[vulndb] data/reports: regenerate 3 reports with updated GHSA
2 views
Skip to first unread message
Nicholas Husin (Gerrit)
Dec 15, 2025, 4:32:16 PM (22 hours ago) Dec 15
to Neal Patel, Ethan Lee, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Ethan Lee and Neal Patel
Nicholas Husin has uploaded the change for review![]( "Open in Gerrit")
Nicholas Husin would like Neal Patel and Ethan Lee to review this change.
Commit message
data/reports: regenerate 3 reports with updated GHSA
Fixes golang/vulndb#3914
Fixes golang/vulndb#3760
Fixes golang/vulndb#3908
Fixes golang/vulndb#3752
Change-Id: I2f0192ca253eedccaab6466a030a6e6dcfd9f3bc
Change diff
diff --git a/data/osv/GO-2024-3057.json b/data/osv/GO-2024-3057.json
index f8ad1cb..2d89503 100644
--- a/data/osv/GO-2024-3057.json
+++ b/data/osv/GO-2024-3057.json
@@ -20,7 +20,10 @@
"type": "SEMVER",
"events": [
{
- "introduced": "0"
+ "introduced": "0.23.2"
+ },
+ {
+ "fixed": "0.29.2"
}
]
}
@@ -38,6 +41,14 @@
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41260"
},
{
+ "type": "FIX",
+ "url": "https://github.com/netbirdio/netbird/commit/cf6210a6f42355e88c422c624376f6fcdaea6729"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/netbirdio/netbird/pull/2569"
+ },
+ {
"type": "REPORT",
"url": "https://github.com/netbirdio/netbird/issues/2246"
},
diff --git a/data/osv/GO-2025-3437.json b/data/osv/GO-2025-3437.json
index 98800e3..4e8b757 100644
--- a/data/osv/GO-2025-3437.json
+++ b/data/osv/GO-2025-3437.json
@@ -7,7 +7,7 @@
"GHSA-274v-mgcv-cm8j"
],
"summary": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine",
- "details": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine",
+ "details": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/argoproj/gitops-engine before v0.7.1-0.20250129155113-4c6e03c463141.",
"affected": [
{
"package": {
@@ -19,12 +19,26 @@
"type": "SEMVER",
"events": [
{
- "introduced": "0"
+ "introduced": "0.7.2"
}
]
}
],
- "ecosystem_specific": {}
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.7.1-0.20250129155113-4c6e03c463141"
+ }
+ ]
+ }
+ ]
+ }
}
],
"references": [
diff --git a/data/osv/GO-2025-3764.json b/data/osv/GO-2025-3764.json
index 881a794..4e789e2 100644
--- a/data/osv/GO-2025-3764.json
+++ b/data/osv/GO-2025-3764.json
@@ -25,7 +25,21 @@
]
}
],
- "ecosystem_specific": {}
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "19.15.0"
+ }
+ ]
+ }
+ ]
+ }
},
{
"package": {
diff --git a/data/reports/GO-2024-3057.yaml b/data/reports/GO-2024-3057.yaml
index a9c8356..f9d0138 100644
--- a/data/reports/GO-2024-3057.yaml
+++ b/data/reports/GO-2024-3057.yaml
@@ -1,9 +1,10 @@
id: GO-2024-3057
modules:
- module: github.com/netbirdio/netbird
- unsupported_versions:
- - last_affected: 0.28.7
- vulnerable_at: 0.28.7
+ versions:
+ - introduced: 0.23.2
+ - fixed: 0.29.2
+ vulnerable_at: 0.29.1
summary: NetBird uses a static initialization vector (IV) in github.com/netbirdio/netbird
cves:
- CVE-2024-41260
@@ -12,9 +13,11 @@
references:
- advisory: https://github.com/advisories/GHSA-9v35-4xcr-w9ph
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41260
+ - fix: https://github.com/netbirdio/netbird/commit/cf6210a6f42355e88c422c624376f6fcdaea6729
+ - fix: https://github.com/netbirdio/netbird/pull/2569
- report: https://github.com/netbirdio/netbird/issues/2246
- web: https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636
source:
id: GHSA-9v35-4xcr-w9ph
- created: 2024-08-13T16:01:38.012502-04:00
+ created: 2025-12-15T16:00:16.437907858-05:00
review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3437.yaml b/data/reports/GO-2025-3437.yaml
index f0b85a9..922b0d2 100644
--- a/data/reports/GO-2025-3437.yaml
+++ b/data/reports/GO-2025-3437.yaml
@@ -1,6 +1,10 @@
id: GO-2025-3437
modules:
- module: github.com/argoproj/gitops-engine
+ versions:
+ - introduced: 0.7.2
+ non_go_versions:
+ - fixed: 0.7.1-0.20250129155113-4c6e03c463141
unsupported_versions:
- last_affected: 0.7.3
vulnerable_at: 0.7.3
@@ -14,5 +18,5 @@
- web: https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v
source:
id: GHSA-274v-mgcv-cm8j
- created: 2025-02-04T13:47:19.788014-05:00
+ created: 2025-12-15T15:58:46.677915856-05:00
review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3764.yaml b/data/reports/GO-2025-3764.yaml
index d002576..044fc87 100644
--- a/data/reports/GO-2025-3764.yaml
+++ b/data/reports/GO-2025-3764.yaml
@@ -1,7 +1,9 @@
id: GO-2025-3764
modules:
- module: github.com/go-pg/pg
- vulnerable_at: 8.0.7
+ non_go_versions:
+ - fixed: 19.15.0
+ vulnerable_at: 8.0.7+incompatible
- module: github.com/go-pg/pg/v9
vulnerable_at: 9.2.1
- module: github.com/go-pg/pg/v10
Change information
Files:
- M data/osv/GO-2024-3057.json
- M data/osv/GO-2025-3437.json
- M data/osv/GO-2025-3764.json
- M data/reports/GO-2024-3057.yaml
- M data/reports/GO-2025-3437.yaml
- M data/reports/GO-2025-3764.yaml
Change size: M
Delta: 6 files changed, 59 insertions(+), 11 deletions(-)
Related details
Attention is currently required from:
- Ethan Lee
- Neal Patel
Submit Requirements:
Code-Review
LUCI-Pass
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Neal Patel (Gerrit)
11:11 AM (3 hours ago) 11:11 AM
to Nicholas Husin, goph...@pubsubhelper.golang.org, Go LUCI, Ethan Lee, golang-co...@googlegroups.com
Attention needed from Ethan Lee and Nicholas Husin
Neal Patel voted and added 1 comment![]( "Open in Gerrit")
Votes added by Neal Patel
| Commit-Queue | +1 |
1 comment
Patchset-level comments
File-level comment, Patchset 1 (Latest):
Neal Patel . unresolved
3 reports but 4 issues fixed; anything missing?
Related details
Attention is currently required from:
- Ethan Lee
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Ethan Lee (Gerrit)
11:22 AM (3 hours ago) 11:22 AM
to Nicholas Husin, goph...@pubsubhelper.golang.org, Neal Patel, Go LUCI, golang-co...@googlegroups.com
Attention needed from Neal Patel and Nicholas Husin
Ethan Lee voted Code-Review+2![]( "Open in Gerrit")
Attention is currently required from:
- Neal Patel
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Nicholas Husin (Gerrit)
11:23 AM (3 hours ago) 11:23 AM
to Nicholas Husin, goph...@pubsubhelper.golang.org, Ethan Lee, Neal Patel, Go LUCI, golang-co...@googlegroups.com
Attention needed from Neal Patel and Nicholas Husin
Nicholas Husin voted Code-Review+1![]( "Open in Gerrit")
| Code-Review | +1 |
Related details
Attention is currently required from:
- Neal Patel
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Nicholas Husin (Gerrit)
11:23 AM (3 hours ago) 11:23 AM
to goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Nicholas Husin, Ethan Lee, Neal Patel, Go LUCI, golang-co...@googlegroups.com
Nicholas Husin submitted the change![]( "Open in Gerrit")
Change information
Commit message:
data/reports: regenerate 3 reports with updated GHSA
Fixes golang/vulndb#3914
Fixes golang/vulndb#3760
Fixes golang/vulndb#3908
Fixes golang/vulndb#3752
Change-Id: I2f0192ca253eedccaab6466a030a6e6dcfd9f3bc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/730260
LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <hu...@google.com>
Reviewed-by: Ethan Lee <etha...@google.com>
Files:
- M data/osv/GO-2024-3057.json
- M data/osv/GO-2025-3437.json
- M data/osv/GO-2025-3764.json
- M data/reports/GO-2024-3057.yaml
- M data/reports/GO-2025-3437.yaml
- M data/reports/GO-2025-3764.yaml
Change size: M
Delta: 6 files changed, 59 insertions(+), 11 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Code-Review: +2 by Ethan Lee, +1 by Nicholas Husin
TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages