diff --git a/data/osv/GO-2024-2428.json b/data/osv/GO-2024-2428.json
index 4cd7509..6d4b284 100644
--- a/data/osv/GO-2024-2428.json
+++ b/data/osv/GO-2024-2428.json
@@ -8,7 +8,7 @@
"GHSA-fp9f-44c2-cw27"
],
"summary": "Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx",
- "details": "Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx",
+ "details": "Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2430.json b/data/osv/GO-2024-2430.json
index e26bc05..1751db9 100644
--- a/data/osv/GO-2024-2430.json
+++ b/data/osv/GO-2024-2430.json
@@ -8,7 +8,7 @@
"GHSA-qc6v-g3xw-grmx"
],
"summary": "Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs",
- "details": "Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs",
+ "details": "Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2431.json b/data/osv/GO-2024-2431.json
index 9141359..e38a5c6 100644
--- a/data/osv/GO-2024-2431.json
+++ b/data/osv/GO-2024-2431.json
@@ -8,7 +8,7 @@
"GHSA-4248-p65p-hcrm"
],
"summary": "Insecure random string generator used for sensitive data in github.com/cubefs/cubefs",
- "details": "Insecure random string generator used for sensitive data in github.com/cubefs/cubefs",
+ "details": "Insecure random string generator used for sensitive data in github.com/cubefs/cubefs.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2432.json b/data/osv/GO-2024-2432.json
index 5a563e9..919b243 100644
--- a/data/osv/GO-2024-2432.json
+++ b/data/osv/GO-2024-2432.json
@@ -8,7 +8,7 @@
"GHSA-8579-7p32-f398"
],
"summary": "CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs",
- "details": "CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs",
+ "details": "CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2433.json b/data/osv/GO-2024-2433.json
index a53496d..4c6004a 100644
--- a/data/osv/GO-2024-2433.json
+++ b/data/osv/GO-2024-2433.json
@@ -8,7 +8,7 @@
"GHSA-8h2x-gr2c-c275"
],
"summary": "CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs",
- "details": "CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs",
+ "details": "CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2434.json b/data/osv/GO-2024-2434.json
index a3dfa5e..7974f11 100644
--- a/data/osv/GO-2024-2434.json
+++ b/data/osv/GO-2024-2434.json
@@ -8,7 +8,7 @@
"GHSA-vwch-g97w-hfg2"
],
"summary": "CubeFS leaks users key in logs in github.com/cubefs/cubefs",
- "details": "CubeFS leaks users key in logs in github.com/cubefs/cubefs",
+ "details": "CubeFS leaks users key in logs in github.com/cubefs/cubefs.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2442.json b/data/osv/GO-2024-2442.json
index 29fa0eb..dc2d410 100644
--- a/data/osv/GO-2024-2442.json
+++ b/data/osv/GO-2024-2442.json
@@ -7,7 +7,7 @@
"GHSA-76cc-p55w-63g3"
],
"summary": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport",
- "details": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport",
+ "details": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2444.json b/data/osv/GO-2024-2444.json
index 23766cb..45f5952 100644
--- a/data/osv/GO-2024-2444.json
+++ b/data/osv/GO-2024-2444.json
@@ -8,7 +8,7 @@
"GHSA-9w97-9rqx-8v4j"
],
"summary": "Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server",
- "details": "Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server",
+ "details": "Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2445.json b/data/osv/GO-2024-2445.json
index 2af57fe..1c1cea3 100644
--- a/data/osv/GO-2024-2445.json
+++ b/data/osv/GO-2024-2445.json
@@ -7,7 +7,7 @@
"GHSA-c9v7-wmwj-vf6x"
],
"summary": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport",
- "details": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport",
+ "details": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2446.json b/data/osv/GO-2024-2446.json
index 0754220..7f6666d 100644
--- a/data/osv/GO-2024-2446.json
+++ b/data/osv/GO-2024-2446.json
@@ -8,7 +8,7 @@
"GHSA-h3gq-j7p9-x3p4"
],
"summary": "Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server",
- "details": "Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2447.json b/data/osv/GO-2024-2447.json
index d300340..f7b486b 100644
--- a/data/osv/GO-2024-2447.json
+++ b/data/osv/GO-2024-2447.json
@@ -7,7 +7,7 @@
"GHSA-hw4x-mcx5-9q36"
],
"summary": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport",
- "details": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport",
+ "details": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2448.json b/data/osv/GO-2024-2448.json
index 5b6123f..a616fc6 100644
--- a/data/osv/GO-2024-2448.json
+++ b/data/osv/GO-2024-2448.json
@@ -8,7 +8,7 @@
"GHSA-q7rx-w656-fwmv"
],
"summary": "Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server",
- "details": "Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server",
+ "details": "Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2449.json b/data/osv/GO-2024-2449.json
index 28218eb..8908c12 100644
--- a/data/osv/GO-2024-2449.json
+++ b/data/osv/GO-2024-2449.json
@@ -7,7 +7,7 @@
"GHSA-vfxf-76hv-v4w4"
],
"summary": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport",
- "details": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport",
+ "details": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2450.json b/data/osv/GO-2024-2450.json
index ab74364..0afa27c 100644
--- a/data/osv/GO-2024-2450.json
+++ b/data/osv/GO-2024-2450.json
@@ -8,7 +8,7 @@
"GHSA-w88v-pjr8-cmv2"
],
"summary": "Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server",
- "details": "Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server",
+ "details": "Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2468.json b/data/osv/GO-2024-2468.json
index 54e341c..6ef17c4 100644
--- a/data/osv/GO-2024-2468.json
+++ b/data/osv/GO-2024-2468.json
@@ -8,7 +8,7 @@
"GHSA-cjqf-877p-7m3f"
],
"summary": "snapd Race Condition vulnerability in github.com/snapcore/snapd",
- "details": "snapd Race Condition vulnerability in github.com/snapcore/snapd",
+ "details": "snapd Race Condition vulnerability in github.com/snapcore/snapd.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2476.json b/data/osv/GO-2024-2476.json
index 4ffdd0a..100bb4c 100644
--- a/data/osv/GO-2024-2476.json
+++ b/data/osv/GO-2024-2476.json
@@ -8,7 +8,7 @@
"GHSA-gr79-9v6v-gc9r"
],
"summary": "Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex",
- "details": "Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex",
+ "details": "Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2479.json b/data/osv/GO-2024-2479.json
index b793b7b..1fbc21c 100644
--- a/data/osv/GO-2024-2479.json
+++ b/data/osv/GO-2024-2479.json
@@ -8,7 +8,7 @@
"GHSA-mrx3-gxjx-hjqj"
],
"summary": "Authentik vulnerable to PKCE downgrade attack in goauthentik.io",
- "details": "Authentik vulnerable to PKCE downgrade attack in goauthentik.io",
+ "details": "Authentik vulnerable to PKCE downgrade attack in goauthentik.io.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2480.json b/data/osv/GO-2024-2480.json
index 4665af1..90a4378 100644
--- a/data/osv/GO-2024-2480.json
+++ b/data/osv/GO-2024-2480.json
@@ -8,7 +8,7 @@
"GHSA-qcjq-7f7v-pvc8"
],
"summary": "Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI",
- "details": "Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI",
+ "details": "Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2481.json b/data/osv/GO-2024-2481.json
index ae0da47..c009efa 100644
--- a/data/osv/GO-2024-2481.json
+++ b/data/osv/GO-2024-2481.json
@@ -8,7 +8,7 @@
"GHSA-xvq9-4vpv-227m"
],
"summary": "Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI",
- "details": "Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI",
+ "details": "Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2495.json b/data/osv/GO-2024-2495.json
index 8cd2dbc..b658083 100644
--- a/data/osv/GO-2024-2495.json
+++ b/data/osv/GO-2024-2495.json
@@ -8,7 +8,7 @@
"GHSA-9xc9-xq7w-vpcr"
],
"summary": "Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center",
- "details": "Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center",
+ "details": "Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2496.json b/data/osv/GO-2024-2496.json
index e3e4fd2..b6a530e 100644
--- a/data/osv/GO-2024-2496.json
+++ b/data/osv/GO-2024-2496.json
@@ -8,7 +8,7 @@
"GHSA-r8xp-52mq-rmm8"
],
"summary": "Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center",
- "details": "Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center",
+ "details": "Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2513.json b/data/osv/GO-2024-2513.json
index 4e3eb74..127e4d0 100644
--- a/data/osv/GO-2024-2513.json
+++ b/data/osv/GO-2024-2513.json
@@ -8,7 +8,7 @@
"GHSA-3jq7-8ph8-63xm"
],
"summary": "Grafana information disclosure in github.com/grafana/grafana",
- "details": "Grafana information disclosure in github.com/grafana/grafana",
+ "details": "Grafana information disclosure in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2515.json b/data/osv/GO-2024-2515.json
index 98bd814..12fcb79 100644
--- a/data/osv/GO-2024-2515.json
+++ b/data/osv/GO-2024-2515.json
@@ -8,7 +8,7 @@
"GHSA-7m2x-qhrq-rp8h"
],
"summary": "Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana",
- "details": "Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana",
+ "details": "Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2516.json b/data/osv/GO-2024-2516.json
index 6d55e3e..fd013b6 100644
--- a/data/osv/GO-2024-2516.json
+++ b/data/osv/GO-2024-2516.json
@@ -8,7 +8,7 @@
"GHSA-9hv8-4frf-cprf"
],
"summary": "Grafana XSS via a column style in github.com/grafana/grafana",
- "details": "Grafana XSS via a column style in github.com/grafana/grafana",
+ "details": "Grafana XSS via a column style in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2517.json b/data/osv/GO-2024-2517.json
index f6a930f..7f92616 100644
--- a/data/osv/GO-2024-2517.json
+++ b/data/osv/GO-2024-2517.json
@@ -8,7 +8,7 @@
"GHSA-ccmg-w4xm-p28v"
],
"summary": "Grafana XSS in header column rename in github.com/grafana/grafana",
- "details": "Grafana XSS in header column rename in github.com/grafana/grafana",
+ "details": "Grafana XSS in header column rename in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2519.json b/data/osv/GO-2024-2519.json
index 80bf11c..16956a1 100644
--- a/data/osv/GO-2024-2519.json
+++ b/data/osv/GO-2024-2519.json
@@ -8,7 +8,7 @@
"GHSA-m25m-5778-fm22"
],
"summary": "Grafana world readable configuration files in github.com/grafana/grafana",
- "details": "Grafana world readable configuration files in github.com/grafana/grafana",
+ "details": "Grafana world readable configuration files in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2520.json b/data/osv/GO-2024-2520.json
index 1404cb5..304b16e 100644
--- a/data/osv/GO-2024-2520.json
+++ b/data/osv/GO-2024-2520.json
@@ -8,7 +8,7 @@
"GHSA-mvpr-q6rh-8vrp"
],
"summary": "Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana",
- "details": "Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana",
+ "details": "Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2521.json b/data/osv/GO-2024-2521.json
index d1cfc91..ab959f7 100644
--- a/data/osv/GO-2024-2521.json
+++ b/data/osv/GO-2024-2521.json
@@ -8,7 +8,7 @@
"GHSA-v2cv-wwxq-qq97"
],
"summary": "Moby Docker cp broken with debian containers in github.com/moby/moby",
- "details": "Moby Docker cp broken with debian containers in github.com/moby/moby",
+ "details": "Moby Docker cp broken with debian containers in github.com/moby/moby.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2523.json b/data/osv/GO-2024-2523.json
index 3bf9695..1f8c2b0 100644
--- a/data/osv/GO-2024-2523.json
+++ b/data/osv/GO-2024-2523.json
@@ -8,7 +8,7 @@
"GHSA-xr3x-62qw-vc4w"
],
"summary": "Grafana stored XSS in github.com/grafana/grafana",
- "details": "Grafana stored XSS in github.com/grafana/grafana",
+ "details": "Grafana stored XSS in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2527.json b/data/osv/GO-2024-2527.json
index b974fd6..b70fc68 100644
--- a/data/osv/GO-2024-2527.json
+++ b/data/osv/GO-2024-2527.json
@@ -8,7 +8,7 @@
"GHSA-5x4g-q5rc-36jp"
],
"summary": "WITHDRAWN: Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3",
- "details": "(This report has been withdrawn with reason: \"too many false positives\").",
+ "details": "(This report has been withdrawn with reason: \"too many false positives\"). .\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2528.json b/data/osv/GO-2024-2528.json
index 852aeca..b1adcf4 100644
--- a/data/osv/GO-2024-2528.json
+++ b/data/osv/GO-2024-2528.json
@@ -7,7 +7,7 @@
"GHSA-j86v-2vjr-fg8f"
],
"summary": "Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd",
- "details": "Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd",
+ "details": "Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2529.json b/data/osv/GO-2024-2529.json
index 60b1961..734ab4d 100644
--- a/data/osv/GO-2024-2529.json
+++ b/data/osv/GO-2024-2529.json
@@ -7,7 +7,7 @@
"GHSA-pm3m-32r3-7mfh"
],
"summary": "Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd",
- "details": "Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd",
+ "details": "Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2530.json b/data/osv/GO-2024-2530.json
index 9ba6fda..dde9729 100644
--- a/data/osv/GO-2024-2530.json
+++ b/data/osv/GO-2024-2530.json
@@ -7,7 +7,7 @@
"GHSA-vjg6-93fv-qv64"
],
"summary": "Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd",
- "details": "Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd",
+ "details": "Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in go.etcd.io/etcd.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2535.json b/data/osv/GO-2024-2535.json
index a4e071f..50db364 100644
--- a/data/osv/GO-2024-2535.json
+++ b/data/osv/GO-2024-2535.json
@@ -8,7 +8,7 @@
"GHSA-c85r-fwc7-45vc"
],
"summary": "Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher",
- "details": "Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher",
+ "details": "Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2537.json b/data/osv/GO-2024-2537.json
index d754bb6..036cd10 100644
--- a/data/osv/GO-2024-2537.json
+++ b/data/osv/GO-2024-2537.json
@@ -8,7 +8,7 @@
"GHSA-xfj7-qf8w-2gcr"
],
"summary": "Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher",
- "details": "Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher",
+ "details": "Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2540.json b/data/osv/GO-2024-2540.json
index 70a6805..46388fa 100644
--- a/data/osv/GO-2024-2540.json
+++ b/data/osv/GO-2024-2540.json
@@ -8,7 +8,7 @@
"GHSA-qr8f-cjw7-838m"
],
"summary": "Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira",
- "details": "Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira",
+ "details": "Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2541.json b/data/osv/GO-2024-2541.json
index ed3b909..725575f 100644
--- a/data/osv/GO-2024-2541.json
+++ b/data/osv/GO-2024-2541.json
@@ -8,7 +8,7 @@
"GHSA-32h7-7j94-8fc2"
],
"summary": "Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server",
- "details": "Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server",
+ "details": "Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2556.json b/data/osv/GO-2024-2556.json
index a21e345..1aa6701 100644
--- a/data/osv/GO-2024-2556.json
+++ b/data/osv/GO-2024-2556.json
@@ -8,7 +8,7 @@
"GHSA-8r33-q5j5-rh7g"
],
"summary": "APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server",
- "details": "APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server",
+ "details": "APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2566.json b/data/osv/GO-2024-2566.json
index 72f09a5..ea73750 100644
--- a/data/osv/GO-2024-2566.json
+++ b/data/osv/GO-2024-2566.json
@@ -8,7 +8,7 @@
"GHSA-r833-w756-h5p2"
],
"summary": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server",
- "details": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server",
+ "details": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2576.json b/data/osv/GO-2024-2576.json
index db598fe..ba7b849 100644
--- a/data/osv/GO-2024-2576.json
+++ b/data/osv/GO-2024-2576.json
@@ -8,7 +8,7 @@
"GHSA-84xv-jfrm-h4gm"
],
"summary": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library",
- "details": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library",
+ "details": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2582.json b/data/osv/GO-2024-2582.json
index 9846f82..6ae963e 100644
--- a/data/osv/GO-2024-2582.json
+++ b/data/osv/GO-2024-2582.json
@@ -8,7 +8,7 @@
"GHSA-q6h8-4j2v-pjg4"
],
"summary": "Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder",
- "details": "Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder",
+ "details": "Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2588.json b/data/osv/GO-2024-2588.json
index f8ba60e..2fc6fd0 100644
--- a/data/osv/GO-2024-2588.json
+++ b/data/osv/GO-2024-2588.json
@@ -8,7 +8,7 @@
"GHSA-3g35-v53r-gpxc"
],
"summary": "Mattermost race condition in github.com/mattermost/mattermost-server",
- "details": "Mattermost race condition in github.com/mattermost/mattermost-server",
+ "details": "Mattermost race condition in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2589.json b/data/osv/GO-2024-2589.json
index 58b0719..6f47345 100644
--- a/data/osv/GO-2024-2589.json
+++ b/data/osv/GO-2024-2589.json
@@ -8,7 +8,7 @@
"GHSA-6mx3-9qfh-77gj"
],
"summary": "Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server",
- "details": "Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server",
+ "details": "Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2590.json b/data/osv/GO-2024-2590.json
index c13ce91..588bf74 100644
--- a/data/osv/GO-2024-2590.json
+++ b/data/osv/GO-2024-2590.json
@@ -8,7 +8,7 @@
"GHSA-7v3v-984v-h74r"
],
"summary": "Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server",
- "details": "Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server",
+ "details": "Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2591.json b/data/osv/GO-2024-2591.json
index 58a7148..eb39cbd 100644
--- a/data/osv/GO-2024-2591.json
+++ b/data/osv/GO-2024-2591.json
@@ -8,7 +8,7 @@
"GHSA-fx48-xv6q-6gp3"
],
"summary": "Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server",
- "details": "Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server",
+ "details": "Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2592.json b/data/osv/GO-2024-2592.json
index d90a0d4..5f62969 100644
--- a/data/osv/GO-2024-2592.json
+++ b/data/osv/GO-2024-2592.json
@@ -8,7 +8,7 @@
"GHSA-hwjf-4667-gqwx"
],
"summary": "Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server",
- "details": "Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server",
+ "details": "Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2593.json b/data/osv/GO-2024-2593.json
index 4d13e22..1ffa823 100644
--- a/data/osv/GO-2024-2593.json
+++ b/data/osv/GO-2024-2593.json
@@ -8,7 +8,7 @@
"GHSA-pfw6-5rx3-xh3c"
],
"summary": "Mattermost fails to check the \"invite_guest\" permission in github.com/mattermost/mattermost-server",
- "details": "Mattermost fails to check the \"invite_guest\" permission in github.com/mattermost/mattermost-server",
+ "details": "Mattermost fails to check the \"invite_guest\" permission in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2594.json b/data/osv/GO-2024-2594.json
index 2741e35..34ba2cf 100644
--- a/data/osv/GO-2024-2594.json
+++ b/data/osv/GO-2024-2594.json
@@ -8,7 +8,7 @@
"GHSA-vm9m-57jr-4pxh"
],
"summary": "Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server",
- "details": "Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server",
+ "details": "Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2595.json b/data/osv/GO-2024-2595.json
index 5742055..c041f94 100644
--- a/data/osv/GO-2024-2595.json
+++ b/data/osv/GO-2024-2595.json
@@ -8,7 +8,7 @@
"GHSA-xgxj-j98c-59rv"
],
"summary": "Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server",
- "details": "Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server",
+ "details": "Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2629.json b/data/osv/GO-2024-2629.json
index f6e420a..d5d7338 100644
--- a/data/osv/GO-2024-2629.json
+++ b/data/osv/GO-2024-2629.json
@@ -8,7 +8,7 @@
"GHSA-5mxf-42f5-j782"
],
"summary": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana",
- "details": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana",
+ "details": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2635.json b/data/osv/GO-2024-2635.json
index b0d7bf8..f978950 100644
--- a/data/osv/GO-2024-2635.json
+++ b/data/osv/GO-2024-2635.json
@@ -8,7 +8,7 @@
"GHSA-r4fm-g65h-cr54"
],
"summary": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server",
- "details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server",
+ "details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2637.json b/data/osv/GO-2024-2637.json
index c8a59f9..de0073f 100644
--- a/data/osv/GO-2024-2637.json
+++ b/data/osv/GO-2024-2637.json
@@ -8,7 +8,7 @@
"GHSA-mq4x-r2w3-j7mr"
],
"summary": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel",
- "details": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel",
+ "details": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2664.json b/data/osv/GO-2024-2664.json
index 80a229f..01c7703 100644
--- a/data/osv/GO-2024-2664.json
+++ b/data/osv/GO-2024-2664.json
@@ -8,7 +8,7 @@
"GHSA-gp8g-f42f-95q2"
],
"summary": "ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel",
- "details": "ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel",
+ "details": "ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2665.json b/data/osv/GO-2024-2665.json
index 7ea1368..718ed20 100644
--- a/data/osv/GO-2024-2665.json
+++ b/data/osv/GO-2024-2665.json
@@ -8,7 +8,7 @@
"GHSA-hr5w-cwwq-2v4m"
],
"summary": "ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel",
- "details": "ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel",
+ "details": "ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2695.json b/data/osv/GO-2024-2695.json
index 13f71d8..ae27b8d 100644
--- a/data/osv/GO-2024-2695.json
+++ b/data/osv/GO-2024-2695.json
@@ -8,7 +8,7 @@
"GHSA-mcw6-3256-64gg"
],
"summary": "Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server",
- "details": "Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2696.json b/data/osv/GO-2024-2696.json
index fbef4da..7c4cf46 100644
--- a/data/osv/GO-2024-2696.json
+++ b/data/osv/GO-2024-2696.json
@@ -8,7 +8,7 @@
"GHSA-wp43-vprh-c3w5"
],
"summary": "Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server",
- "details": "Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server",
+ "details": "Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2697.json b/data/osv/GO-2024-2697.json
index ab10280..56b6771 100644
--- a/data/osv/GO-2024-2697.json
+++ b/data/osv/GO-2024-2697.json
@@ -8,7 +8,7 @@
"GHSA-67rv-qpw2-6qrr"
],
"summary": "Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana",
- "details": "Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana",
+ "details": "Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2706.json b/data/osv/GO-2024-2706.json
index f938615..a77d024 100644
--- a/data/osv/GO-2024-2706.json
+++ b/data/osv/GO-2024-2706.json
@@ -8,7 +8,7 @@
"GHSA-w67v-ph4x-f48q"
],
"summary": "Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server",
- "details": "Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2707.json b/data/osv/GO-2024-2707.json
index d96ce81..30db483 100644
--- a/data/osv/GO-2024-2707.json
+++ b/data/osv/GO-2024-2707.json
@@ -8,7 +8,7 @@
"GHSA-xp9j-8p68-9q93"
],
"summary": "Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server",
- "details": "Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2717.json b/data/osv/GO-2024-2717.json
index fabe14f..5bb93d0 100644
--- a/data/osv/GO-2024-2717.json
+++ b/data/osv/GO-2024-2717.json
@@ -8,7 +8,7 @@
"GHSA-wx43-g55g-2jf4"
],
"summary": "LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI",
- "details": "LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI",
+ "details": "LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2734.json b/data/osv/GO-2024-2734.json
index be4eb4d..950a855 100644
--- a/data/osv/GO-2024-2734.json
+++ b/data/osv/GO-2024-2734.json
@@ -8,7 +8,7 @@
"GHSA-6m9h-2pr2-9j8f"
],
"summary": "1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel",
- "details": "1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel",
+ "details": "1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2750.json b/data/osv/GO-2024-2750.json
index 7f73ef9..8b1526a 100644
--- a/data/osv/GO-2024-2750.json
+++ b/data/osv/GO-2024-2750.json
@@ -8,7 +8,7 @@
"GHSA-2v35-wj4r-rcmv"
],
"summary": "Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure",
- "details": "Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure",
+ "details": "Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2760.json b/data/osv/GO-2024-2760.json
index 78d4af7..ae2e5e9 100644
--- a/data/osv/GO-2024-2760.json
+++ b/data/osv/GO-2024-2760.json
@@ -8,7 +8,7 @@
"GHSA-28g7-896h-695v"
],
"summary": "Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher",
- "details": "Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher",
+ "details": "Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2768.json b/data/osv/GO-2024-2768.json
index 01f5122..e9926db 100644
--- a/data/osv/GO-2024-2768.json
+++ b/data/osv/GO-2024-2768.json
@@ -8,7 +8,7 @@
"GHSA-f9xf-jq4j-vqw4"
],
"summary": "Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher",
- "details": "Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher",
+ "details": "Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2771.json b/data/osv/GO-2024-2771.json
index 5a04ca8..4d4a898 100644
--- a/data/osv/GO-2024-2771.json
+++ b/data/osv/GO-2024-2771.json
@@ -8,7 +8,7 @@
"GHSA-gvh9-xgrq-r8hw"
],
"summary": "Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher",
- "details": "Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher",
+ "details": "Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2778.json b/data/osv/GO-2024-2778.json
index bde2160..50ac7e5 100644
--- a/data/osv/GO-2024-2778.json
+++ b/data/osv/GO-2024-2778.json
@@ -8,7 +8,7 @@
"GHSA-pvxj-25m6-7vqr"
],
"summary": "Rancher Privilege escalation vulnerability via malicious \"Connection\" header in github.com/rancher/rancher",
- "details": "Rancher Privilege escalation vulnerability via malicious \"Connection\" header in github.com/rancher/rancher",
+ "details": "Rancher Privilege escalation vulnerability via malicious \"Connection\" header in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2788.json b/data/osv/GO-2024-2788.json
index 749011b..bd84e85 100644
--- a/data/osv/GO-2024-2788.json
+++ b/data/osv/GO-2024-2788.json
@@ -8,7 +8,7 @@
"GHSA-7j7j-66cv-m239"
],
"summary": "ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel",
- "details": "ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel",
+ "details": "ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2801.json b/data/osv/GO-2024-2801.json
index 8971eb5..9c23fc6 100644
--- a/data/osv/GO-2024-2801.json
+++ b/data/osv/GO-2024-2801.json
@@ -8,7 +8,7 @@
"GHSA-6362-gv4m-53ww"
],
"summary": "Calico privilege escalation vulnerability in github.com/projectcalico/calico",
- "details": "Calico privilege escalation vulnerability in github.com/projectcalico/calico",
+ "details": "Calico privilege escalation vulnerability in github.com/projectcalico/calico.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2804.json b/data/osv/GO-2024-2804.json
index e503e19..dc376c5 100644
--- a/data/osv/GO-2024-2804.json
+++ b/data/osv/GO-2024-2804.json
@@ -8,7 +8,7 @@
"GHSA-q5qj-x2h5-3945"
],
"summary": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel",
- "details": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel",
+ "details": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2843.json b/data/osv/GO-2024-2843.json
index 1adc2fa..5447d73 100644
--- a/data/osv/GO-2024-2843.json
+++ b/data/osv/GO-2024-2843.json
@@ -8,7 +8,7 @@
"GHSA-2x6g-h2hg-rq84"
],
"summary": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana",
- "details": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana",
+ "details": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2844.json b/data/osv/GO-2024-2844.json
index a28e3ab..a5c719e 100644
--- a/data/osv/GO-2024-2844.json
+++ b/data/osv/GO-2024-2844.json
@@ -8,7 +8,7 @@
"GHSA-3p62-42x7-gxg5"
],
"summary": "Grafana User enumeration via forget password in github.com/grafana/grafana",
- "details": "Grafana User enumeration via forget password in github.com/grafana/grafana",
+ "details": "Grafana User enumeration via forget password in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2847.json b/data/osv/GO-2024-2847.json
index d1eb575..15f7849 100644
--- a/data/osv/GO-2024-2847.json
+++ b/data/osv/GO-2024-2847.json
@@ -8,7 +8,7 @@
"GHSA-ff5c-938w-8c9q"
],
"summary": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana",
- "details": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana",
+ "details": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2848.json b/data/osv/GO-2024-2848.json
index 8853cff..47962c1 100644
--- a/data/osv/GO-2024-2848.json
+++ b/data/osv/GO-2024-2848.json
@@ -8,7 +8,7 @@
"GHSA-gj7m-853r-289r"
],
"summary": "Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana",
- "details": "Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana",
+ "details": "Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2851.json b/data/osv/GO-2024-2851.json
index 308e529..bd1beb3 100644
--- a/data/osv/GO-2024-2851.json
+++ b/data/osv/GO-2024-2851.json
@@ -8,7 +8,7 @@
"GHSA-jv32-5578-pxjc"
],
"summary": "Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana",
- "details": "Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana",
+ "details": "Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2852.json b/data/osv/GO-2024-2852.json
index 7ce4db9..892c205 100644
--- a/data/osv/GO-2024-2852.json
+++ b/data/osv/GO-2024-2852.json
@@ -8,7 +8,7 @@
"GHSA-mx47-6497-3fv2"
],
"summary": "Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana",
- "details": "Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana",
+ "details": "Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2854.json b/data/osv/GO-2024-2854.json
index efd069d..7624331 100644
--- a/data/osv/GO-2024-2854.json
+++ b/data/osv/GO-2024-2854.json
@@ -8,7 +8,7 @@
"GHSA-p978-56hq-r492"
],
"summary": "Grafana folders admin only permission privilege escalation in github.com/grafana/grafana",
- "details": "Grafana folders admin only permission privilege escalation in github.com/grafana/grafana",
+ "details": "Grafana folders admin only permission privilege escalation in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2855.json b/data/osv/GO-2024-2855.json
index 2354433..0418ed1 100644
--- a/data/osv/GO-2024-2855.json
+++ b/data/osv/GO-2024-2855.json
@@ -8,7 +8,7 @@
"GHSA-rhxj-gh46-jvw8"
],
"summary": "Grafana Plugin signature bypass in github.com/grafana/grafana",
- "details": "Grafana Plugin signature bypass in github.com/grafana/grafana",
+ "details": "Grafana Plugin signature bypass in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2856.json b/data/osv/GO-2024-2856.json
index 8c16ae5..637a815 100644
--- a/data/osv/GO-2024-2856.json
+++ b/data/osv/GO-2024-2856.json
@@ -8,7 +8,7 @@
"GHSA-vqc4-mpj8-jxch"
],
"summary": "Grafana Race condition allowing privilege escalation in github.com/grafana/grafana",
- "details": "Grafana Race condition allowing privilege escalation in github.com/grafana/grafana",
+ "details": "Grafana Race condition allowing privilege escalation in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2857.json b/data/osv/GO-2024-2857.json
index ae875df..e107721 100644
--- a/data/osv/GO-2024-2857.json
+++ b/data/osv/GO-2024-2857.json
@@ -8,7 +8,7 @@
"GHSA-vw7q-p2qg-4m5f"
],
"summary": "Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana",
- "details": "Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana",
+ "details": "Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2858.json b/data/osv/GO-2024-2858.json
index d45627b..44b2d24 100644
--- a/data/osv/GO-2024-2858.json
+++ b/data/osv/GO-2024-2858.json
@@ -8,7 +8,7 @@
"GHSA-x744-mm8v-vpgr"
],
"summary": "Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana",
- "details": "Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana",
+ "details": "Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2867.json b/data/osv/GO-2024-2867.json
index 8144ae6..8f6c49a 100644
--- a/data/osv/GO-2024-2867.json
+++ b/data/osv/GO-2024-2867.json
@@ -8,7 +8,7 @@
"GHSA-4724-7jwc-3fpw"
],
"summary": "Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana",
- "details": "Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana",
+ "details": "Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2921.json b/data/osv/GO-2024-2921.json
index 73a5a02..c2af192 100644
--- a/data/osv/GO-2024-2921.json
+++ b/data/osv/GO-2024-2921.json
@@ -8,7 +8,7 @@
"GHSA-32cj-5wx4-gq8p"
],
"summary": "HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault",
- "details": "HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault",
+ "details": "HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2924.json b/data/osv/GO-2024-2924.json
index 24c4596..129b480 100644
--- a/data/osv/GO-2024-2924.json
+++ b/data/osv/GO-2024-2924.json
@@ -8,7 +8,7 @@
"GHSA-7jp9-vgmq-c8r5"
],
"summary": "AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome",
- "details": "AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome",
+ "details": "AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2929.json b/data/osv/GO-2024-2929.json
index c7d45f3..b1d504f 100644
--- a/data/osv/GO-2024-2929.json
+++ b/data/osv/GO-2024-2929.json
@@ -8,7 +8,7 @@
"GHSA-64jq-m7rq-768h"
],
"summary": "Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher",
- "details": "Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher",
+ "details": "Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2931.json b/data/osv/GO-2024-2931.json
index efae6a0..6e4aefe 100644
--- a/data/osv/GO-2024-2931.json
+++ b/data/osv/GO-2024-2931.json
@@ -8,7 +8,7 @@
"GHSA-9ghh-mmcq-8phc"
],
"summary": "Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher",
- "details": "Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher",
+ "details": "Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2932.json b/data/osv/GO-2024-2932.json
index ce5cbfe..49ed745 100644
--- a/data/osv/GO-2024-2932.json
+++ b/data/osv/GO-2024-2932.json
@@ -8,7 +8,7 @@
"GHSA-q6c7-56cq-g2wm"
],
"summary": "Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher",
- "details": "Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher",
+ "details": "Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/data/osv/GO-2024-2938.json b/data/osv/GO-2024-2938.json
index d55ca64..84d126c 100644
--- a/data/osv/GO-2024-2938.json
+++ b/data/osv/GO-2024-2938.json
@@ -8,7 +8,7 @@
"GHSA-cpcx-r2gq-x893"
],
"summary": "LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI",
- "details": "LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI",
+ "details": "LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI.\n\nNOTE: The source advisory for this report contains one or more versions that are not known to the Go module proxy. This most commonly occurs when a module uses its own versioning scheme.\n\nThis means that the versions list may not match the source report. If this is causing false-positive reports or other issues, please suggest an edit to the report with the correct versions.",
"affected": [
{
"package": {
diff --git a/internal/report/osv.go b/internal/report/osv.go
index b00f8cf..02bc569 100644
--- a/internal/report/osv.go
+++ b/internal/report/osv.go
@@ -31,6 +31,14 @@
SchemaVersion = "1.3.1"
)
+const nonGoExplanation = `NOTE: The source advisory for this report contains
+one or more versions that are not known to the Go module proxy.
+This most commonly occurs when a module uses its own versioning scheme.
+
+This means that the versions list may not match the source report.
+If this is causing false-positive reports or other issues,
+please suggest an edit to the report with the correct versions.`
+
// ToOSV creates an osv.Entry for a report.
// lastModified is the time the report should be considered to have
// been most recently modified.
@@ -47,14 +55,6 @@
withdrawn = &osv.Time{Time: *r.Withdrawn}
}
- // If the report has no description, use the summary for now.
- // TODO(https://go.dev/issues/61201): Remove this once pkgsite and
- // govulncheck can robustly display summaries in place of details.
- details := r.Description
- if details == "" {
- details = Description(r.Summary)
- }
-
entry := osv.Entry{
ID: r.ID,
Published: osv.Time{Time: r.Published},
@@ -62,7 +62,6 @@
Withdrawn: withdrawn,
Related: r.Related,
Summary: toParagraphs(r.Summary.String()),
- Details: toParagraphs(details.String()),
Credits: credits,
SchemaVersion: SchemaVersion,
DatabaseSpecific: &osv.DatabaseSpecific{
@@ -71,12 +70,16 @@
},
}
+ hasNonGoVersions := false
for _, m := range r.Modules {
affected, err := toAffected(m)
if err != nil {
return osv.Entry{}, err
}
entry.Affected = append(entry.Affected, affected)
+ if len(m.NonGoVersions) != 0 {
+ hasNonGoVersions = true
+ }
}
for _, ref := range r.References {
entry.References = append(entry.References, osv.Reference{
@@ -85,6 +88,23 @@
})
}
entry.Aliases = r.Aliases()
+
+ // If the report has no description, use the summary for now.
+ // TODO(https://go.dev/issues/61201): Remove this once pkgsite and
+ // govulncheck can robustly display summaries in place of details.
+ details := r.Description.String()
+ if details == "" {
+ details = r.Summary.String()
+ }
+ // Add an explanation about non-Go versions if applicable.
+ if hasNonGoVersions && !r.IsReviewed() {
+ if !strings.HasSuffix(details, ".") {
+ details = fmt.Sprintf("%s.", details)
+ }
+ details = fmt.Sprintf("%s\n\n%s", details, nonGoExplanation)
+ }
+ entry.Details = toParagraphs(details)
+
return entry, nil
}