdata/maven-transitive/pom.xml Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -5 vulnerabilities can be fixed. +Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +7 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ +| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml | +| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/pom.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/pom.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/pom.xml | @@ -5739,12 +5732,14 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu [TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - 1] Scanned /testdata/maven-transitive/abc.xml file and found 1 package -Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -5 vulnerabilities can be fixed. +Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +7 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ +| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/abc.xml | +| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/abc.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/abc.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/abc.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/abc.xml | @@ -5761,13 +5756,15 @@ Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Mediu [TestCommand_Transitive/pom.xml_transitive_native_source - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -6 vulnerabilities can be fixed. +Total 2 packages affected by 8 known vulnerabilities (2 Critical, 1 High, 5 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +8 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | https://osv.dev/GHSA-cm6r-892j-jv2g | 6.1 | Maven | com.google.android.gms:play-services-basement | 10.0.0 | 18.0.2 | testdata/maven-transitive/registry.xml | +| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | +| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/registry.xml | @@ -5795,8 +5792,8 @@ No package sources found, --help for usage information. Scanning dir ./testdata/locks-requirements/requirements.txt Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Medium, 1 Low, 0 Unknown) from 1 ecosystem. -12 vulnerabilities can be fixed. +Total 3 packages affected by 13 known vulnerabilities (1 Critical, 4 High, 7 Medium, 1 Low, 0 Unknown) from 1 ecosystem. +13 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -5816,6 +5813,7 @@ Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Med | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt | +| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt | +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ --- diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index 8a33739c19a..4b434a0c24e 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -302,7 +302,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2545 + content_length: 2986 body: | { "results": [ @@ -366,7 +366,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -382,7 +386,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -422,7 +426,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -430,15 +434,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -446,19 +450,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -467,6 +471,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] } @@ -474,7 +502,7 @@ interactions: } headers: Content-Length: - - "2545" + - "2986" Content-Type: - application/json status: 200 OK @@ -516,7 +544,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 5077 + content_length: 5959 body: | { "results": [ @@ -580,7 +608,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -596,7 +628,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -636,7 +668,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -644,15 +676,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -660,19 +692,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -681,6 +713,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -744,7 +800,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -760,7 +820,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -800,7 +860,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -808,15 +868,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -824,19 +884,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -845,6 +905,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] } @@ -852,7 +936,7 @@ interactions: } headers: Content-Length: - - "5077" + - "5959" Content-Type: - application/json status: 200 OK @@ -887,7 +971,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2545 + content_length: 2986 body: | { "results": [ @@ -951,7 +1035,11 @@ interactions: }, { "id": "GO-2025-3447", - "modified": "2026-02-04T04:23:04.020664Z" + "modified": "2026-03-24T23:48:06.694170Z" + }, + { + "id": "GO-2025-3503", + "modified": "2026-04-16T22:45:11.580296Z" }, { "id": "GO-2025-3563", @@ -967,7 +1055,7 @@ interactions: }, { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -1007,7 +1095,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -1015,15 +1103,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -1031,19 +1119,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4403", - "modified": "2026-02-06T09:40:56.765821Z" + "modified": "2026-04-16T23:29:13.433458Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -1052,6 +1140,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] } @@ -1059,7 +1171,7 @@ interactions: } headers: Content-Length: - - "2545" + - "2986" Content-Type: - application/json status: 200 OK @@ -1185,7 +1297,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 576 body: | { "results": [ @@ -1203,6 +1315,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -1221,11 +1341,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -1233,7 +1353,7 @@ interactions: } headers: Content-Length: - - "433" + - "576" Content-Type: - application/json status: 200 OK @@ -1609,7 +1729,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1281 + content_length: 1566 body: | { "results": [ @@ -1628,11 +1748,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2026-04-10T05:00:16.792714Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2026-04-10T05:00:16.785150Z" } ] }, @@ -1652,6 +1772,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -1662,11 +1790,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -1688,6 +1816,14 @@ interactions: "id": "DRUPAL-CORE-2025-008", "modified": "2025-12-10T23:41:00.167393Z" }, + { + "id": "DRUPAL-CORE-2026-001", + "modified": "2026-04-15T19:57:30.305696Z" + }, + { + "id": "DRUPAL-CORE-2026-002", + "modified": "2026-04-15T19:45:11.714415Z" + }, { "id": "GHSA-83v7-c2cf-p9c2", "modified": "2025-12-10T23:41:07.744028Z" @@ -1729,7 +1865,7 @@ interactions: } headers: Content-Length: - - "1281" + - "1566" Content-Type: - application/json status: 200 OK @@ -2302,7 +2438,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] } @@ -2353,7 +2489,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] } @@ -3600,7 +3736,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 22298 + content_length: 23599 body: | { "results": [ @@ -3612,11 +3748,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -3634,6 +3770,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -3652,11 +3796,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -3672,7 +3816,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -3976,6 +4120,14 @@ interactions: { "id": "DEBIAN-CVE-2024-2236", "modified": "2026-03-10T05:09:58.705229Z" + }, + { + "id": "DEBIAN-CVE-2026-41989", + "modified": "2026-04-23T10:00:15.682147Z" + }, + { + "id": "DEBIAN-CVE-2026-41990", + "modified": "2026-04-23T10:01:21.235502Z" } ] }, @@ -4273,19 +4425,19 @@ interactions: }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:05:07.928323Z" + "modified": "2026-03-27T10:02:52.786818Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:05:23.527352Z" + "modified": "2026-03-27T10:02:55.759355Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:05:10.515041Z" + "modified": "2026-03-27T10:02:35.574410Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:16:44.779248Z" + "modified": "2026-03-27T10:02:04.914884Z" }, { "id": "DLA-3012-1", @@ -4648,7 +4800,35 @@ interactions: }, { "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-18T09:03:28.363302Z" + "modified": "2026-04-20T00:00:38.868460Z" + }, + { + "id": "DEBIAN-CVE-2026-28386", + "modified": "2026-04-20T00:00:49.100894Z" + }, + { + "id": "DEBIAN-CVE-2026-28387", + "modified": "2026-04-20T00:00:57.690122Z" + }, + { + "id": "DEBIAN-CVE-2026-28388", + "modified": "2026-04-20T00:00:35.206956Z" + }, + { + "id": "DEBIAN-CVE-2026-28389", + "modified": "2026-04-20T00:00:52.426739Z" + }, + { + "id": "DEBIAN-CVE-2026-28390", + "modified": "2026-04-20T00:00:19.190921Z" + }, + { + "id": "DEBIAN-CVE-2026-31789", + "modified": "2026-04-20T00:00:42.604688Z" + }, + { + "id": "DEBIAN-CVE-2026-31790", + "modified": "2026-04-20T00:00:45.886476Z" }, { "id": "DLA-3008-1", @@ -4767,6 +4947,10 @@ interactions: "id": "DEBIAN-CVE-2017-12883", "modified": "2025-11-19T01:12:38.323688Z" }, + { + "id": "DEBIAN-CVE-2017-20230", + "modified": "2026-04-22T23:00:59.527466Z" + }, { "id": "DEBIAN-CVE-2018-12015", "modified": "2025-11-19T02:02:49.033339Z" @@ -4841,7 +5025,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-20T10:18:21.143971Z" + "modified": "2026-04-18T11:00:19.825094Z" }, { "id": "DLA-3926-1", @@ -4897,7 +5081,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "DEBIAN-CVE-2026-5958", + "modified": "2026-04-23T17:02:53.103271Z" + } + ] + }, { "vulns": [ { @@ -4934,6 +5125,10 @@ interactions: "id": "DEBIAN-CVE-2023-39804", "modified": "2025-11-20T10:16:41.587973Z" }, + { + "id": "DEBIAN-CVE-2026-5704", + "modified": "2026-04-07T09:00:52.977033Z" + }, { "id": "DLA-3755-1", "modified": "2026-03-09T01:18:04.185679Z" @@ -5030,9 +5225,13 @@ interactions: "id": "DEBIAN-CVE-2025-14104", "modified": "2026-03-05T17:00:58.361610Z" }, + { + "id": "DEBIAN-CVE-2026-27456", + "modified": "2026-04-16T17:02:05.692390Z" + }, { "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2026-04-04T10:03:07.405618Z" }, { "id": "DLA-3782-1", @@ -5062,6 +5261,10 @@ interactions: "id": "DEBIAN-CVE-2025-31115", "modified": "2025-11-20T10:18:07.484724Z" }, + { + "id": "DEBIAN-CVE-2026-34743", + "modified": "2026-04-09T05:00:21.571838Z" + }, { "id": "DSA-5123-1", "modified": "2026-03-09T02:10:46.054497Z" @@ -5088,6 +5291,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -5106,11 +5317,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -5118,7 +5329,7 @@ interactions: } headers: Content-Length: - - "22298" + - "23599" Content-Type: - application/json status: 200 OK @@ -5211,7 +5422,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1549 + content_length: 2116 body: | { "results": [ @@ -5219,7 +5430,7 @@ interactions: "vulns": [ { "id": "GO-2025-3849", - "modified": "2026-02-04T02:26:50.866679Z" + "modified": "2026-03-24T23:55:13.286144Z" }, { "id": "GO-2025-3956", @@ -5259,7 +5470,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-03-23T10:29:12.189807Z" + "modified": "2026-04-16T11:14:11.776457Z" }, { "id": "GO-2025-4015", @@ -5267,15 +5478,15 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-03-23T10:29:12.451671Z" + "modified": "2026-04-21T10:30:00.861762Z" }, { "id": "GO-2025-4175", - "modified": "2026-02-04T04:38:59.126121Z" + "modified": "2026-04-20T10:29:51.738669Z" }, { "id": "GO-2026-4337", - "modified": "2026-03-20T10:43:57.595965Z" + "modified": "2026-04-21T10:30:01.646875Z" }, { "id": "GO-2026-4340", @@ -5283,15 +5494,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-03-23T10:29:12.350209Z" + "modified": "2026-04-21T10:30:01.576605Z" }, { "id": "GO-2026-4342", - "modified": "2026-03-17T10:28:56.226379Z" + "modified": "2026-04-14T11:12:13.457558Z" }, { "id": "GO-2026-4601", - "modified": "2026-03-10T10:43:54.660319Z" + "modified": "2026-04-23T10:44:31.655019Z" }, { "id": "GO-2026-4602", @@ -5300,6 +5511,30 @@ interactions: { "id": "GO-2026-4603", "modified": "2026-03-21T10:57:35.167856Z" + }, + { + "id": "GO-2026-4864", + "modified": "2026-04-13T08:27:21.641293Z" + }, + { + "id": "GO-2026-4865", + "modified": "2026-04-13T08:27:21.310377Z" + }, + { + "id": "GO-2026-4869", + "modified": "2026-04-13T08:27:14.491210Z" + }, + { + "id": "GO-2026-4870", + "modified": "2026-04-13T08:27:12.657016Z" + }, + { + "id": "GO-2026-4946", + "modified": "2026-04-13T08:27:23.037509Z" + }, + { + "id": "GO-2026-4947", + "modified": "2026-04-13T08:27:18.817379Z" } ] }, @@ -5311,11 +5546,23 @@ interactions: }, { "id": "GO-2026-4339", - "modified": "2026-02-04T04:20:19.626029Z" + "modified": "2026-04-14T11:11:56.511311Z" }, { "id": "GO-2026-4433", - "modified": "2026-03-02T10:44:08.411132Z" + "modified": "2026-04-04T10:29:23.122159Z" + }, + { + "id": "GO-2026-4867", + "modified": "2026-04-18T09:26:05.382350Z" + }, + { + "id": "GO-2026-4868", + "modified": "2026-04-18T09:26:01.523258Z" + }, + { + "id": "GO-2026-4871", + "modified": "2026-04-13T08:27:25.964585Z" } ] } @@ -5323,7 +5570,7 @@ interactions: } headers: Content-Length: - - "1549" + - "2116" Content-Type: - application/json status: 200 OK @@ -5923,7 +6170,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 576 body: | { "results": [ @@ -5941,6 +6188,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -5959,11 +6214,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -5971,7 +6226,7 @@ interactions: } headers: Content-Length: - - "433" + - "576" Content-Type: - application/json status: 200 OK @@ -6097,7 +6352,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 576 body: | { "results": [ @@ -6115,6 +6370,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -6133,11 +6396,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -6145,7 +6408,7 @@ interactions: } headers: Content-Length: - - "433" + - "576" Content-Type: - application/json status: 200 OK @@ -6471,7 +6734,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 576 body: | { "results": [ @@ -6489,6 +6752,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -6507,11 +6778,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -6519,7 +6790,7 @@ interactions: } headers: Content-Length: - - "433" + - "576" Content-Type: - application/json status: 200 OK @@ -6645,7 +6916,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 576 body: | { "results": [ @@ -6663,6 +6934,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -6681,11 +6960,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -6693,7 +6972,7 @@ interactions: } headers: Content-Length: - - "433" + - "576" Content-Type: - application/json status: 200 OK @@ -6914,7 +7193,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4809 + content_length: 4949 body: | { "results": [ @@ -6950,7 +7229,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -6962,11 +7241,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -7005,6 +7284,10 @@ interactions: "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, { "id": "GHSA-j8r2-6x86-q33q", "modified": "2026-02-04T03:34:13.807518Z" @@ -7031,7 +7314,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -7051,7 +7334,7 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-jrh2-hc4r-7jwx", @@ -7059,7 +7342,7 @@ interactions: }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -7115,7 +7398,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -7127,11 +7410,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -7169,6 +7452,10 @@ interactions: "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, { "id": "GHSA-j8r2-6x86-q33q", "modified": "2026-02-04T03:34:13.807518Z" @@ -7244,7 +7531,7 @@ interactions: } headers: Content-Length: - - "4809" + - "4949" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml index 163c05b99db..e9e9bb1fa56 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml @@ -44,7 +44,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 798 + content_length: 1057 body: | { "results": [ @@ -74,6 +74,10 @@ interactions: }, { "vulns": [ + { + "id": "GHSA-44p7-9xx4-hf2g", + "modified": "2026-03-30T22:29:16.268586Z" + }, { "id": "GHSA-9phm-fm57-rhg8", "modified": "2026-02-04T03:56:37.185672Z" @@ -105,6 +109,18 @@ interactions: { "id": "GO-2024-2937", "modified": "2026-02-04T03:54:25.251608Z" + }, + { + "id": "GO-2026-4815", + "modified": "2026-04-06T21:15:14.818900Z" + }, + { + "id": "GO-2026-4961", + "modified": "2026-04-21T19:15:09.979537Z" + }, + { + "id": "GO-2026-4962", + "modified": "2026-04-21T19:15:13.253886Z" } ] } @@ -112,7 +128,7 @@ interactions: } headers: Content-Length: - - "798" + - "1057" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml index ce82ef86319..a026feccde3 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml @@ -1,347 +1,6 @@ --- version: 2 interactions: - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 814 - host: api.osv.dev - body: | - { - "queries": [ - { - "commit": "1a9dda41fbfb0dfbec17ab6afeba8138265395f7" - }, - { - "commit": "1a9dda41fbfb0dfbec17ab6afeba8138265395f7" - }, - { - "commit": "1a9dda41fbfb0dfbec17ab6afeba8138265395f7" - }, - { - "commit": "931a40a746f5678dcc4625b06a2eb25fa4f00b34" - }, - { - "commit": "17b30e96476be70b8773b2b807bab857fd3ceb39" - }, - { - "commit": "1a9dda41fbfb0dfbec17ab6afeba8138265395f7" - }, - { - "commit": "f82211036f434593c69b8e3680ea65203a46d315" - }, - { - "commit": "45fda76bc1b9fd74d10e85e0ce9b65a12dcc58b0" - }, - { - "commit": "aea7aaf2abb04789f5868cbabec406ea43aa84bf" - }, - { - "commit": "3b064fdb022912bbb98f5b8d9d111aeb6fec8f79" - }, - { - "commit": "0f428d190410263e4daa65b917c0e84707a9c0ef" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_CommitSupport/online_uses_git_commits - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 3821 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "OSV-2018-389", - "modified": "2022-04-13T03:04:40.912286Z" - } - ] - }, - { - "vulns": [ - { - "id": "OSV-2018-389", - "modified": "2022-04-13T03:04:40.912286Z" - } - ] - }, - { - "vulns": [ - { - "id": "OSV-2018-389", - "modified": "2022-04-13T03:04:40.912286Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2023-44398", - "modified": "2026-03-14T12:15:05.895469Z" - }, - { - "id": "CVE-2024-24826", - "modified": "2026-03-14T12:31:29.719981Z" - }, - { - "id": "CVE-2024-25112", - "modified": "2026-03-14T12:27:30.328627Z" - }, - { - "id": "CVE-2024-39695", - "modified": "2026-03-14T12:34:50.263863Z" - }, - { - "id": "CVE-2025-26623", - "modified": "2026-03-08T15:58:57.067224Z" - }, - { - "id": "CVE-2025-54080", - "modified": "2026-03-08T15:58:53.801236Z" - }, - { - "id": "CVE-2025-55304", - "modified": "2026-03-23T05:07:26.600145Z" - }, - { - "id": "CVE-2026-25884", - "modified": "2026-03-08T15:58:58.717366Z" - }, - { - "id": "CVE-2026-27596", - "modified": "2026-03-03T02:56:32.656501Z" - }, - { - "id": "CVE-2026-27631", - "modified": "2026-03-08T16:18:26.088498Z" - }, - { - "id": "OSV-2023-1161", - "modified": "2025-03-18T00:34:06.623648Z" - }, - { - "id": "OSV-2024-340", - "modified": "2026-03-23T14:27:12.230861Z" - }, - { - "id": "PYSEC-2023-233", - "modified": "2025-10-09T08:26:40.736495Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2021-22569", - "modified": "2026-03-15T14:08:15.471655Z" - }, - { - "id": "CVE-2022-1941", - "modified": "2026-03-15T22:44:13.683347Z" - }, - { - "id": "CVE-2022-3171", - "modified": "2026-03-14T15:01:36.349851Z" - }, - { - "id": "CVE-2022-3509", - "modified": "2026-03-14T11:46:42.854777Z" - }, - { - "id": "CVE-2022-3510", - "modified": "2026-03-14T11:46:31.172987Z" - }, - { - "id": "CVE-2024-2410", - "modified": "2026-03-23T05:00:19.885352Z" - }, - { - "id": "CVE-2024-7254", - "modified": "2026-03-23T05:03:42.720441Z" - } - ] - }, - { - "vulns": [ - { - "id": "OSV-2018-389", - "modified": "2022-04-13T03:04:40.912286Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2024-51757", - "modified": "2026-03-14T12:38:40.503950Z" - }, - { - "id": "CVE-2025-61927", - "modified": "2026-03-14T12:44:19.001278Z" - }, - { - "id": "CVE-2025-62410", - "modified": "2025-12-05T10:21:14.984236Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2024-12797", - "modified": "2026-03-23T05:06:57.351567Z" - }, - { - "id": "CVE-2024-13176", - "modified": "2026-03-23T05:00:52.882982Z" - }, - { - "id": "CVE-2024-9143", - "modified": "2026-03-15T22:52:44.104304Z" - }, - { - "id": "CVE-2025-9230", - "modified": "2026-03-23T05:00:34.923543Z" - }, - { - "id": "CVE-2025-9231", - "modified": "2026-03-23T05:11:19.896612Z" - }, - { - "id": "CVE-2025-9232", - "modified": "2026-03-23T05:05:02.628675Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2025-11187", - "modified": "2026-03-23T05:12:03.905884Z" - }, - { - "id": "CVE-2025-15467", - "modified": "2026-03-23T05:02:57.782932Z" - }, - { - "id": "CVE-2025-15468", - "modified": "2026-03-23T05:03:07.875901Z" - }, - { - "id": "CVE-2025-15469", - "modified": "2026-03-23T05:05:23.819469Z" - }, - { - "id": "CVE-2025-66199", - "modified": "2026-03-23T05:00:24.564614Z" - }, - { - "id": "CVE-2025-68160", - "modified": "2026-03-23T05:12:37.160955Z" - }, - { - "id": "CVE-2025-69418", - "modified": "2026-03-23T05:03:12.246510Z" - }, - { - "id": "CVE-2025-69419", - "modified": "2026-03-23T05:03:26.083494Z" - }, - { - "id": "CVE-2025-69420", - "modified": "2026-03-23T05:13:16.365472Z" - }, - { - "id": "CVE-2025-9230", - "modified": "2026-03-23T05:00:34.923543Z" - }, - { - "id": "CVE-2025-9231", - "modified": "2026-03-23T05:11:19.896612Z" - }, - { - "id": "CVE-2025-9232", - "modified": "2026-03-23T05:05:02.628675Z" - }, - { - "id": "CVE-2026-22795", - "modified": "2026-03-23T05:12:31.733749Z" - }, - { - "id": "CVE-2026-22796", - "modified": "2026-03-23T05:11:54.223561Z" - }, - { - "id": "CVE-2026-2673", - "modified": "2026-03-19T10:58:56.281314Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" - }, - { - "id": "CVE-2023-6180", - "modified": "2026-03-13T21:59:51.199646Z" - }, - { - "id": "CVE-2025-24898", - "modified": "2026-02-04T02:18:45.944425Z" - }, - { - "id": "CVE-2025-3416", - "modified": "2026-03-23T05:13:15.655814Z" - } - ] - }, - { - "vulns": [ - { - "id": "CVE-2016-10931", - "modified": "2026-03-14T09:18:29.278606Z" - }, - { - "id": "CVE-2018-20997", - "modified": "2026-03-14T09:29:08.646634Z" - }, - { - "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" - }, - { - "id": "CVE-2023-6180", - "modified": "2026-03-13T21:59:51.199646Z" - }, - { - "id": "CVE-2025-3416", - "modified": "2026-03-23T05:13:15.655814Z" - } - ] - } - ] - } - headers: - Content-Length: - - "3821" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -437,7 +96,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 9106 + content_length: 2317 body: | { "results": [ @@ -473,7 +132,7 @@ interactions: }, { "id": "OSV-2024-340", - "modified": "2026-04-07T14:25:48.469483Z" + "modified": "2026-04-23T14:20:07.226312Z" } ] }, @@ -490,535 +149,119 @@ interactions: "vulns": [ { "id": "CVE-2024-51757", - "modified": "2026-04-02T12:23:17.126382Z" + "modified": "2026-04-10T05:16:12.150628Z" }, { "id": "CVE-2025-61927", - "modified": "2026-04-02T12:57:34.520726Z" + "modified": "2026-04-10T05:32:48.905580Z" }, { "id": "CVE-2025-62410", - "modified": "2026-04-02T12:57:47.039051Z" + "modified": "2026-04-10T05:33:02.313115Z" }, { "id": "CVE-2026-34226", - "modified": "2026-04-02T13:29:31.439923Z" + "modified": "2026-04-10T05:43:01.477353Z" } ] }, { "vulns": [ - { - "id": "CVE-2016-0701", - "modified": "2026-04-01T23:26:39.451139Z" - }, - { - "id": "CVE-2016-0702", - "modified": "2026-04-01T23:28:43.662146Z" - }, - { - "id": "CVE-2016-0703", - "modified": "2026-04-01T23:26:24.342221Z" - }, - { - "id": "CVE-2016-0704", - "modified": "2026-04-01T23:26:24.349093Z" - }, - { - "id": "CVE-2016-0705", - "modified": "2026-04-01T23:31:34.961680Z" - }, - { - "id": "CVE-2016-0797", - "modified": "2026-04-01T23:30:52.947050Z" - }, - { - "id": "CVE-2016-0798", - "modified": "2026-04-01T23:30:03.342358Z" - }, - { - "id": "CVE-2016-0799", - "modified": "2026-04-01T23:29:08.132236Z" - }, - { - "id": "CVE-2016-0800", - "modified": "2026-04-01T23:29:55.194175Z" - }, - { - "id": "CVE-2016-2105", - "modified": "2026-04-01T23:36:25.755643Z" - }, - { - "id": "CVE-2016-2106", - "modified": "2026-04-01T23:36:11.824548Z" - }, - { - "id": "CVE-2016-2107", - "modified": "2026-04-01T23:36:25.220756Z" - }, - { - "id": "CVE-2016-2108", - "modified": "2026-04-01T23:36:14.552979Z" - }, - { - "id": "CVE-2016-2109", - "modified": "2026-04-01T23:36:09.516812Z" - }, - { - "id": "CVE-2016-2176", - "modified": "2026-04-01T23:36:25.131388Z" - }, - { - "id": "CVE-2016-2177", - "modified": "2026-04-01T23:36:20.413546Z" - }, - { - "id": "CVE-2016-2178", - "modified": "2026-04-01T23:36:42.101511Z" - }, - { - "id": "CVE-2016-2179", - "modified": "2026-04-01T23:36:17.896736Z" - }, - { - "id": "CVE-2016-2181", - "modified": "2026-04-01T23:36:29.127761Z" - }, - { - "id": "CVE-2016-2182", - "modified": "2026-04-01T23:36:30.932915Z" - }, - { - "id": "CVE-2016-2842", - "modified": "2026-04-01T23:38:31.723546Z" - }, - { - "id": "CVE-2016-6302", - "modified": "2026-04-01T23:53:30.080722Z" - }, - { - "id": "CVE-2016-6303", - "modified": "2026-04-01T23:53:51.997796Z" - }, - { - "id": "CVE-2016-6304", - "modified": "2026-04-01T23:53:59.783019Z" - }, - { - "id": "CVE-2016-6305", - "modified": "2026-04-01T23:53:43.877761Z" - }, - { - "id": "CVE-2016-6306", - "modified": "2026-04-01T23:53:59.210272Z" - }, - { - "id": "CVE-2016-6307", - "modified": "2026-04-01T23:53:42.461031Z" - }, - { - "id": "CVE-2016-6308", - "modified": "2026-04-01T23:53:26.454277Z" - }, - { - "id": "CVE-2016-6309", - "modified": "2026-04-01T23:53:43.736712Z" - }, - { - "id": "CVE-2016-7052", - "modified": "2026-04-01T23:54:15.873031Z" - }, - { - "id": "CVE-2016-7053", - "modified": "2026-04-01T23:54:07.855301Z" - }, - { - "id": "CVE-2016-7056", - "modified": "2026-04-01T23:54:13.235667Z" - }, - { - "id": "CVE-2016-8610", - "modified": "2026-04-01T23:54:51.824504Z" - }, - { - "id": "CVE-2017-3730", - "modified": "2026-04-02T00:11:21.102504Z" - }, - { - "id": "CVE-2017-3731", - "modified": "2026-04-02T00:12:14.412340Z" - }, - { - "id": "CVE-2017-3732", - "modified": "2026-04-02T00:12:12.038689Z" - }, - { - "id": "CVE-2017-3733", - "modified": "2026-04-02T00:11:29.586943Z" - }, - { - "id": "CVE-2017-3735", - "modified": "2026-04-02T00:11:22.330095Z" - }, - { - "id": "CVE-2017-3737", - "modified": "2026-04-02T00:08:44.798469Z" - }, - { - "id": "CVE-2017-3738", - "modified": "2026-04-02T00:12:13.942591Z" - }, - { - "id": "CVE-2018-0734", - "modified": "2026-04-02T00:33:08.965494Z" - }, - { - "id": "CVE-2018-0735", - "modified": "2026-04-02T00:38:08.341105Z" - }, - { - "id": "CVE-2018-5407", - "modified": "2026-04-02T01:24:46.070208Z" - }, - { - "id": "CVE-2020-1968", - "modified": "2026-04-02T04:29:27.597946Z" - }, - { - "id": "CVE-2021-23839", - "modified": "2026-04-02T06:47:56.072444Z" - }, - { - "id": "CVE-2021-23841", - "modified": "2026-04-02T06:48:54.684635Z" - }, - { - "id": "CVE-2021-3449", - "modified": "2026-04-02T07:15:38.084873Z" - }, - { - "id": "CVE-2022-2068", - "modified": "2026-04-02T07:42:19.517492Z" - }, - { - "id": "CVE-2022-2097", - "modified": "2026-04-02T07:42:20.259535Z" - }, - { - "id": "CVE-2023-0215", - "modified": "2026-04-02T08:32:42.981492Z" - }, - { - "id": "CVE-2023-0286", - "modified": "2026-04-02T08:32:43.026586Z" - }, - { - "id": "CVE-2023-0401", - "modified": "2026-04-02T08:32:29.442023Z" - }, - { - "id": "CVE-2023-3446", - "modified": "2026-04-02T09:03:26.432117Z" - }, - { - "id": "CVE-2023-6237", - "modified": "2026-04-02T09:48:01.881441Z" - }, { "id": "CVE-2024-12797", - "modified": "2026-03-23T05:06:57.351567Z" + "modified": "2026-04-12T08:35:11.848849Z" }, { "id": "CVE-2024-13176", - "modified": "2026-04-02T09:59:53.877093Z" - }, - { - "id": "CVE-2024-2511", - "modified": "2026-04-02T10:08:02.801311Z" - }, - { - "id": "CVE-2024-4603", - "modified": "2026-04-02T12:21:16.410893Z" - }, - { - "id": "CVE-2024-4741", - "modified": "2026-04-02T12:21:07.617700Z" - }, - { - "id": "CVE-2024-5535", - "modified": "2026-04-02T12:28:22.047392Z" + "modified": "2026-04-16T04:35:29.313942Z" }, { "id": "CVE-2024-9143", - "modified": "2026-04-02T12:30:23.094298Z" - }, - { - "id": "CVE-2025-4575", - "modified": "2026-04-02T12:48:51.065458Z" + "modified": "2026-04-16T04:33:12.098562Z" }, { "id": "CVE-2025-9230", - "modified": "2026-04-02T13:07:48.305234Z" + "modified": "2026-04-16T04:40:07.876695Z" }, { "id": "CVE-2025-9231", - "modified": "2026-04-02T13:07:41.821305Z" + "modified": "2026-04-12T22:06:21.109259Z" }, { "id": "CVE-2025-9232", - "modified": "2026-04-02T13:07:48.699162Z" - }, - { - "id": "CVE-2026-2673", - "modified": "2026-04-02T13:20:25.921852Z" + "modified": "2026-04-16T04:32:37.830662Z" } ] }, { "vulns": [ - { - "id": "CVE-2016-0701", - "modified": "2026-04-01T23:26:39.451139Z" - }, - { - "id": "CVE-2016-0703", - "modified": "2026-04-01T23:26:24.342221Z" - }, - { - "id": "CVE-2016-0704", - "modified": "2026-04-01T23:26:24.349093Z" - }, - { - "id": "CVE-2016-0798", - "modified": "2026-04-01T23:30:03.342358Z" - }, - { - "id": "CVE-2016-0799", - "modified": "2026-04-01T23:29:08.132236Z" - }, - { - "id": "CVE-2016-0800", - "modified": "2026-04-01T23:29:55.194175Z" - }, - { - "id": "CVE-2016-2106", - "modified": "2026-04-01T23:36:11.824548Z" - }, - { - "id": "CVE-2016-2108", - "modified": "2026-04-01T23:36:14.552979Z" - }, - { - "id": "CVE-2016-2109", - "modified": "2026-04-01T23:36:09.516812Z" - }, - { - "id": "CVE-2016-2176", - "modified": "2026-04-01T23:36:25.131388Z" - }, - { - "id": "CVE-2016-2177", - "modified": "2026-04-01T23:36:20.413546Z" - }, - { - "id": "CVE-2016-2179", - "modified": "2026-04-01T23:36:17.896736Z" - }, - { - "id": "CVE-2016-2181", - "modified": "2026-04-01T23:36:29.127761Z" - }, - { - "id": "CVE-2016-2182", - "modified": "2026-04-01T23:36:30.932915Z" - }, - { - "id": "CVE-2016-2842", - "modified": "2026-04-01T23:38:31.723546Z" - }, - { - "id": "CVE-2016-6302", - "modified": "2026-04-01T23:53:30.080722Z" - }, - { - "id": "CVE-2016-6305", - "modified": "2026-04-01T23:53:43.877761Z" - }, - { - "id": "CVE-2016-6307", - "modified": "2026-04-01T23:53:42.461031Z" - }, - { - "id": "CVE-2016-6308", - "modified": "2026-04-01T23:53:26.454277Z" - }, - { - "id": "CVE-2016-6309", - "modified": "2026-04-01T23:53:43.736712Z" - }, - { - "id": "CVE-2016-7053", - "modified": "2026-04-01T23:54:07.855301Z" - }, - { - "id": "CVE-2016-7056", - "modified": "2026-04-01T23:54:13.235667Z" - }, - { - "id": "CVE-2016-8610", - "modified": "2026-04-01T23:54:51.824504Z" - }, - { - "id": "CVE-2017-3730", - "modified": "2026-04-02T00:11:21.102504Z" - }, - { - "id": "CVE-2017-3733", - "modified": "2026-04-02T00:11:29.586943Z" - }, - { - "id": "CVE-2017-3735", - "modified": "2026-04-02T00:11:22.330095Z" - }, - { - "id": "CVE-2017-3737", - "modified": "2026-04-02T00:08:44.798469Z" - }, - { - "id": "CVE-2020-1968", - "modified": "2026-04-02T04:29:27.597946Z" - }, - { - "id": "CVE-2022-2068", - "modified": "2026-04-02T07:42:19.517492Z" - }, - { - "id": "CVE-2022-2097", - "modified": "2026-04-02T07:42:20.259535Z" - }, - { - "id": "CVE-2023-0215", - "modified": "2026-04-02T08:32:42.981492Z" - }, - { - "id": "CVE-2023-0286", - "modified": "2026-04-02T08:32:43.026586Z" - }, - { - "id": "CVE-2023-0401", - "modified": "2026-04-02T08:32:29.442023Z" - }, - { - "id": "CVE-2023-3446", - "modified": "2026-04-02T09:03:26.432117Z" - }, - { - "id": "CVE-2023-6129", - "modified": "2026-04-02T09:47:11.223590Z" - }, - { - "id": "CVE-2023-6237", - "modified": "2026-04-02T09:48:01.881441Z" - }, - { - "id": "CVE-2024-0727", - "modified": "2026-04-02T09:49:17.983670Z" - }, - { - "id": "CVE-2024-13176", - "modified": "2026-04-02T09:59:53.877093Z" - }, - { - "id": "CVE-2024-2511", - "modified": "2026-04-02T10:08:02.801311Z" - }, - { - "id": "CVE-2024-4603", - "modified": "2026-04-02T12:21:16.410893Z" - }, - { - "id": "CVE-2024-4741", - "modified": "2026-04-02T12:21:07.617700Z" - }, - { - "id": "CVE-2024-5535", - "modified": "2026-04-02T12:28:22.047392Z" - }, - { - "id": "CVE-2024-6119", - "modified": "2026-04-02T12:26:17.322430Z" - }, - { - "id": "CVE-2024-9143", - "modified": "2026-04-02T12:30:23.094298Z" - }, { "id": "CVE-2025-11187", - "modified": "2026-04-02T12:31:09.087200Z" + "modified": "2026-04-12T17:35:47.236202Z" }, { "id": "CVE-2025-15467", - "modified": "2026-04-02T12:34:51.332716Z" + "modified": "2026-04-16T04:39:55.464242Z" }, { "id": "CVE-2025-15468", - "modified": "2026-04-02T12:35:06.860135Z" + "modified": "2026-04-12T17:59:06.013579Z" }, { "id": "CVE-2025-15469", - "modified": "2026-03-23T05:05:23.819469Z" + "modified": "2026-04-12T17:59:06.543488Z" }, { "id": "CVE-2025-4575", - "modified": "2026-04-02T12:48:51.065458Z" + "modified": "2026-04-12T16:55:25.712986Z" }, { "id": "CVE-2025-66199", - "modified": "2026-03-23T05:00:24.564614Z" + "modified": "2026-04-12T18:47:05.342848Z" }, { "id": "CVE-2025-68160", - "modified": "2026-03-23T05:12:37.160955Z" + "modified": "2026-04-16T04:31:55.925384Z" }, { "id": "CVE-2025-69418", - "modified": "2026-04-02T13:05:42.562613Z" + "modified": "2026-04-16T04:39:29.408486Z" }, { "id": "CVE-2025-69419", - "modified": "2026-04-02T13:05:53.476082Z" + "modified": "2026-04-16T04:30:17.322662Z" }, { "id": "CVE-2025-69420", - "modified": "2026-03-23T05:13:16.365472Z" + "modified": "2026-04-16T04:31:44.038402Z" }, { "id": "CVE-2025-69421", - "modified": "2026-04-02T13:05:42.582269Z" + "modified": "2026-04-16T04:33:39.665301Z" }, { "id": "CVE-2025-9230", - "modified": "2026-04-02T13:07:48.305234Z" + "modified": "2026-04-16T04:40:07.876695Z" }, { "id": "CVE-2025-9231", - "modified": "2026-04-02T13:07:41.821305Z" + "modified": "2026-04-12T22:06:21.109259Z" }, { "id": "CVE-2025-9232", - "modified": "2026-04-02T13:07:48.699162Z" + "modified": "2026-04-16T04:32:37.830662Z" }, { "id": "CVE-2026-22795", - "modified": "2026-03-23T05:12:31.733749Z" + "modified": "2026-04-16T04:39:04.894264Z" }, { "id": "CVE-2026-22796", - "modified": "2026-04-02T13:13:17.422878Z" + "modified": "2026-04-16T04:33:43.089750Z" }, { "id": "CVE-2026-2673", - "modified": "2026-04-02T13:20:25.921852Z" + "modified": "2026-04-22T18:29:19.138098Z" } ] }, @@ -1028,14 +271,6 @@ interactions: { "id": "CVE-2016-10931", "modified": "2026-03-14T09:18:29.278606Z" - }, - { - "id": "CVE-2018-20997", - "modified": "2026-03-14T09:29:08.646634Z" - }, - { - "id": "CVE-2023-53159", - "modified": "2026-03-11T18:20:56.090230Z" } ] } @@ -1043,7 +278,7 @@ interactions: } headers: Content-Length: - - "9106" + - "2317" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml index 487902f1177..b302d5dcf91 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml @@ -121,7 +121,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 433 + content_length: 576 body: | { "results": [ @@ -139,6 +139,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -157,11 +165,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -169,7 +177,7 @@ interactions: } headers: Content-Length: - - "433" + - "576" Content-Type: - application/json status: 200 OK @@ -1408,7 +1416,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 22298 + content_length: 23599 body: | { "results": [ @@ -1420,11 +1428,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -1442,6 +1450,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -1460,11 +1476,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -1480,7 +1496,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2017-11164", - "modified": "2026-01-20T16:49:00.053545Z" + "modified": "2026-04-22T11:10:44.262299Z" } ] }, @@ -1784,6 +1800,14 @@ interactions: { "id": "DEBIAN-CVE-2024-2236", "modified": "2026-03-10T05:09:58.705229Z" + }, + { + "id": "DEBIAN-CVE-2026-41989", + "modified": "2026-04-23T10:00:15.682147Z" + }, + { + "id": "DEBIAN-CVE-2026-41990", + "modified": "2026-04-23T10:01:21.235502Z" } ] }, @@ -2081,19 +2105,19 @@ interactions: }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:05:07.928323Z" + "modified": "2026-03-27T10:02:52.786818Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:05:23.527352Z" + "modified": "2026-03-27T10:02:55.759355Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:05:10.515041Z" + "modified": "2026-03-27T10:02:35.574410Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:16:44.779248Z" + "modified": "2026-03-27T10:02:04.914884Z" }, { "id": "DLA-3012-1", @@ -2456,7 +2480,35 @@ interactions: }, { "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-18T09:03:28.363302Z" + "modified": "2026-04-20T00:00:38.868460Z" + }, + { + "id": "DEBIAN-CVE-2026-28386", + "modified": "2026-04-20T00:00:49.100894Z" + }, + { + "id": "DEBIAN-CVE-2026-28387", + "modified": "2026-04-20T00:00:57.690122Z" + }, + { + "id": "DEBIAN-CVE-2026-28388", + "modified": "2026-04-20T00:00:35.206956Z" + }, + { + "id": "DEBIAN-CVE-2026-28389", + "modified": "2026-04-20T00:00:52.426739Z" + }, + { + "id": "DEBIAN-CVE-2026-28390", + "modified": "2026-04-20T00:00:19.190921Z" + }, + { + "id": "DEBIAN-CVE-2026-31789", + "modified": "2026-04-20T00:00:42.604688Z" + }, + { + "id": "DEBIAN-CVE-2026-31790", + "modified": "2026-04-20T00:00:45.886476Z" }, { "id": "DLA-3008-1", @@ -2575,6 +2627,10 @@ interactions: "id": "DEBIAN-CVE-2017-12883", "modified": "2025-11-19T01:12:38.323688Z" }, + { + "id": "DEBIAN-CVE-2017-20230", + "modified": "2026-04-22T23:00:59.527466Z" + }, { "id": "DEBIAN-CVE-2018-12015", "modified": "2025-11-19T02:02:49.033339Z" @@ -2649,7 +2705,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-20T10:18:21.143971Z" + "modified": "2026-04-18T11:00:19.825094Z" }, { "id": "DLA-3926-1", @@ -2705,7 +2761,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "DEBIAN-CVE-2026-5958", + "modified": "2026-04-23T17:02:53.103271Z" + } + ] + }, { "vulns": [ { @@ -2742,6 +2805,10 @@ interactions: "id": "DEBIAN-CVE-2023-39804", "modified": "2025-11-20T10:16:41.587973Z" }, + { + "id": "DEBIAN-CVE-2026-5704", + "modified": "2026-04-07T09:00:52.977033Z" + }, { "id": "DLA-3755-1", "modified": "2026-03-09T01:18:04.185679Z" @@ -2838,9 +2905,13 @@ interactions: "id": "DEBIAN-CVE-2025-14104", "modified": "2026-03-05T17:00:58.361610Z" }, + { + "id": "DEBIAN-CVE-2026-27456", + "modified": "2026-04-16T17:02:05.692390Z" + }, { "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2026-04-04T10:03:07.405618Z" }, { "id": "DLA-3782-1", @@ -2870,6 +2941,10 @@ interactions: "id": "DEBIAN-CVE-2025-31115", "modified": "2025-11-20T10:18:07.484724Z" }, + { + "id": "DEBIAN-CVE-2026-34743", + "modified": "2026-04-09T05:00:21.571838Z" + }, { "id": "DSA-5123-1", "modified": "2026-03-09T02:10:46.054497Z" @@ -2896,6 +2971,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -2914,11 +2997,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] } @@ -2926,7 +3009,7 @@ interactions: } headers: Content-Length: - - "22298" + - "23599" Content-Type: - application/json status: 200 OK @@ -3997,7 +4080,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 21542 + content_length: 22700 body: | { "results": [ @@ -4015,6 +4098,14 @@ interactions: { "id": "ALPINE-CVE-2025-26519", "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -4033,11 +4124,11 @@ interactions: }, { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-19T08:30:44.326318Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -4341,6 +4432,14 @@ interactions: { "id": "DEBIAN-CVE-2024-2236", "modified": "2026-03-10T05:09:58.705229Z" + }, + { + "id": "DEBIAN-CVE-2026-41989", + "modified": "2026-04-23T10:00:15.682147Z" + }, + { + "id": "DEBIAN-CVE-2026-41990", + "modified": "2026-04-23T10:01:21.235502Z" } ] }, @@ -4638,19 +4737,19 @@ interactions: }, { "id": "DEBIAN-CVE-2026-0989", - "modified": "2026-01-16T11:05:07.928323Z" + "modified": "2026-03-27T10:02:52.786818Z" }, { "id": "DEBIAN-CVE-2026-0990", - "modified": "2026-01-16T11:05:23.527352Z" + "modified": "2026-03-27T10:02:55.759355Z" }, { "id": "DEBIAN-CVE-2026-0992", - "modified": "2026-01-16T11:05:10.515041Z" + "modified": "2026-03-27T10:02:35.574410Z" }, { "id": "DEBIAN-CVE-2026-1757", - "modified": "2026-02-03T11:16:44.779248Z" + "modified": "2026-03-27T10:02:04.914884Z" }, { "id": "DLA-3012-1", @@ -5013,7 +5112,35 @@ interactions: }, { "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-03-18T09:03:28.363302Z" + "modified": "2026-04-20T00:00:38.868460Z" + }, + { + "id": "DEBIAN-CVE-2026-28386", + "modified": "2026-04-20T00:00:49.100894Z" + }, + { + "id": "DEBIAN-CVE-2026-28387", + "modified": "2026-04-20T00:00:57.690122Z" + }, + { + "id": "DEBIAN-CVE-2026-28388", + "modified": "2026-04-20T00:00:35.206956Z" + }, + { + "id": "DEBIAN-CVE-2026-28389", + "modified": "2026-04-20T00:00:52.426739Z" + }, + { + "id": "DEBIAN-CVE-2026-28390", + "modified": "2026-04-20T00:00:19.190921Z" + }, + { + "id": "DEBIAN-CVE-2026-31789", + "modified": "2026-04-20T00:00:42.604688Z" + }, + { + "id": "DEBIAN-CVE-2026-31790", + "modified": "2026-04-20T00:00:45.886476Z" }, { "id": "DLA-3008-1", @@ -5132,6 +5259,10 @@ interactions: "id": "DEBIAN-CVE-2017-12883", "modified": "2025-11-19T01:12:38.323688Z" }, + { + "id": "DEBIAN-CVE-2017-20230", + "modified": "2026-04-22T23:00:59.527466Z" + }, { "id": "DEBIAN-CVE-2018-12015", "modified": "2025-11-19T02:02:49.033339Z" @@ -5206,7 +5337,7 @@ interactions: }, { "id": "DEBIAN-CVE-2025-40909", - "modified": "2025-11-20T10:18:21.143971Z" + "modified": "2026-04-18T11:00:19.825094Z" }, { "id": "DLA-3926-1", @@ -5262,7 +5393,14 @@ interactions: {}, {}, {}, - {}, + { + "vulns": [ + { + "id": "DEBIAN-CVE-2026-5958", + "modified": "2026-04-23T17:02:53.103271Z" + } + ] + }, { "vulns": [ { @@ -5299,6 +5437,10 @@ interactions: "id": "DEBIAN-CVE-2023-39804", "modified": "2025-11-20T10:16:41.587973Z" }, + { + "id": "DEBIAN-CVE-2026-5704", + "modified": "2026-04-07T09:00:52.977033Z" + }, { "id": "DLA-3755-1", "modified": "2026-03-09T01:18:04.185679Z" @@ -5395,9 +5537,13 @@ interactions: "id": "DEBIAN-CVE-2025-14104", "modified": "2026-03-05T17:00:58.361610Z" }, + { + "id": "DEBIAN-CVE-2026-27456", + "modified": "2026-04-16T17:02:05.692390Z" + }, { "id": "DEBIAN-CVE-2026-3184", - "modified": "2026-02-26T09:30:44.219098Z" + "modified": "2026-04-04T10:03:07.405618Z" }, { "id": "DLA-3782-1", @@ -5427,6 +5573,10 @@ interactions: "id": "DEBIAN-CVE-2025-31115", "modified": "2025-11-20T10:18:07.484724Z" }, + { + "id": "DEBIAN-CVE-2026-34743", + "modified": "2026-04-09T05:00:21.571838Z" + }, { "id": "DSA-5123-1", "modified": "2026-03-09T02:10:46.054497Z" @@ -5443,7 +5593,7 @@ interactions: } headers: Content-Length: - - "21542" + - "22700" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml index 78f71c69858..c6d66c941e6 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml @@ -41,11 +41,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2026-04-10T05:00:16.792714Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2026-04-10T05:00:16.785150Z" } ] }, @@ -100,11 +100,11 @@ interactions: "vulns": [ { "id": "CVE-2023-39137", - "modified": "2026-03-15T14:11:43.205446Z" + "modified": "2026-04-10T05:00:16.792714Z" }, { "id": "CVE-2023-39139", - "modified": "2026-03-14T12:08:30.752661Z" + "modified": "2026-04-10T05:00:16.785150Z" } ] }, @@ -148,7 +148,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2593 + content_length: 2914 body: | { "results": [ @@ -156,11 +156,15 @@ interactions: "vulns": [ { "id": "CVE-2016-2177", - "modified": "2026-03-15T22:22:35.782155Z" + "modified": "2026-04-16T06:17:28.395004Z" }, { "id": "CVE-2016-2182", - "modified": "2026-03-15T22:06:16.823524Z" + "modified": "2026-04-16T06:18:10.677509Z" + }, + { + "id": "CVE-2022-2097", + "modified": "2026-04-16T04:33:07.241127Z" }, { "id": "CVE-2022-2274", @@ -172,147 +176,163 @@ interactions: }, { "id": "CVE-2022-3996", - "modified": "2026-03-15T22:44:21.336918Z" + "modified": "2026-04-12T01:27:58.769604Z" }, { "id": "CVE-2022-4203", - "modified": "2026-03-14T11:56:48.298901Z" + "modified": "2026-04-16T04:30:36.636633Z" }, { "id": "CVE-2022-4304", - "modified": "2026-03-14T11:57:20.473258Z" + "modified": "2026-04-16T04:36:18.203244Z" }, { "id": "CVE-2022-4450", - "modified": "2026-03-15T14:48:08.469047Z" + "modified": "2026-04-16T04:38:19.562051Z" }, { "id": "CVE-2023-0215", - "modified": "2026-03-15T22:46:35.699581Z" + "modified": "2026-04-16T04:31:08.729319Z" }, { "id": "CVE-2023-0216", - "modified": "2026-03-14T14:54:02.977746Z" + "modified": "2026-04-16T04:40:18.060967Z" }, { "id": "CVE-2023-0217", - "modified": "2026-03-15T22:46:23.122521Z" + "modified": "2026-04-16T04:31:49.269223Z" }, { "id": "CVE-2023-0286", - "modified": "2026-03-23T05:08:02.726984Z" + "modified": "2026-04-16T04:31:42.648783Z" }, { "id": "CVE-2023-0401", - "modified": "2026-03-14T12:00:52.936954Z" + "modified": "2026-04-16T04:30:24.172878Z" }, { "id": "CVE-2023-0464", - "modified": "2026-03-23T05:01:38.442879Z" + "modified": "2026-04-16T04:39:03.229073Z" }, { "id": "CVE-2023-0465", - "modified": "2026-03-15T22:45:58.975327Z" + "modified": "2026-04-16T04:38:14.511272Z" }, { "id": "CVE-2023-0466", - "modified": "2026-03-15T22:46:04.107702Z" + "modified": "2026-04-16T04:37:18.897246Z" }, { "id": "CVE-2023-1255", - "modified": "2026-03-14T12:01:08.330785Z" + "modified": "2026-04-10T04:54:14.228073Z" }, { "id": "CVE-2023-2650", - "modified": "2026-03-23T05:00:34.487377Z" + "modified": "2026-04-16T04:39:42.375413Z" }, { "id": "CVE-2023-2975", - "modified": "2026-03-15T14:49:55.221034Z" + "modified": "2026-04-16T04:32:33.694941Z" + }, + { + "id": "CVE-2023-3446", + "modified": "2026-04-16T04:32:47.749140Z" }, { "id": "CVE-2023-3817", - "modified": "2026-03-15T22:45:38.616987Z" + "modified": "2026-04-16T04:34:31.014600Z" }, { "id": "CVE-2023-4807", - "modified": "2026-03-14T12:23:37.361743Z" + "modified": "2026-04-12T04:44:01.048282Z" }, { "id": "CVE-2023-5363", - "modified": "2026-03-15T22:49:01.513389Z" + "modified": "2026-04-16T04:31:50.947057Z" }, { "id": "CVE-2023-5678", - "modified": "2026-03-15T22:49:18.011924Z" + "modified": "2026-04-16T04:39:47.937104Z" }, { "id": "CVE-2023-6129", - "modified": "2026-03-15T21:45:17.017844Z" + "modified": "2026-04-16T04:32:07.868289Z" }, { "id": "CVE-2023-6237", - "modified": "2026-03-15T22:49:35.974149Z" + "modified": "2026-04-16T04:34:09.429444Z" + }, + { + "id": "CVE-2024-0727", + "modified": "2026-04-16T04:34:22.591238Z" }, { "id": "CVE-2024-13176", - "modified": "2026-03-23T05:00:52.882982Z" + "modified": "2026-04-16T04:35:29.313942Z" }, { "id": "CVE-2024-2511", - "modified": "2026-03-23T05:00:41.236875Z" + "modified": "2026-04-16T04:36:39.673008Z" }, { "id": "CVE-2024-4603", - "modified": "2026-03-23T05:09:27.414549Z" + "modified": "2026-04-16T04:31:31.480633Z" }, { "id": "CVE-2024-4741", - "modified": "2026-03-23T05:03:57.853457Z" + "modified": "2026-04-16T04:38:39.127578Z" }, { "id": "CVE-2024-5535", - "modified": "2026-03-23T05:10:32.616432Z" + "modified": "2026-04-16T04:32:48.471063Z" + }, + { + "id": "CVE-2024-6119", + "modified": "2026-04-16T04:35:29.954379Z" }, { "id": "CVE-2024-9143", - "modified": "2026-03-15T22:52:44.104304Z" + "modified": "2026-04-16T04:33:12.098562Z" }, { "id": "CVE-2025-15467", - "modified": "2026-03-23T05:02:57.782932Z" + "modified": "2026-04-16T04:39:55.464242Z" }, { "id": "CVE-2025-68160", - "modified": "2026-03-23T05:12:37.160955Z" + "modified": "2026-04-16T04:31:55.925384Z" }, { "id": "CVE-2025-69418", - "modified": "2026-03-23T05:03:12.246510Z" + "modified": "2026-04-16T04:39:29.408486Z" }, { "id": "CVE-2025-69419", - "modified": "2026-03-23T05:03:26.083494Z" + "modified": "2026-04-16T04:30:17.322662Z" }, { "id": "CVE-2025-69420", - "modified": "2026-03-23T05:13:16.365472Z" + "modified": "2026-04-16T04:31:44.038402Z" + }, + { + "id": "CVE-2025-69421", + "modified": "2026-04-16T04:33:39.665301Z" }, { "id": "CVE-2025-9230", - "modified": "2026-03-23T05:00:34.923543Z" + "modified": "2026-04-16T04:40:07.876695Z" }, { "id": "CVE-2025-9232", - "modified": "2026-03-23T05:05:02.628675Z" + "modified": "2026-04-16T04:32:37.830662Z" }, { "id": "CVE-2026-22795", - "modified": "2026-03-23T05:12:31.733749Z" + "modified": "2026-04-16T04:39:04.894264Z" }, { "id": "CVE-2026-22796", - "modified": "2026-03-23T05:11:54.223561Z" + "modified": "2026-04-16T04:33:43.089750Z" } ] } @@ -320,7 +340,7 @@ interactions: } headers: Content-Length: - - "2593" + - "2914" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml index 8137a140483..9a0b14941f9 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml @@ -170,7 +170,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4488 body: | { "results": [ @@ -191,7 +191,7 @@ interactions: "vulns": [ { "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" + "modified": "2026-04-07T16:47:43.107166Z" }, { "id": "GHSA-h46c-h94j-95f3", @@ -419,6 +419,10 @@ interactions: {}, { "vulns": [ + { + "id": "GHSA-355h-qmc2-wpwf", + "modified": "2026-04-17T00:30:15.516948Z" + }, { "id": "GHSA-cj7v-27pg-wf7q", "modified": "2026-03-13T22:01:09.359414Z" @@ -467,7 +471,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4488" Content-Type: - application/json status: 200 OK @@ -642,7 +646,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4488 body: | { "results": [ @@ -663,7 +667,7 @@ interactions: "vulns": [ { "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" + "modified": "2026-04-07T16:47:43.107166Z" }, { "id": "GHSA-h46c-h94j-95f3", @@ -891,6 +895,10 @@ interactions: {}, { "vulns": [ + { + "id": "GHSA-355h-qmc2-wpwf", + "modified": "2026-04-17T00:30:15.516948Z" + }, { "id": "GHSA-cj7v-27pg-wf7q", "modified": "2026-03-13T22:01:09.359414Z" @@ -939,7 +947,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4488" Content-Type: - application/json status: 200 OK @@ -1114,7 +1122,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4418 + content_length: 4488 body: | { "results": [ @@ -1135,7 +1143,7 @@ interactions: "vulns": [ { "id": "GHSA-72hv-8253-57qq", - "modified": "2026-03-04T15:06:51.908001Z" + "modified": "2026-04-07T16:47:43.107166Z" }, { "id": "GHSA-h46c-h94j-95f3", @@ -1363,6 +1371,10 @@ interactions: {}, { "vulns": [ + { + "id": "GHSA-355h-qmc2-wpwf", + "modified": "2026-04-17T00:30:15.516948Z" + }, { "id": "GHSA-cj7v-27pg-wf7q", "modified": "2026-03-13T22:01:09.359414Z" @@ -1411,7 +1423,7 @@ interactions: } headers: Content-Length: - - "4418" + - "4488" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml index 1dd867a211f..88a88c2ac72 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml @@ -436,7 +436,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 628 + content_length: 768 body: | { "results": [ @@ -506,6 +506,14 @@ interactions: {}, { "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "2026-04-16T11:29:10.536806Z" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "2026-04-17T12:29:10.521430Z" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -533,7 +541,7 @@ interactions: } headers: Content-Length: - - "628" + - "768" Content-Type: - application/json status: 200 OK @@ -627,7 +635,7 @@ interactions: "vulns": [ { "id": "GHSA-269g-pwp5-87pp", - "modified": "2026-03-13T22:15:22.410895Z" + "modified": "2026-04-10T15:29:15.593707Z" } ] }, @@ -685,13 +693,21 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 381 + content_length: 521 body: | { "results": [ {}, { "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "2026-04-16T11:29:10.536806Z" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "2026-04-17T12:29:10.521430Z" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -719,7 +735,7 @@ interactions: } headers: Content-Length: - - "381" + - "521" Content-Type: - application/json status: 200 OK @@ -768,13 +784,21 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 381 + content_length: 521 body: | { "results": [ {}, { "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "2026-04-16T11:29:10.536806Z" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "2026-04-17T12:29:10.521430Z" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -802,7 +826,7 @@ interactions: } headers: Content-Length: - - "381" + - "521" Content-Type: - application/json status: 200 OK @@ -1243,7 +1267,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 628 + content_length: 768 body: | { "results": [ @@ -1313,6 +1337,14 @@ interactions: {}, { "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "2026-04-16T11:29:10.536806Z" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "2026-04-17T12:29:10.521430Z" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -1340,7 +1372,7 @@ interactions: } headers: Content-Length: - - "628" + - "768" Content-Type: - application/json status: 200 OK @@ -1389,7 +1421,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1081 + content_length: 1151 body: | { "results": [ @@ -1401,7 +1433,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -1413,11 +1445,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -1455,6 +1487,10 @@ interactions: "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, { "id": "GHSA-j8r2-6x86-q33q", "modified": "2026-02-04T03:34:13.807518Z" @@ -1469,164 +1505,7 @@ interactions: } headers: Content-Length: - - "1081" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 997 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "PyPI", - "name": "click" - }, - "version": "8.3.1" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "flask" - }, - "version": "1.0.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "flask-cors" - }, - "version": "1.0.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "itsdangerous" - }, - "version": "2.2.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "jinja2" - }, - "version": "3.1.6" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "markupsafe" - }, - "version": "3.0.3" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "pandas" - }, - "version": "0.23.4" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug" - }, - "version": "3.1.7" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/requirements.txt_resolution_fallback - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 880 - body: | - { - "results": [ - {}, - { - "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, - { - "id": "GHSA-m2qf-hxjv-5gpq", - "modified": "2025-02-21T05:42:17.337040Z" - }, - { - "id": "PYSEC-2023-62", - "modified": "2023-11-08T04:12:28.231927Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-43qf-4rqw-9q2g", - "modified": "2026-02-04T02:30:19.251090Z" - }, - { - "id": "GHSA-7rxf-gvfg-47g4", - "modified": "2026-02-04T04:27:15.173118Z" - }, - { - "id": "GHSA-84pr-m4jr-85g5", - "modified": "2026-02-04T02:57:32.875272Z" - }, - { - "id": "GHSA-8vgw-p6qm-5gr7", - "modified": "2026-02-04T02:42:09.564281Z" - }, - { - "id": "GHSA-hxwh-jpp2-84pm", - "modified": "2026-02-04T02:15:39.891834Z" - }, - { - "id": "GHSA-xc3p-ff3m-f46v", - "modified": "2024-09-20T20:01:25.449661Z" - }, - { - "id": "PYSEC-2020-43", - "modified": "2025-10-09T07:22:50.566622Z" - }, - { - "id": "PYSEC-2024-71", - "modified": "2025-10-09T08:27:44.186589Z" - } - ] - }, - {}, - {}, - {}, - { - "vulns": [ - { - "id": "PYSEC-2020-73", - "modified": "2023-11-08T04:02:12.263851Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "880" + - "1151" Content-Type: - application/json status: 200 OK @@ -1646,7 +1525,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.3.2" + "version": "8.3.3" }, { "package": { @@ -1803,7 +1682,7 @@ interactions: "ecosystem": "PyPI", "name": "certifi" }, - "version": "2026.2.25" + "version": "2026.4.22" }, { "package": { @@ -1817,7 +1696,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.3.1" + "version": "8.3.3" }, { "package": { @@ -1887,7 +1766,7 @@ interactions: "ecosystem": "PyPI", "name": "werkzeug" }, - "version": "3.1.7" + "version": "3.1.8" } ] } @@ -1902,7 +1781,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2083 + content_length: 2153 body: | { "results": [ @@ -1917,7 +1796,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -1929,11 +1808,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -1986,281 +1865,10 @@ interactions: { "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" - }, - { - "id": "GHSA-j8r2-6x86-q33q", - "modified": "2026-02-04T03:34:13.807518Z" - }, - { - "id": "PYSEC-2023-74", - "modified": "2023-11-08T04:12:35.436175Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-2xpw-w6gg-jr37", - "modified": "2026-02-04T02:36:12.983430Z" - }, - { - "id": "GHSA-34jh-p97f-mpxf", - "modified": "2026-02-04T03:37:44.850742Z" - }, - { - "id": "GHSA-38jv-5279-wg99", - "modified": "2026-02-04T03:51:36.162029Z" - }, - { - "id": "GHSA-g4mx-q9vg-27p4", - "modified": "2026-02-04T03:30:16.767903Z" - }, - { - "id": "GHSA-gm62-xv2j-4w53", - "modified": "2026-02-04T03:37:15.919661Z" - }, - { - "id": "GHSA-pq67-6m6q-mj2v", - "modified": "2026-02-04T04:38:01.163387Z" - }, - { - "id": "GHSA-v845-jxx5-vc9f", - "modified": "2026-02-04T02:58:30.152562Z" - }, - { - "id": "GHSA-wqvq-5m8c-6g24", - "modified": "2024-11-18T22:47:07.792720Z" - }, - { - "id": "PYSEC-2020-148", - "modified": "2023-11-08T04:03:14.251187Z" - }, - { - "id": "PYSEC-2021-108", - "modified": "2023-11-08T04:06:04.829992Z" - }, - { - "id": "PYSEC-2023-192", - "modified": "2023-11-08T04:13:33.452167Z" - }, - { - "id": "PYSEC-2023-212", - "modified": "2023-11-08T04:13:39.165450Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "2083" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 1610 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi" - }, - "version": "2026.2.25" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "chardet" - }, - "version": "3.0.4" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "click" - }, - "version": "8.3.2" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "django" - }, - "version": "1.11.29" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "flask" - }, - "version": "1.0.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "idna" - }, - "version": "2.7.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "itsdangerous" - }, - "version": "2.2.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "jinja2" - }, - "version": "3.1.6" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "markupsafe" - }, - "version": "3.0.3" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "pytz" - }, - "version": "2026.1.0.post1" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "requests" - }, - "version": "2.20.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3" - }, - "version": "1.24.3" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug" - }, - "version": "3.1.8" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_default - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 2153 - body: | - { - "results": [ - {}, - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-68w8-qjq3-2gfm", - "modified": "2024-09-20T15:46:52.557962Z" - }, - { - "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" - }, - { - "id": "GHSA-7xr5-9hcq-chf9", - "modified": "2026-02-04T03:48:05.224740Z" - }, - { - "id": "GHSA-8x94-hmjh-97hq", - "modified": "2026-02-04T02:45:55.690257Z" - }, - { - "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" - }, - { - "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" - }, - { - "id": "GHSA-rrqc-c2jx-6jgv", - "modified": "2024-10-30T19:23:59.139649Z" - }, - { - "id": "PYSEC-2021-98", - "modified": "2023-12-06T01:01:16.755410Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, - { - "id": "GHSA-m2qf-hxjv-5gpq", - "modified": "2025-02-21T05:42:17.337040Z" - }, - { - "id": "PYSEC-2023-62", - "modified": "2023-11-08T04:12:28.231927Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-jjg7-2v4v-x38h", - "modified": "2026-02-04T03:49:45.087439Z" - }, - { - "id": "PYSEC-2024-60", - "modified": "2024-07-11T17:42:33.704488Z" - } - ] - }, - {}, - {}, - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9hjg-9r4m-mvj7", - "modified": "2026-02-04T03:44:00.676479Z" - }, - { - "id": "GHSA-9wx4-h78v-vm56", - "modified": "2026-02-04T02:43:42.271895Z" - }, - { - "id": "GHSA-gc5v-m9x4-r6x2", - "modified": "2026-03-27T22:17:33.595885Z" + }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" }, { "id": "GHSA-j8r2-6x86-q33q", @@ -2349,278 +1957,7 @@ interactions: "ecosystem": "PyPI", "name": "certifi" }, - "version": "2026.2.25" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "chardet" - }, - "version": "3.0.4" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "click" - }, - "version": "8.3.1" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "django" - }, - "version": "1.11.29" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "flask" - }, - "version": "1.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "idna" - }, - "version": "2.7" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "itsdangerous" - }, - "version": "2.2.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "jinja2" - }, - "version": "3.1.6" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "markupsafe" - }, - "version": "3.0.3" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "pytz" - }, - "version": "2026.1.post1" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "requests" - }, - "version": "2.20.0" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "urllib3" - }, - "version": "1.24.3" - }, - { - "package": { - "ecosystem": "PyPI", - "name": "werkzeug" - }, - "version": "3.1.7" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_native_source - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 2083 - body: | - { - "results": [ - {}, - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-68w8-qjq3-2gfm", - "modified": "2024-09-20T15:46:52.557962Z" - }, - { - "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" - }, - { - "id": "GHSA-7xr5-9hcq-chf9", - "modified": "2026-02-04T03:48:05.224740Z" - }, - { - "id": "GHSA-8x94-hmjh-97hq", - "modified": "2026-02-04T02:45:55.690257Z" - }, - { - "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" - }, - { - "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" - }, - { - "id": "GHSA-rrqc-c2jx-6jgv", - "modified": "2024-10-30T19:23:59.139649Z" - }, - { - "id": "PYSEC-2021-98", - "modified": "2023-12-06T01:01:16.755410Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-68rp-wp8r-4726", - "modified": "2026-02-23T23:43:45.778179Z" - }, - { - "id": "GHSA-m2qf-hxjv-5gpq", - "modified": "2025-02-21T05:42:17.337040Z" - }, - { - "id": "PYSEC-2023-62", - "modified": "2023-11-08T04:12:28.231927Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-jjg7-2v4v-x38h", - "modified": "2026-02-04T03:49:45.087439Z" - }, - { - "id": "PYSEC-2024-60", - "modified": "2024-07-11T17:42:33.704488Z" - } - ] - }, - {}, - {}, - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9hjg-9r4m-mvj7", - "modified": "2026-02-04T03:44:00.676479Z" - }, - { - "id": "GHSA-9wx4-h78v-vm56", - "modified": "2026-02-04T02:43:42.271895Z" - }, - { - "id": "GHSA-j8r2-6x86-q33q", - "modified": "2026-02-04T03:34:13.807518Z" - }, - { - "id": "PYSEC-2023-74", - "modified": "2023-11-08T04:12:35.436175Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-2xpw-w6gg-jr37", - "modified": "2026-02-04T02:36:12.983430Z" - }, - { - "id": "GHSA-34jh-p97f-mpxf", - "modified": "2026-02-04T03:37:44.850742Z" - }, - { - "id": "GHSA-38jv-5279-wg99", - "modified": "2026-02-04T03:51:36.162029Z" - }, - { - "id": "GHSA-g4mx-q9vg-27p4", - "modified": "2026-02-04T03:30:16.767903Z" - }, - { - "id": "GHSA-gm62-xv2j-4w53", - "modified": "2026-02-04T03:37:15.919661Z" - }, - { - "id": "GHSA-pq67-6m6q-mj2v", - "modified": "2026-02-04T04:38:01.163387Z" - }, - { - "id": "GHSA-v845-jxx5-vc9f", - "modified": "2026-02-04T02:58:30.152562Z" - }, - { - "id": "GHSA-wqvq-5m8c-6g24", - "modified": "2024-11-18T22:47:07.792720Z" - }, - { - "id": "PYSEC-2020-148", - "modified": "2023-11-08T04:03:14.251187Z" - }, - { - "id": "PYSEC-2021-108", - "modified": "2023-11-08T04:06:04.829992Z" - }, - { - "id": "PYSEC-2023-192", - "modified": "2023-11-08T04:13:33.452167Z" - }, - { - "id": "PYSEC-2023-212", - "modified": "2023-11-08T04:13:39.165450Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "2083" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 1604 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "PyPI", - "name": "certifi" - }, - "version": "2026.2.25" + "version": "2026.4.22" }, { "package": { @@ -2634,7 +1971,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.3.2" + "version": "8.3.3" }, { "package": { @@ -2734,7 +2071,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-02-04T04:00:06.061990Z" + "modified": "2026-04-21T08:11:06.082206Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -2746,11 +2083,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2025-11-27T09:10:30.649595Z" + "modified": "2026-04-21T08:11:22.119438Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-02-04T04:08:30.303132Z" + "modified": "2026-04-21T08:11:06.009868Z" }, { "id": "GHSA-rrqc-c2jx-6jgv",