From 331086274ee9ed1d04266b96e1c47e288ed00312 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 04:48:50 +0000 Subject: [PATCH 1/7] feat: Add configuration option to disable scanning Go version from go.mod OSV-Scanner historically used the go version in go.mod to emit Go-version-related warnings. However, the `go` directive is a minimum language version for the module, not the actual Go toolchain used to build or run the project. This commit changes the default behavior to not emit warnings or make vulnerability-related decisions based only on the go directive in go.mod. A new configuration setting `ScanGoModVersion` is introduced in `osv-scanner.toml` to opt-in back to this behavior. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../testdata/cassettes/TestCommand.yaml | 761 +++++++++++++++++- .../cassettes/TestCommand_Licenses.yaml | 75 ++ ...stCommand_LockfileWithExplicitParseAs.yaml | 300 +++++++ docs/configuration.md | 12 + internal/config/config.go | 1 + pkg/osvscanner/osvscanner.go | 25 +- 6 files changed, 1132 insertions(+), 42 deletions(-) diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index 0673138edae..2dd2a246ed5 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -540,6 +540,36 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -1038,6 +1068,36 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version,_recursive + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -1305,6 +1365,36 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3 + host: api.osv.dev + body: | + {} + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Go_project_with_an_overridden_go_version_and_licences + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2 + body: | + {} + headers: + Content-Length: + - "2" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -2059,7 +2149,436 @@ interactions: } headers: Content-Length: - - "1566" + - "1566" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 3253 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + }, + { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973" + }, + { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d" + }, + { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6" + }, + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-baselayout" + }, + "version": "3.4.0-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-baselayout-data" + }, + "version": "3.4.0-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "alpine-keys" + }, + "version": "2.4-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "apk-tools" + }, + "version": "2.12.10-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "busybox-binsh" + }, + "version": "1.36.1-r27" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "ca-certificates-bundle" + }, + "version": "20220614-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libc-utils" + }, + "version": "0.7.2-r3" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libcrypto3" + }, + "version": "3.0.8-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "libssl3" + }, + "version": "3.0.8-r0" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "musl" + }, + "version": "1.2.3-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "musl-utils" + }, + "version": "1.2.3-r4" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "scanelf" + }, + "version": "1.3.5-r1" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "ssl_client" + }, + "version": "1.36.1-r27" + }, + { + "package": { + "ecosystem": "Alpine", + "name": "zlib" + }, + "version": "1.2.13-r0" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/core" + }, + "version": "10.4.5" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/simple_sitemap" + }, + "version": "4.2.1" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "drupal/tfa" + }, + "version": "2.0.0-alpha4" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "theseer/tokenizer" + }, + "version": "1.1.3" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_file_can_be_broad + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 1278 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {}, + { + "vulns": [ + { + "id": "CVE-2023-39137", + "modified": "2025-11-20T12:19:03.518975Z" + }, + { + "id": "CVE-2023-39139", + "modified": "2025-11-20T12:19:06.047365Z" + } + ] + }, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2025-26519", + "modified": "2025-12-11T11:01:04.579010Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "2026-03-09T02:10:12.057314Z" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "2026-03-09T02:09:33.041671Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CORE-2025-005", + "modified": "2025-12-10T23:41:07.744028Z" + }, + { + "id": "DRUPAL-CORE-2025-006", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "DRUPAL-CORE-2025-007", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "DRUPAL-CORE-2025-008", + "modified": "2025-12-10T23:41:00.167393Z" + }, + { + "id": "GHSA-83v7-c2cf-p9c2", + "modified": "2025-12-10T23:41:07.744028Z" + }, + { + "id": "GHSA-h89p-5896-f4q8", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "GHSA-m6vv-vcj8-w8m7", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "GHSA-mhpg-hpj5-73r2", + "modified": "2026-02-03T03:15:35.495869Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CONTRIB-2025-083", + "modified": "2025-12-10T23:41:32.857305Z" + } + ] + }, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {} + ] + } + headers: + Content-Length: + - "1278" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 151 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_file_is_invalid + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 16 + body: | + { + "results": [ + {} + ] + } + headers: + Content-Length: + - "16" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 521 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "balanced-match" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 25 + body: | + { + "results": [ + {}, + {}, + {}, + {} + ] + } + headers: + Content-Length: + - "25" Content-Type: - application/json status: 200 OK @@ -2069,17 +2588,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 151 + content_length: 519 host: api.osv.dev body: | { "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, { "package": { "ecosystem": "Packagist", - "name": "sentry/sdk" + "name": "league/flysystem" }, - "version": "2.0.4" + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" } ] } @@ -2087,23 +2627,33 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/config_file_is_invalid + - TestCommand/cyclonedx_1.4_output url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 16 + content_length: 104 body: | { "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, {} ] } headers: Content-Length: - - "16" + - "104" Content-Type: - application/json status: 200 OK @@ -2113,38 +2663,45 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 521 + content_length: 638 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "RubyGems", - "name": "ast" + "ecosystem": "npm", + "name": "has-flag" }, - "version": "2.4.2" + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" }, { "package": { "ecosystem": "Packagist", - "name": "sentry/sdk" + "name": "league/flysystem" }, - "version": "2.0.4" + "version": "1.0.8" }, { "package": { - "ecosystem": "npm", - "name": "ansi-html" + "ecosystem": "Go", + "name": "stdlib" }, - "version": "0.0.8" + "version": "1.99.9" }, { "package": { - "ecosystem": "npm", - "name": "balanced-match" + "ecosystem": "Go", + "name": "toolchain" }, - "version": "1.0.2" + "version": "1.99.9" } ] } @@ -2152,26 +2709,34 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id + - TestCommand/cyclonedx_1.4_output url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 25 + content_length: 107 body: | { "results": [ {}, {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-13T22:01:08.982482Z" + } + ] + }, {}, {} ] } headers: Content-Length: - - "25" + - "107" Content-Type: - application/json status: 200 OK @@ -2227,7 +2792,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/cyclonedx_1.4_output + - TestCommand/cyclonedx_1.5_output url: https://api.osv.dev/v1/querybatch method: POST response: @@ -2264,7 +2829,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 638 + content_length: 519 host: api.osv.dev body: | { @@ -2290,13 +2855,6 @@ interactions: }, "version": "1.0.8" }, - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.99.9" - }, { "package": { "ecosystem": "Go", @@ -2317,7 +2875,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 107 + content_length: 104 body: | { "results": [ @@ -2327,17 +2885,16 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" + "modified": "2026-03-10T23:45:30.937461Z" } ] }, - {}, {} ] } headers: Content-Length: - - "107" + - "104" Content-Type: - application/json status: 200 OK @@ -5818,6 +6375,65 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 144 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.24.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/go_packages_in_osv-scanner.json_format + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 214 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GO-2025-3828", + "modified": "2026-02-04T03:33:13.542630Z" + }, + { + "id": "GO-2026-4339", + "modified": "2026-02-04T04:20:19.626029Z" + }, + { + "id": "GO-2026-4433", + "modified": "2026-03-02T10:44:08.411132Z" + } + ] + } + ] + } + headers: + Content-Length: + - "214" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -7862,6 +8478,81 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 519 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/spdx_2.3_output + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml index 418d85d7930..ac1b483d3fd 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml @@ -604,6 +604,81 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 529 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + }, + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Licenses/Some_packages_with_ignored_licenses + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 104 + body: | + { + "results": [ + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + {}, + {}, + {} + ] + } + headers: + Content-Length: + - "104" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml index 660f7fe0eaf..67959ea1664 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml @@ -246,6 +246,111 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 763 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 268 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "268" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -359,6 +464,111 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 763 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic_2 + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 268 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "268" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -487,3 +697,93 @@ interactions: status: 200 OK code: 200 duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 641 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "has-flag" + }, + "version": "4.0.0" + }, + { + "package": { + "ecosystem": "npm", + "name": "wrappy" + }, + "version": "1.0.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "league/flysystem" + }, + "version": "1.0.8" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + }, + { + "package": { + "ecosystem": "Go", + "name": "toolchain" + }, + "version": "1.99.9" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_LockfileWithExplicitParseAs/when_an_explicit_parse-as_is_given,_it's_applied_to_that_file + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 186 + body: | + { + "results": [ + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-10T23:45:30.937461Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "186" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s diff --git a/docs/configuration.md b/docs/configuration.md index 94c6bf2dbda..137721496ed 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -106,6 +106,18 @@ reason = "internal packages should not be checked" When `nameIsRegex` is set to `true`, the `name` field is treated as a regular expression pattern. The pattern is automatically anchored to match the full package name (i.e. `^pattern$`). Standard [Go regular expression syntax](https://pkg.go.dev/regexp/syntax) is supported. An invalid regex pattern will cause a config loading error. +## Scan Go Mod Version + +By default, OSV-Scanner does not scan the Go version from `go.mod` files because the `go` directive specifies the minimum required language version, not necessarily the toolchain version used to build or run the project. This can lead to misleading vulnerabilities. + +You can enable scanning the Go version from `go.mod` by setting the `ScanGoModVersion` key to `true`. + +### Example + +```toml +ScanGoModVersion = true +``` + ## Go Version Override Use the `GoVersionOverride` key to override the Go version used for scanning. This is useful when the scanner fails to detect the correct Go version or when you want to force a specific version. diff --git a/internal/config/config.go b/internal/config/config.go index 879b74fbeb6..c70e7068940 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -17,6 +17,7 @@ type Config struct { IgnoredVulns []*IgnoreEntry `toml:"IgnoredVulns"` PackageOverrides []PackageOverrideEntry `toml:"PackageOverrides"` GoVersionOverride string `toml:"GoVersionOverride"` + ScanGoModVersion bool `toml:"ScanGoModVersion"` // The path to config file that this config was loaded from, // set by the scanner after having successfully parsed the file LoadPath string `toml:"-"` diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 73b5ec051de..cb428caf133 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -16,6 +16,7 @@ import ( "github.com/google/osv-scalibr/artifact/image/layerscanning/image" "github.com/google/osv-scalibr/binary/proto" "github.com/google/osv-scalibr/clients/datasource" + "github.com/google/osv-scalibr/extractor" "github.com/google/osv-scalibr/inventory" scalibrlog "github.com/google/osv-scalibr/log" "github.com/google/osv-scalibr/plugin" @@ -209,7 +210,7 @@ func DoScan(actions ScannerActions) (models.VulnerabilityResults, error) { filterIgnoredPackages(&scanResults) // ----- Custom Overrides ----- - overrideGoVersion(&scanResults) + filterAndOverrideGoVersion(&scanResults) // --- Make Vulnerability Requests --- if accessors.VulnMatcher != nil { @@ -518,16 +519,26 @@ func makeVulnRequestWithMatcher( return nil } -// Overrides Go version using osv-scanner.toml -func overrideGoVersion(scanResults *results.ScanResults) { +// Filters out Go version or Overrides it using osv-scanner.toml +func filterAndOverrideGoVersion(scanResults *results.ScanResults) { + // Filter inventory packages + scanResults.Inventory.Packages = slices.DeleteFunc(scanResults.Inventory.Packages, func(pkg *extractor.Package) bool { + if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { + pi := imodels.FromPackage(pkg) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + return !configToUse.ScanGoModVersion + } + return false + }) + + // Override versions for remaining inventory packages for i, pkg := range scanResults.Inventory.Packages { - if imodels.Name(pkg) == "stdlib" && imodels.Ecosystem(pkg).Ecosystem == osvconstants.EcosystemGo { - configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) + if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { + pi := imodels.FromPackage(pkg) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) if configToUse.GoVersionOverride != "" { scanResults.Inventory.Packages[i].Version = configToUse.GoVersionOverride } - - continue } } } From 0636140c71ad5982fc899fa5e7cdebb3d47bb458 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 05:05:50 +0000 Subject: [PATCH 2/7] fix: resolve golangci-lint nlreturn issues Add missing blank lines before return statements to comply with nlreturn rules in golangci-lint. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- pkg/osvscanner/osvscanner.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index cb428caf133..64fc1cd63b1 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -521,13 +521,16 @@ func makeVulnRequestWithMatcher( // Filters out Go version or Overrides it using osv-scanner.toml func filterAndOverrideGoVersion(scanResults *results.ScanResults) { + // Filter inventory packages scanResults.Inventory.Packages = slices.DeleteFunc(scanResults.Inventory.Packages, func(pkg *extractor.Package) bool { if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { pi := imodels.FromPackage(pkg) configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + return !configToUse.ScanGoModVersion } + return false }) From 6f8dab41e2ab71093bb3b0113c4b85e085b4a559 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 05:41:32 +0000 Subject: [PATCH 3/7] test: update snapshots to fix minimist vulnerability count change in tests Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../scan/image/__snapshots__/command_test.snap | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 743a50ce01c..a23183dd71a 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -1078,8 +1078,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 4 packages affected by 18 known vulnerabilities (3 Critical, 3 High, 10 Medium, 2 Low, 0 Unknown) from 2 ecosystems. -17 vulnerabilities can be fixed. +Total 4 packages affected by 17 known vulnerabilities (3 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 2 ecosystems. +16 vulnerabilities can be fixed. npm @@ -1089,7 +1089,7 @@ npm | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +----------+-------------------+------------------+------------+------------------+---------------+ | cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | -| minimist | 0.0.8 | Fix Available | 2 | # 13 Layer | -- | +| minimist | 0.0.8 | Fix Available | 1 | # 13 Layer | -- | +----------+-------------------+------------------+------------+------------------+---------------+ Alpine:v3.19 +------------------------------------------------------------------------------------------------------------------------------+ @@ -3068,7 +3068,7 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" "index": 13 } }, - "groups": 2, + "groups": 1, "vulnerabilities": [ "GHSA-vh95-rmgr-6w4m", "GHSA-xvch-5gv4-984h" From c78dc8eca40cd2b100eb4d1840aa0bab8ec4458c Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 06:05:50 +0000 Subject: [PATCH 4/7] chore: retrigger CI due to deps.dev RPC timeout flake Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> From d3a5475589ad1541b4e88e0394cc9bfdd2c16df5 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 06:46:55 +0000 Subject: [PATCH 5/7] test: update git scan snapshot Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com> --- .../scan/image/__snapshots__/command_test.snap | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index a23183dd71a..743a50ce01c 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -1078,8 +1078,8 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" Container Scanning Result (Alpine Linux v3.19) (Based on "library/node" image): -Total 4 packages affected by 17 known vulnerabilities (3 Critical, 3 High, 9 Medium, 2 Low, 0 Unknown) from 2 ecosystems. -16 vulnerabilities can be fixed. +Total 4 packages affected by 18 known vulnerabilities (3 Critical, 3 High, 10 Medium, 2 Low, 0 Unknown) from 2 ecosystems. +17 vulnerabilities can be fixed. npm @@ -1089,7 +1089,7 @@ npm | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +----------+-------------------+------------------+------------+------------------+---------------+ | cryo | 0.0.6 | No fix available | 1 | # 14 Layer | -- | -| minimist | 0.0.8 | Fix Available | 1 | # 13 Layer | -- | +| minimist | 0.0.8 | Fix Available | 2 | # 13 Layer | -- | +----------+-------------------+------------------+------------+------------------+---------------+ Alpine:v3.19 +------------------------------------------------------------------------------------------------------------------------------+ @@ -3068,7 +3068,7 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" "index": 13 } }, - "groups": 1, + "groups": 2, "vulnerabilities": [ "GHSA-vh95-rmgr-6w4m", "GHSA-xvch-5gv4-984h" From 62b53eab2ffe4f3a82ef3fc5d4caafca6d93bbd7 Mon Sep 17 00:00:00 2001 From: Rex P Date: Fri, 15 May 2026 16:18:33 +1000 Subject: [PATCH 6/7] fix: update imodels package usages in osvscanner.go --- pkg/osvscanner/osvscanner.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 64fc1cd63b1..50a01118461 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -525,8 +525,7 @@ func filterAndOverrideGoVersion(scanResults *results.ScanResults) { // Filter inventory packages scanResults.Inventory.Packages = slices.DeleteFunc(scanResults.Inventory.Packages, func(pkg *extractor.Package) bool { if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { - pi := imodels.FromPackage(pkg) - configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) return !configToUse.ScanGoModVersion } @@ -537,8 +536,7 @@ func filterAndOverrideGoVersion(scanResults *results.ScanResults) { // Override versions for remaining inventory packages for i, pkg := range scanResults.Inventory.Packages { if pkg.Name == "stdlib" && string(pkg.Ecosystem().Ecosystem) == string(osvconstants.EcosystemGo) { - pi := imodels.FromPackage(pkg) - configToUse := scanResults.ConfigManager.Get(imodels.Location(pi)) + configToUse := scanResults.ConfigManager.Get(imodels.Location(pkg)) if configToUse.GoVersionOverride != "" { scanResults.Inventory.Packages[i].Version = configToUse.GoVersionOverride } From 445046085d3715eb67b3567c74dad73be9d32b56 Mon Sep 17 00:00:00 2001 From: Rex P Date: Fri, 15 May 2026 16:20:46 +1000 Subject: [PATCH 7/7] test: update snapshots and cassettes for rebase on main --- .../mcp/__snapshots__/integration_test.snap | 1 - .../image/__snapshots__/command_test.snap | 118 +- .../cassettes/TestCommand_OCIImage.yaml | 731 ++--- .../TestCommand_OCIImage_JSONFormat.yaml | 332 +-- .../source/__snapshots__/command_test.snap | 25 +- .../testdata/cassettes/TestCommand.yaml | 2425 +++-------------- .../cassettes/TestCommand_CallAnalysis.yaml | 4 +- .../cassettes/TestCommand_CommitSupport.yaml | 12 +- .../TestCommand_Config_UnusedIgnores.yaml | 4 +- .../cassettes/TestCommand_GithubActions.yaml | 4 +- .../cassettes/TestCommand_Licenses.yaml | 75 - ...stCommand_LockfileWithExplicitParseAs.yaml | 300 -- .../cassettes/TestCommand_MoreLockfiles.yaml | 8 +- .../cassettes/TestCommand_Transitive.yaml | 16 +- 14 files changed, 1028 insertions(+), 3027 deletions(-) diff --git a/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap b/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap index e7328c2f0ff..88a48ec70c1 100755 --- a/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap +++ b/cmd/osv-scanner/mcp/__snapshots__/integration_test.snap @@ -24,6 +24,5 @@ lockfile:/testdata/go-project/go.mod: found 1 package with issues Severity: '5.9'; Minimal Fix Version: '1.1.0'; 1 known vulnerability found in lockfile:/testdata/go-project/go.mod -Hiding 23 number of vulnerabilities deemed unimportant, use --all-vulns to show them. --- diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index 743a50ce01c..b21702c53d3 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -444,7 +444,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 25 packages affected by 83 known vulnerabilities (6 Critical, 23 High, 38 Medium, 6 Low, 10 Unknown) from 1 ecosystem. +Total 25 packages affected by 81 known vulnerabilities (6 Critical, 24 High, 37 Medium, 6 Low, 8 Unknown) from 1 ecosystem. 28 vulnerabilities can be fixed. @@ -457,18 +457,18 @@ Ubuntu:22.04 | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | | dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 11 | libc-bin, libc6 | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 10 | libc-bin, libc6 | # 4 Layer | ubuntu | | gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 16 | libgnutls30 | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 15 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Partial fixes Available | 4 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 3 | libgcrypt20 | # 4 Layer | ubuntu | +| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 2 | libgcrypt20 | # 4 Layer | ubuntu | | libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | | ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | | sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu | @@ -496,7 +496,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 25 packages affected by 83 known vulnerabilities (6 Critical, 23 High, 38 Medium, 6 Low, 10 Unknown) from 1 ecosystem. +Total 25 packages affected by 81 known vulnerabilities (6 Critical, 24 High, 37 Medium, 6 Low, 8 Unknown) from 1 ecosystem. 28 vulnerabilities can be fixed. @@ -509,18 +509,18 @@ Ubuntu:22.04 | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | | dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 11 | libc-bin, libc6 | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 10 | libc-bin, libc6 | # 4 Layer | ubuntu | | gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 16 | libgnutls30 | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 15 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Partial fixes Available | 4 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 3 | libgcrypt20 | # 4 Layer | ubuntu | +| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 2 | libgcrypt20 | # 4 Layer | ubuntu | | libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | | ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | | sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu | @@ -567,7 +567,7 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 25 packages affected by 83 known vulnerabilities (6 Critical, 23 High, 38 Medium, 6 Low, 10 Unknown) from 1 ecosystem. +Total 25 packages affected by 81 known vulnerabilities (6 Critical, 24 High, 37 Medium, 6 Low, 8 Unknown) from 1 ecosystem. 28 vulnerabilities can be fixed. @@ -580,18 +580,18 @@ Ubuntu:22.04 | coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu | | dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | -| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 11 | libc-bin, libc6 | # 4 Layer | ubuntu | +| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 10 | libc-bin, libc6 | # 4 Layer | ubuntu | | gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | -| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 16 | libgnutls30 | # 4 Layer | ubuntu | +| gnutls28 | 3.7.3-4ubuntu1.5 | Partial fixes Available | 15 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Partial fixes Available | 4 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | -| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 3 | libgcrypt20 | # 4 Layer | ubuntu | +| libgcrypt20 | 1.9.4-3ubuntu3 | No fix available | 2 | libgcrypt20 | # 4 Layer | ubuntu | | libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu | | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | | ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | | openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 6 | libssl3 | # 4 Layer | ubuntu | -| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 2 | libpam-modules... (4) | # 4 Layer | ubuntu | +| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu | | sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu | @@ -619,8 +619,8 @@ Scanning local image tarball "./testdata/test-java-full.tar" Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 31 packages affected by 108 known vulnerabilities (5 Critical, 50 High, 46 Medium, 6 Low, 1 Unknown) from 2 ecosystems. -108 vulnerabilities can be fixed. +Total 30 packages affected by 109 known vulnerabilities (6 Critical, 50 High, 46 Medium, 6 Low, 1 Unknown) from 2 ecosystems. +109 vulnerabilities can be fixed. Maven @@ -644,7 +644,6 @@ Maven | io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | | io.netty:netty-handler | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | | io.netty:netty-handler-proxy | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-transport-native-epoll | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | | org.apache.avro:avro | 1.9.2 | Fix Available | 2 | # 12 Layer | -- | | org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | | org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 2 | # 12 Layer | -- | @@ -660,7 +659,7 @@ Alpine:v3.21 | busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | | expat | 2.6.4-r0 | Fix Available | 7 | libexpat | # 5 Layer | eclipse-temurin | | gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | -| gnutls | 3.8.8-r0 | Fix Available | 12 | gnutls | # 5 Layer | eclipse-temurin | +| gnutls | 3.8.8-r0 | Fix Available | 14 | gnutls | # 5 Layer | eclipse-temurin | | libpng | 1.6.44-r0 | Fix Available | 11 | libpng | # 5 Layer | eclipse-temurin | | libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | | musl | 1.2.5-r8 | Fix Available | 3 | musl, musl-utils | # 0 Layer | alpine | @@ -755,8 +754,8 @@ Scanning local image tarball "./testdata/test-python-full.tar" Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image): -Total 21 packages affected by 58 known vulnerabilities (1 Critical, 18 High, 21 Medium, 3 Low, 15 Unknown) from 2 ecosystems. -56 vulnerabilities can be fixed. +Total 21 packages affected by 59 known vulnerabilities (1 Critical, 19 High, 21 Medium, 3 Low, 15 Unknown) from 2 ecosystems. +57 vulnerabilities can be fixed. PyPI @@ -821,7 +820,7 @@ PyPI +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| urllib3 | 1.24.3 | Fix Available | 9 | # 17 Layer | -- | +| urllib3 | 1.24.3 | Fix Available | 10 | # 17 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +----------------------------------------------------------------------------------------------+ | Source:artifact:/usr/local/lib/python3.9/site-packages/werkzeug-3.1.4.dist-info/METADATA | @@ -1480,7 +1479,7 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne "index": 17 } }, - "groups": 9, + "groups": 10, "vulnerabilities": [ "PYSEC-2020-148", "PYSEC-2021-108", @@ -1492,6 +1491,7 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne "GHSA-g4mx-q9vg-27p4", "GHSA-gm62-xv2j-4w53", "GHSA-pq67-6m6q-mj2v", + "GHSA-qccp-gfcp-xxvc", "GHSA-v845-jxx5-vc9f", "GHSA-wqvq-5m8c-6g24" ] @@ -3331,7 +3331,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 12, + "groups": 11, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -3347,7 +3347,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2026-4046", "UBUNTU-CVE-2026-4437", "UBUNTU-CVE-2026-4438", - "UBUNTU-CVE-2026-5358", "UBUNTU-CVE-2026-5435", "UBUNTU-CVE-2026-5450", "UBUNTU-CVE-2026-5928", @@ -3364,7 +3363,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 12, + "groups": 11, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -3380,7 +3379,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2026-4046", "UBUNTU-CVE-2026-4437", "UBUNTU-CVE-2026-4438", - "UBUNTU-CVE-2026-5358", "UBUNTU-CVE-2026-5435", "UBUNTU-CVE-2026-5450", "UBUNTU-CVE-2026-5928", @@ -3432,11 +3430,10 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "UBUNTU-CVE-2024-2236", - "UBUNTU-CVE-2026-41989", - "UBUNTU-CVE-2026-41990" + "UBUNTU-CVE-2026-41989" ] }, { @@ -3449,7 +3446,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 16, + "groups": 15, "vulnerabilities": [ "USN-7635-1", "USN-8043-1", @@ -3472,8 +3469,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2026-42013", "UBUNTU-CVE-2026-42014", "UBUNTU-CVE-2026-42015", - "UBUNTU-CVE-2026-5260", - "UBUNTU-CVE-2026-5419" + "UBUNTU-CVE-2026-5260" ] }, { @@ -3666,11 +3662,12 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -3683,11 +3680,12 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -3700,11 +3698,12 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -3717,11 +3716,12 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -4423,7 +4423,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 12, + "groups": 11, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -4439,7 +4439,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2026-4046", "UBUNTU-CVE-2026-4437", "UBUNTU-CVE-2026-4438", - "UBUNTU-CVE-2026-5358", "UBUNTU-CVE-2026-5435", "UBUNTU-CVE-2026-5450", "UBUNTU-CVE-2026-5928", @@ -4456,7 +4455,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 12, + "groups": 11, "vulnerabilities": [ "USN-8005-1", "USN-7259-1", @@ -4472,7 +4471,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2026-4046", "UBUNTU-CVE-2026-4437", "UBUNTU-CVE-2026-4438", - "UBUNTU-CVE-2026-5358", "UBUNTU-CVE-2026-5435", "UBUNTU-CVE-2026-5450", "UBUNTU-CVE-2026-5928", @@ -4524,11 +4522,10 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 3, + "groups": 2, "vulnerabilities": [ "UBUNTU-CVE-2024-2236", - "UBUNTU-CVE-2026-41989", - "UBUNTU-CVE-2026-41990" + "UBUNTU-CVE-2026-41989" ] }, { @@ -4541,7 +4538,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 16, + "groups": 15, "vulnerabilities": [ "USN-7635-1", "USN-8043-1", @@ -4564,8 +4561,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2026-42013", "UBUNTU-CVE-2026-42014", "UBUNTU-CVE-2026-42015", - "UBUNTU-CVE-2026-5260", - "UBUNTU-CVE-2026-5419" + "UBUNTU-CVE-2026-5260" ] }, { @@ -4758,11 +4754,12 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -4775,11 +4772,12 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -4792,11 +4790,12 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { @@ -4809,11 +4808,12 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 2, + "groups": 3, "vulnerabilities": [ "USN-7580-1", "UBUNTU-CVE-2024-10041", - "UBUNTU-CVE-2025-6020" + "UBUNTU-CVE-2025-6020", + "UBUNTU-CVE-2026-43916" ] }, { diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml index 78f38ea579c..5b9d1722c59 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml @@ -2324,7 +2324,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17370 + content_length: 17331 body: | { "results": [ @@ -2479,25 +2479,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -2559,25 +2555,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -2648,11 +2640,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-04-27T18:57:28.926389Z" - }, - { - "id": "UBUNTU-CVE-2026-41990", - "modified": "2026-04-27T18:57:29.423605Z" + "modified": "2026-05-14T14:43:39.599583Z" } ] }, @@ -2665,7 +2653,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-04-27T18:51:29.693707Z" + "modified": "2026-05-11T10:46:40.301990Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -2685,59 +2673,55 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-04-27T18:54:54.497091Z" + "modified": "2026-05-11T10:40:33.804944Z" }, { "id": "UBUNTU-CVE-2026-33845", - "modified": "2026-05-07T14:01:37.973959Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-33846", - "modified": "2026-05-07T14:02:39.915946Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-3832", - "modified": "2026-05-05T15:25:30.405716Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-3833", - "modified": "2026-05-04T10:51:14.305094Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-42009", - "modified": "2026-05-04T10:51:41.430036Z" + "modified": "2026-05-11T10:46:43.554378Z" }, { "id": "UBUNTU-CVE-2026-42010", - "modified": "2026-05-04T10:51:30.164639Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42011", - "modified": "2026-05-04T10:50:59.494784Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42012", - "modified": "2026-05-04T10:51:41.757813Z" + "modified": "2026-05-11T10:47:02.219341Z" }, { "id": "UBUNTU-CVE-2026-42013", - "modified": "2026-05-04T10:51:13.313479Z" + "modified": "2026-05-11T10:46:59.091393Z" }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-05-04T10:51:55.475015Z" + "modified": "2026-05-11T10:46:57.796369Z" }, { "id": "UBUNTU-CVE-2026-42015", - "modified": "2026-05-04T10:51:13.344426Z" + "modified": "2026-05-11T10:47:08.937903Z" }, { "id": "UBUNTU-CVE-2026-5260", - "modified": "2026-05-04T10:51:53.050780Z" - }, - { - "id": "UBUNTU-CVE-2026-5419", - "modified": "2026-05-04T10:52:13.859064Z" + "modified": "2026-05-11T10:47:15.892810Z" }, { "id": "USN-7281-1", @@ -2782,11 +2766,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -2832,11 +2816,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -2881,11 +2865,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -2929,11 +2913,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -3022,6 +3006,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -3038,6 +3026,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -3054,6 +3046,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -3070,6 +3066,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -3127,7 +3127,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-05-07T13:33:59.315945Z" + "modified": "2026-05-12T15:46:40.317763Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -3167,7 +3167,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-28387", - "modified": "2026-04-27T18:56:14.392310Z" + "modified": "2026-05-14T14:32:35.118316Z" }, { "id": "UBUNTU-CVE-2026-28388", @@ -3183,7 +3183,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-31789", - "modified": "2026-04-27T18:56:38.320349Z" + "modified": "2026-05-14T14:38:50.722959Z" }, { "id": "UBUNTU-CVE-2026-31790", @@ -3199,11 +3199,11 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-05-07T13:22:13.480432Z" + "modified": "2026-05-12T13:30:35.776621Z" }, { "id": "USN-8155-1", - "modified": "2026-04-27T18:46:13.526604Z" + "modified": "2026-05-14T12:31:24.307482Z" } ] }, @@ -3487,7 +3487,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-5958", - "modified": "2026-05-05T15:26:37.480531Z" + "modified": "2026-05-14T14:54:40.382070Z" }, { "id": "USN-8229-1", @@ -3535,7 +3535,7 @@ interactions: } headers: Content-Length: - - "17370" + - "17331" Content-Type: - application/json status: 200 OK @@ -4270,7 +4270,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17370 + content_length: 17331 body: | { "results": [ @@ -4425,25 +4425,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -4505,25 +4501,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -4594,11 +4586,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-04-27T18:57:28.926389Z" - }, - { - "id": "UBUNTU-CVE-2026-41990", - "modified": "2026-04-27T18:57:29.423605Z" + "modified": "2026-05-14T14:43:39.599583Z" } ] }, @@ -4611,7 +4599,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-04-27T18:51:29.693707Z" + "modified": "2026-05-11T10:46:40.301990Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -4631,59 +4619,55 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-04-27T18:54:54.497091Z" + "modified": "2026-05-11T10:40:33.804944Z" }, { "id": "UBUNTU-CVE-2026-33845", - "modified": "2026-05-07T14:01:37.973959Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-33846", - "modified": "2026-05-07T14:02:39.915946Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-3832", - "modified": "2026-05-05T15:25:30.405716Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-3833", - "modified": "2026-05-04T10:51:14.305094Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-42009", - "modified": "2026-05-04T10:51:41.430036Z" + "modified": "2026-05-11T10:46:43.554378Z" }, { "id": "UBUNTU-CVE-2026-42010", - "modified": "2026-05-04T10:51:30.164639Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42011", - "modified": "2026-05-04T10:50:59.494784Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42012", - "modified": "2026-05-04T10:51:41.757813Z" + "modified": "2026-05-11T10:47:02.219341Z" }, { "id": "UBUNTU-CVE-2026-42013", - "modified": "2026-05-04T10:51:13.313479Z" + "modified": "2026-05-11T10:46:59.091393Z" }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-05-04T10:51:55.475015Z" + "modified": "2026-05-11T10:46:57.796369Z" }, { "id": "UBUNTU-CVE-2026-42015", - "modified": "2026-05-04T10:51:13.344426Z" + "modified": "2026-05-11T10:47:08.937903Z" }, { "id": "UBUNTU-CVE-2026-5260", - "modified": "2026-05-04T10:51:53.050780Z" - }, - { - "id": "UBUNTU-CVE-2026-5419", - "modified": "2026-05-04T10:52:13.859064Z" + "modified": "2026-05-11T10:47:15.892810Z" }, { "id": "USN-7281-1", @@ -4728,11 +4712,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4778,11 +4762,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4827,11 +4811,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4875,11 +4859,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4968,6 +4952,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -4984,6 +4972,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -5000,6 +4992,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -5016,6 +5012,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -5073,7 +5073,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-05-07T13:33:59.315945Z" + "modified": "2026-05-12T15:46:40.317763Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -5113,7 +5113,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-28387", - "modified": "2026-04-27T18:56:14.392310Z" + "modified": "2026-05-14T14:32:35.118316Z" }, { "id": "UBUNTU-CVE-2026-28388", @@ -5129,7 +5129,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-31789", - "modified": "2026-04-27T18:56:38.320349Z" + "modified": "2026-05-14T14:38:50.722959Z" }, { "id": "UBUNTU-CVE-2026-31790", @@ -5145,11 +5145,11 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-05-07T13:22:13.480432Z" + "modified": "2026-05-12T13:30:35.776621Z" }, { "id": "USN-8155-1", - "modified": "2026-04-27T18:46:13.526604Z" + "modified": "2026-05-14T12:31:24.307482Z" } ] }, @@ -5433,7 +5433,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-5958", - "modified": "2026-05-05T15:26:37.480531Z" + "modified": "2026-05-14T14:54:40.382070Z" }, { "id": "USN-8229-1", @@ -5481,7 +5481,7 @@ interactions: } headers: Content-Length: - - "17370" + - "17331" Content-Type: - application/json status: 200 OK @@ -6230,7 +6230,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 23503 + content_length: 23464 body: | { "results": [ @@ -6558,7 +6558,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -6570,19 +6570,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -6594,11 +6594,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -6606,7 +6606,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -6614,19 +6614,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -6638,7 +6638,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -6650,11 +6650,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -6662,35 +6662,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -6786,25 +6786,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -6866,25 +6862,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -6955,11 +6947,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-04-27T18:57:28.926389Z" - }, - { - "id": "UBUNTU-CVE-2026-41990", - "modified": "2026-04-27T18:57:29.423605Z" + "modified": "2026-05-14T14:43:39.599583Z" } ] }, @@ -6972,7 +6960,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-04-27T18:51:29.693707Z" + "modified": "2026-05-11T10:46:40.301990Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -6992,59 +6980,55 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-04-27T18:54:54.497091Z" + "modified": "2026-05-11T10:40:33.804944Z" }, { "id": "UBUNTU-CVE-2026-33845", - "modified": "2026-05-07T14:01:37.973959Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-33846", - "modified": "2026-05-07T14:02:39.915946Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-3832", - "modified": "2026-05-05T15:25:30.405716Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-3833", - "modified": "2026-05-04T10:51:14.305094Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-42009", - "modified": "2026-05-04T10:51:41.430036Z" + "modified": "2026-05-11T10:46:43.554378Z" }, { "id": "UBUNTU-CVE-2026-42010", - "modified": "2026-05-04T10:51:30.164639Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42011", - "modified": "2026-05-04T10:50:59.494784Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42012", - "modified": "2026-05-04T10:51:41.757813Z" + "modified": "2026-05-11T10:47:02.219341Z" }, { "id": "UBUNTU-CVE-2026-42013", - "modified": "2026-05-04T10:51:13.313479Z" + "modified": "2026-05-11T10:46:59.091393Z" }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-05-04T10:51:55.475015Z" + "modified": "2026-05-11T10:46:57.796369Z" }, { "id": "UBUNTU-CVE-2026-42015", - "modified": "2026-05-04T10:51:13.344426Z" + "modified": "2026-05-11T10:47:08.937903Z" }, { "id": "UBUNTU-CVE-2026-5260", - "modified": "2026-05-04T10:51:53.050780Z" - }, - { - "id": "UBUNTU-CVE-2026-5419", - "modified": "2026-05-04T10:52:13.859064Z" + "modified": "2026-05-11T10:47:15.892810Z" }, { "id": "USN-7281-1", @@ -7089,11 +7073,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7139,11 +7123,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7188,11 +7172,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7236,11 +7220,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7329,6 +7313,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7345,6 +7333,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7361,6 +7353,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7377,6 +7373,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7434,7 +7434,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-05-07T13:33:59.315945Z" + "modified": "2026-05-12T15:46:40.317763Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -7474,7 +7474,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-28387", - "modified": "2026-04-27T18:56:14.392310Z" + "modified": "2026-05-14T14:32:35.118316Z" }, { "id": "UBUNTU-CVE-2026-28388", @@ -7490,7 +7490,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-31789", - "modified": "2026-04-27T18:56:38.320349Z" + "modified": "2026-05-14T14:38:50.722959Z" }, { "id": "UBUNTU-CVE-2026-31790", @@ -7506,11 +7506,11 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-05-07T13:22:13.480432Z" + "modified": "2026-05-12T13:30:35.776621Z" }, { "id": "USN-8155-1", - "modified": "2026-04-27T18:46:13.526604Z" + "modified": "2026-05-14T12:31:24.307482Z" } ] }, @@ -7794,7 +7794,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-5958", - "modified": "2026-05-05T15:26:37.480531Z" + "modified": "2026-05-14T14:54:40.382070Z" }, { "id": "USN-8229-1", @@ -7842,7 +7842,7 @@ interactions: } headers: Content-Length: - - "23503" + - "23464" Content-Type: - application/json status: 200 OK @@ -9298,7 +9298,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 13680 + content_length: 13745 body: | { "results": [ @@ -9530,19 +9530,27 @@ interactions: }, { "id": "ALPINE-CVE-2026-33845", - "modified": "2026-05-05T08:31:07.642900Z" + "modified": "2026-05-11T15:31:09.654553Z" }, { "id": "ALPINE-CVE-2026-33846", - "modified": "2026-05-05T08:31:04.101939Z" + "modified": "2026-05-11T15:31:09.325112Z" }, { "id": "ALPINE-CVE-2026-3832", - "modified": "2026-05-02T08:30:53.667517Z" + "modified": "2026-05-11T15:31:11.594902Z" }, { "id": "ALPINE-CVE-2026-3833", - "modified": "2026-05-07T09:32:02.594124Z" + "modified": "2026-05-11T15:31:04.173991Z" + }, + { + "id": "ALPINE-CVE-2026-42010", + "modified": "2026-05-14T09:31:40.053539Z" + }, + { + "id": "ALPINE-CVE-2026-42011", + "modified": "2026-05-11T15:31:08.043133Z" } ] }, @@ -9617,7 +9625,7 @@ interactions: }, { "id": "GHSA-mj4r-2hfc-f8p6", - "modified": "2026-05-07T15:59:20.172901Z" + "modified": "2026-05-14T20:52:02.730912Z" } ] }, @@ -9625,7 +9633,7 @@ interactions: "vulns": [ { "id": "GHSA-cm33-6792-r9fm", - "modified": "2026-05-07T20:14:23.779431Z" + "modified": "2026-05-14T20:50:50.147382Z" } ] }, @@ -9634,11 +9642,11 @@ interactions: "vulns": [ { "id": "GHSA-38f8-5428-x5cv", - "modified": "2026-05-07T16:59:13.659660Z" + "modified": "2026-05-14T20:48:37.405742Z" }, { "id": "GHSA-57rv-r2g8-2cj3", - "modified": "2026-05-07T15:59:19.355780Z" + "modified": "2026-05-14T20:47:30.693204Z" }, { "id": "GHSA-5jpm-x58v-624v", @@ -9650,7 +9658,7 @@ interactions: }, { "id": "GHSA-f6hv-jmp6-3vwv", - "modified": "2026-05-07T15:59:19.251821Z" + "modified": "2026-05-14T20:50:55.245702Z" }, { "id": "GHSA-fghv-69vj-qj49", @@ -9658,7 +9666,7 @@ interactions: }, { "id": "GHSA-m4cv-j2px-7723", - "modified": "2026-05-07T15:59:19.977569Z" + "modified": "2026-05-14T20:52:01.053039Z" }, { "id": "GHSA-pwqr-wmgm-9rr8", @@ -9666,11 +9674,11 @@ interactions: }, { "id": "GHSA-v8h7-rr48-vmmv", - "modified": "2026-05-06T23:59:12.636141Z" + "modified": "2026-05-08T19:50:55.560203Z" }, { "id": "GHSA-xxqh-mfjm-7mv9", - "modified": "2026-05-07T18:29:22.297578Z" + "modified": "2026-05-14T20:47:27.523513Z" } ] }, @@ -9678,7 +9686,7 @@ interactions: "vulns": [ { "id": "GHSA-f6hv-jmp6-3vwv", - "modified": "2026-05-07T15:59:19.251821Z" + "modified": "2026-05-14T20:50:55.245702Z" }, { "id": "GHSA-prj3-ccx8-p6x4", @@ -9695,7 +9703,7 @@ interactions: "vulns": [ { "id": "GHSA-jfg9-48mv-9qgx", - "modified": "2026-05-07T05:34:15.798761Z" + "modified": "2026-05-14T20:51:55.305572Z" } ] }, @@ -9703,7 +9711,7 @@ interactions: "vulns": [ { "id": "GHSA-rgrr-p7gp-5xj7", - "modified": "2026-05-07T00:35:18.585973Z" + "modified": "2026-05-14T20:52:36.995968Z" } ] }, @@ -9742,7 +9750,7 @@ interactions: "vulns": [ { "id": "GHSA-45q3-82m4-75jr", - "modified": "2026-05-07T21:14:17.100550Z" + "modified": "2026-05-14T20:47:38.979365Z" } ] }, @@ -9754,14 +9762,7 @@ interactions: {}, {}, {}, - { - "vulns": [ - { - "id": "GHSA-rwm7-x88c-3g2p", - "modified": "2026-05-07T16:59:13.894118Z" - } - ] - }, + {}, {}, {}, {}, @@ -9948,7 +9949,7 @@ interactions: }, { "id": "ALPINE-CVE-2026-34757", - "modified": "2026-04-10T18:26:46.468330Z" + "modified": "2026-05-14T09:32:43.831367Z" } ] }, @@ -10356,7 +10357,7 @@ interactions: } headers: Content-Length: - - "13680" + - "13745" Content-Type: - application/json status: 200 OK @@ -11390,7 +11391,7 @@ interactions: "vulns": [ { "id": "GHSA-5rjg-fvgr-3xxf", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" }, { "id": "GHSA-cx63-2mw6-8hw5", @@ -11406,7 +11407,7 @@ interactions: }, { "id": "PYSEC-2025-49", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" } ] }, @@ -11414,7 +11415,7 @@ interactions: "vulns": [ { "id": "GHSA-5rjg-fvgr-3xxf", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" }, { "id": "GHSA-cx63-2mw6-8hw5", @@ -11430,7 +11431,7 @@ interactions: }, { "id": "PYSEC-2025-49", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" } ] }, @@ -12281,7 +12282,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6590 + content_length: 6660 body: | { "results": [ @@ -12724,7 +12725,7 @@ interactions: "vulns": [ { "id": "GHSA-5rjg-fvgr-3xxf", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" }, { "id": "GHSA-cx63-2mw6-8hw5", @@ -12740,7 +12741,7 @@ interactions: }, { "id": "PYSEC-2025-49", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" } ] }, @@ -12748,7 +12749,7 @@ interactions: "vulns": [ { "id": "GHSA-5rjg-fvgr-3xxf", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" }, { "id": "GHSA-cx63-2mw6-8hw5", @@ -12764,7 +12765,7 @@ interactions: }, { "id": "PYSEC-2025-49", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" } ] }, @@ -12815,6 +12816,10 @@ interactions: "id": "GHSA-pq67-6m6q-mj2v", "modified": "2026-02-04T04:38:01.163387Z" }, + { + "id": "GHSA-qccp-gfcp-xxvc", + "modified": "2026-05-14T20:52:16.468619Z" + }, { "id": "GHSA-v845-jxx5-vc9f", "modified": "2026-02-04T02:58:30.152562Z" @@ -12862,7 +12867,7 @@ interactions: } headers: Content-Length: - - "6590" + - "6660" Content-Type: - application/json status: 200 OK @@ -13209,7 +13214,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -13221,19 +13226,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -13245,11 +13250,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -13257,7 +13262,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -13265,19 +13270,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -13289,7 +13294,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -13301,11 +13306,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -13313,35 +13318,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -13401,7 +13406,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -13413,19 +13418,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -13437,11 +13442,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -13449,7 +13454,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -13457,19 +13462,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -13481,7 +13486,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -13493,11 +13498,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -13505,35 +13510,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -13593,7 +13598,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -13605,19 +13610,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -13629,11 +13634,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -13641,7 +13646,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -13649,19 +13654,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -13673,7 +13678,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -13685,11 +13690,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -13697,35 +13702,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -13785,7 +13790,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -13797,19 +13802,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -13821,11 +13826,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -13833,7 +13838,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -13841,19 +13846,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -13865,7 +13870,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -13877,11 +13882,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -13889,35 +13894,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -13977,7 +13982,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -13989,19 +13994,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -14013,11 +14018,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -14025,7 +14030,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -14033,19 +14038,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -14057,7 +14062,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -14069,11 +14074,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -14081,35 +14086,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -14169,7 +14174,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -14181,19 +14186,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -14205,11 +14210,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -14217,7 +14222,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -14225,19 +14230,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -14249,7 +14254,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -14261,11 +14266,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -14273,35 +14278,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml index f4e26c1c46c..dbab3c37839 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml @@ -800,7 +800,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 6590 + content_length: 6660 body: | { "results": [ @@ -1243,7 +1243,7 @@ interactions: "vulns": [ { "id": "GHSA-5rjg-fvgr-3xxf", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" }, { "id": "GHSA-cx63-2mw6-8hw5", @@ -1259,7 +1259,7 @@ interactions: }, { "id": "PYSEC-2025-49", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" } ] }, @@ -1267,7 +1267,7 @@ interactions: "vulns": [ { "id": "GHSA-5rjg-fvgr-3xxf", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" }, { "id": "GHSA-cx63-2mw6-8hw5", @@ -1283,7 +1283,7 @@ interactions: }, { "id": "PYSEC-2025-49", - "modified": "2026-05-07T12:11:19.939111Z" + "modified": "2026-05-11T00:26:34.671259Z" } ] }, @@ -1334,6 +1334,10 @@ interactions: "id": "GHSA-pq67-6m6q-mj2v", "modified": "2026-02-04T04:38:01.163387Z" }, + { + "id": "GHSA-qccp-gfcp-xxvc", + "modified": "2026-05-14T20:52:16.468619Z" + }, { "id": "GHSA-v845-jxx5-vc9f", "modified": "2026-02-04T02:58:30.152562Z" @@ -1381,7 +1385,7 @@ interactions: } headers: Content-Length: - - "6590" + - "6660" Content-Type: - application/json status: 200 OK @@ -1850,7 +1854,7 @@ interactions: }, { "id": "ALPINE-CVE-2026-2673", - "modified": "2026-04-09T22:30:42.256191Z" + "modified": "2026-05-14T09:30:41.007180Z" }, { "id": "ALPINE-CVE-2026-28387", @@ -1930,7 +1934,7 @@ interactions: }, { "id": "ALPINE-CVE-2026-2673", - "modified": "2026-04-09T22:30:42.256191Z" + "modified": "2026-05-14T09:30:41.007180Z" }, { "id": "ALPINE-CVE-2026-28387", @@ -2270,7 +2274,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -2282,19 +2286,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -2306,11 +2310,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -2318,7 +2322,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -2326,19 +2330,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -2350,7 +2354,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -2362,11 +2366,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -2374,35 +2378,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -4086,7 +4090,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 17370 + content_length: 17331 body: | { "results": [ @@ -4241,25 +4245,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -4321,25 +4321,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -4410,11 +4406,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-04-27T18:57:28.926389Z" - }, - { - "id": "UBUNTU-CVE-2026-41990", - "modified": "2026-04-27T18:57:29.423605Z" + "modified": "2026-05-14T14:43:39.599583Z" } ] }, @@ -4427,7 +4419,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-04-27T18:51:29.693707Z" + "modified": "2026-05-11T10:46:40.301990Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -4447,59 +4439,55 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-04-27T18:54:54.497091Z" + "modified": "2026-05-11T10:40:33.804944Z" }, { "id": "UBUNTU-CVE-2026-33845", - "modified": "2026-05-07T14:01:37.973959Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-33846", - "modified": "2026-05-07T14:02:39.915946Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-3832", - "modified": "2026-05-05T15:25:30.405716Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-3833", - "modified": "2026-05-04T10:51:14.305094Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-42009", - "modified": "2026-05-04T10:51:41.430036Z" + "modified": "2026-05-11T10:46:43.554378Z" }, { "id": "UBUNTU-CVE-2026-42010", - "modified": "2026-05-04T10:51:30.164639Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42011", - "modified": "2026-05-04T10:50:59.494784Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42012", - "modified": "2026-05-04T10:51:41.757813Z" + "modified": "2026-05-11T10:47:02.219341Z" }, { "id": "UBUNTU-CVE-2026-42013", - "modified": "2026-05-04T10:51:13.313479Z" + "modified": "2026-05-11T10:46:59.091393Z" }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-05-04T10:51:55.475015Z" + "modified": "2026-05-11T10:46:57.796369Z" }, { "id": "UBUNTU-CVE-2026-42015", - "modified": "2026-05-04T10:51:13.344426Z" + "modified": "2026-05-11T10:47:08.937903Z" }, { "id": "UBUNTU-CVE-2026-5260", - "modified": "2026-05-04T10:51:53.050780Z" - }, - { - "id": "UBUNTU-CVE-2026-5419", - "modified": "2026-05-04T10:52:13.859064Z" + "modified": "2026-05-11T10:47:15.892810Z" }, { "id": "USN-7281-1", @@ -4544,11 +4532,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4594,11 +4582,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4643,11 +4631,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4691,11 +4679,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -4784,6 +4772,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -4800,6 +4792,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -4816,6 +4812,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -4832,6 +4832,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -4889,7 +4893,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-05-07T13:33:59.315945Z" + "modified": "2026-05-12T15:46:40.317763Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -4929,7 +4933,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-28387", - "modified": "2026-04-27T18:56:14.392310Z" + "modified": "2026-05-14T14:32:35.118316Z" }, { "id": "UBUNTU-CVE-2026-28388", @@ -4945,7 +4949,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-31789", - "modified": "2026-04-27T18:56:38.320349Z" + "modified": "2026-05-14T14:38:50.722959Z" }, { "id": "UBUNTU-CVE-2026-31790", @@ -4961,11 +4965,11 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-05-07T13:22:13.480432Z" + "modified": "2026-05-12T13:30:35.776621Z" }, { "id": "USN-8155-1", - "modified": "2026-04-27T18:46:13.526604Z" + "modified": "2026-05-14T12:31:24.307482Z" } ] }, @@ -5249,7 +5253,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-5958", - "modified": "2026-05-05T15:26:37.480531Z" + "modified": "2026-05-14T14:54:40.382070Z" }, { "id": "USN-8229-1", @@ -5297,7 +5301,7 @@ interactions: } headers: Content-Length: - - "17370" + - "17331" Content-Type: - application/json status: 200 OK @@ -6046,7 +6050,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 23503 + content_length: 23464 body: | { "results": [ @@ -6374,7 +6378,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -6386,19 +6390,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -6410,11 +6414,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -6422,7 +6426,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -6430,19 +6434,19 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" + "modified": "2026-05-14T10:29:25.423356Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -6454,7 +6458,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -6466,11 +6470,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -6478,35 +6482,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -6602,25 +6606,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -6682,25 +6682,21 @@ interactions: "id": "UBUNTU-CVE-2026-4438", "modified": "2026-04-27T18:57:18.006868Z" }, - { - "id": "UBUNTU-CVE-2026-5358", - "modified": "2026-04-27T18:57:33.162849Z" - }, { "id": "UBUNTU-CVE-2026-5435", - "modified": "2026-05-04T10:51:28.126493Z" + "modified": "2026-05-14T14:54:58.755574Z" }, { "id": "UBUNTU-CVE-2026-5450", - "modified": "2026-04-27T18:57:34.826675Z" + "modified": "2026-05-14T14:54:21.046739Z" }, { "id": "UBUNTU-CVE-2026-5928", - "modified": "2026-04-27T18:57:35.955732Z" + "modified": "2026-05-14T14:54:47.731788Z" }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-04T10:51:59.425904Z" + "modified": "2026-05-14T14:54:18.532369Z" }, { "id": "USN-7259-1", @@ -6771,11 +6767,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-04-27T18:57:28.926389Z" - }, - { - "id": "UBUNTU-CVE-2026-41990", - "modified": "2026-04-27T18:57:29.423605Z" + "modified": "2026-05-14T14:43:39.599583Z" } ] }, @@ -6788,7 +6780,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-14831", - "modified": "2026-04-27T18:51:29.693707Z" + "modified": "2026-05-11T10:46:40.301990Z" }, { "id": "UBUNTU-CVE-2025-32988", @@ -6808,59 +6800,55 @@ interactions: }, { "id": "UBUNTU-CVE-2025-9820", - "modified": "2026-04-27T18:54:54.497091Z" + "modified": "2026-05-11T10:40:33.804944Z" }, { "id": "UBUNTU-CVE-2026-33845", - "modified": "2026-05-07T14:01:37.973959Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-33846", - "modified": "2026-05-07T14:02:39.915946Z" + "modified": "2026-05-14T11:40:56Z" }, { "id": "UBUNTU-CVE-2026-3832", - "modified": "2026-05-05T15:25:30.405716Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-3833", - "modified": "2026-05-04T10:51:14.305094Z" + "modified": "2026-05-14T11:38:28Z" }, { "id": "UBUNTU-CVE-2026-42009", - "modified": "2026-05-04T10:51:41.430036Z" + "modified": "2026-05-11T10:46:43.554378Z" }, { "id": "UBUNTU-CVE-2026-42010", - "modified": "2026-05-04T10:51:30.164639Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42011", - "modified": "2026-05-04T10:50:59.494784Z" + "modified": "2026-05-14T11:40:58Z" }, { "id": "UBUNTU-CVE-2026-42012", - "modified": "2026-05-04T10:51:41.757813Z" + "modified": "2026-05-11T10:47:02.219341Z" }, { "id": "UBUNTU-CVE-2026-42013", - "modified": "2026-05-04T10:51:13.313479Z" + "modified": "2026-05-11T10:46:59.091393Z" }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-05-04T10:51:55.475015Z" + "modified": "2026-05-11T10:46:57.796369Z" }, { "id": "UBUNTU-CVE-2026-42015", - "modified": "2026-05-04T10:51:13.344426Z" + "modified": "2026-05-11T10:47:08.937903Z" }, { "id": "UBUNTU-CVE-2026-5260", - "modified": "2026-05-04T10:51:53.050780Z" - }, - { - "id": "UBUNTU-CVE-2026-5419", - "modified": "2026-05-04T10:52:13.859064Z" + "modified": "2026-05-11T10:47:15.892810Z" }, { "id": "USN-7281-1", @@ -6905,11 +6893,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -6955,11 +6943,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7004,11 +6992,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7052,11 +7040,11 @@ interactions: }, { "id": "UBUNTU-CVE-2026-40355", - "modified": "2026-04-29T11:28:28.610342Z" + "modified": "2026-05-14T14:42:14.461194Z" }, { "id": "UBUNTU-CVE-2026-40356", - "modified": "2026-04-29T11:28:02.978924Z" + "modified": "2026-05-14T14:42:49.241966Z" }, { "id": "USN-7257-1", @@ -7145,6 +7133,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7161,6 +7153,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7177,6 +7173,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7193,6 +7193,10 @@ interactions: "id": "UBUNTU-CVE-2025-6020", "modified": "2026-04-22T16:08:04.179164Z" }, + { + "id": "UBUNTU-CVE-2026-43916", + "modified": "2026-05-14T14:52:51.641006Z" + }, { "id": "USN-7580-1", "modified": "2026-04-27T18:04:06.181183Z" @@ -7250,7 +7254,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-05-07T13:33:59.315945Z" + "modified": "2026-05-12T15:46:40.317763Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -7290,7 +7294,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-28387", - "modified": "2026-04-27T18:56:14.392310Z" + "modified": "2026-05-14T14:32:35.118316Z" }, { "id": "UBUNTU-CVE-2026-28388", @@ -7306,7 +7310,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-31789", - "modified": "2026-04-27T18:56:38.320349Z" + "modified": "2026-05-14T14:38:50.722959Z" }, { "id": "UBUNTU-CVE-2026-31790", @@ -7322,11 +7326,11 @@ interactions: }, { "id": "USN-7980-1", - "modified": "2026-05-07T13:22:13.480432Z" + "modified": "2026-05-12T13:30:35.776621Z" }, { "id": "USN-8155-1", - "modified": "2026-04-27T18:46:13.526604Z" + "modified": "2026-05-14T12:31:24.307482Z" } ] }, @@ -7610,7 +7614,7 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2026-5958", - "modified": "2026-05-05T15:26:37.480531Z" + "modified": "2026-05-14T14:54:40.382070Z" }, { "id": "USN-8229-1", @@ -7658,7 +7662,7 @@ interactions: } headers: Content-Length: - - "23503" + - "23464" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index dc38e3e7422..ea7e1bb6510 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -164,9 +164,7 @@ Loaded filter from: /testdata/locks-many/osv-scanner-test.toml Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -179,9 +177,7 @@ Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package Scanned /testdata/go-project/nested/go.mod file and found 1 package -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -0 vulnerabilities can be fixed. - +No issues found --- @@ -193,14 +189,9 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi Scanning dir ./testdata/go-project Scanned /testdata/go-project/go.mod file and found 1 package -Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 0 Unknown) from 0 ecosystems. 0 vulnerabilities can be fixed. -+--------------+-------------------------+ -| LICENSE | NO. OF PACKAGE VERSIONS | -+--------------+-------------------------+ -| BSD-3-Clause | 1 | -+--------------+-------------------------+ --- @@ -5999,8 +5990,8 @@ Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medi [TestCommand_Transitive/requirements.txt_transitive_default - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem. -23 vulnerabilities can be fixed. +Total 5 packages affected by 24 known vulnerabilities (1 Critical, 10 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem. +24 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -6035,6 +6026,7 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me | https://osv.dev/GHSA-38jv-5279-wg99 | 8.9 | PyPI | urllib3 | 1.24.3 | 2.6.3 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-gm62-xv2j-4w53 | 8.9 | PyPI | urllib3 | 1.24.3 | 2.6.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-pq67-6m6q-mj2v | 5.3 | PyPI | urllib3 | 1.24.3 | 2.5.0 | testdata/locks-requirements/requirements.txt | +| https://osv.dev/GHSA-qccp-gfcp-xxvc | 8.2 | PyPI | urllib3 | 1.24.3 | 2.7.0 | testdata/locks-requirements/requirements.txt | +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ --- @@ -6046,8 +6038,8 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me [TestCommand_Transitive/requirements.txt_transitive_native_source - 1] Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem. -23 vulnerabilities can be fixed. +Total 5 packages affected by 24 known vulnerabilities (1 Critical, 10 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem. +24 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -6082,6 +6074,7 @@ Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Me | https://osv.dev/GHSA-38jv-5279-wg99 | 8.9 | PyPI | urllib3 | 1.24.3 | 2.6.3 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-gm62-xv2j-4w53 | 8.9 | PyPI | urllib3 | 1.24.3 | 2.6.0 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-pq67-6m6q-mj2v | 5.3 | PyPI | urllib3 | 1.24.3 | 2.5.0 | testdata/locks-requirements/requirements.txt | +| https://osv.dev/GHSA-qccp-gfcp-xxvc | 8.2 | PyPI | urllib3 | 1.24.3 | 2.7.0 | testdata/locks-requirements/requirements.txt | +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ --- diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index 2dd2a246ed5..ad519d0f72d 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -277,1418 +277,27 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 141 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.21.7" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Go_project_with_an_overridden_go_version - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 3490 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "GO-2024-2598", - "modified": "2026-02-04T03:12:08.722840Z" - }, - { - "id": "GO-2024-2599", - "modified": "2026-02-04T02:21:09.533216Z" - }, - { - "id": "GO-2024-2600", - "modified": "2026-02-04T02:34:41.672789Z" - }, - { - "id": "GO-2024-2609", - "modified": "2026-02-04T04:37:13.773873Z" - }, - { - "id": "GO-2024-2610", - "modified": "2026-02-04T03:09:18.870079Z" - }, - { - "id": "GO-2024-2687", - "modified": "2026-02-04T04:09:31.762399Z" - }, - { - "id": "GO-2024-2887", - "modified": "2026-03-23T05:07:22.471505Z" - }, - { - "id": "GO-2024-2888", - "modified": "2026-03-23T05:00:55.888787Z" - }, - { - "id": "GO-2024-2963", - "modified": "2026-02-04T03:37:39.895574Z" - }, - { - "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" - }, - { - "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" - }, - { - "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" - }, - { - "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" - }, - { - "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" - }, - { - "id": "GO-2025-3447", - "modified": "2026-03-24T23:48:06.694170Z" - }, - { - "id": "GO-2025-3503", - "modified": "2026-04-16T22:45:11.580296Z" - }, - { - "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" - }, - { - "id": "GO-2025-3750", - "modified": "2026-02-04T03:28:12.135241Z" - }, - { - "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" - }, - { - "id": "GO-2025-3849", - "modified": "2026-03-24T23:55:13.286144Z" - }, - { - "id": "GO-2025-3956", - "modified": "2026-02-04T04:33:27.340869Z" - }, - { - "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" - }, - { - "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" - }, - { - "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" - }, - { - "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" - }, - { - "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" - }, - { - "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" - }, - { - "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" - }, - { - "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" - }, - { - "id": "GO-2025-4014", - "modified": "2026-04-27T10:30:02.875066Z" - }, - { - "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" - }, - { - "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" - }, - { - "id": "GO-2025-4175", - "modified": "2026-04-20T10:29:51.738669Z" - }, - { - "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" - }, - { - "id": "GO-2026-4340", - "modified": "2026-02-04T02:58:11.702669Z" - }, - { - "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" - }, - { - "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" - }, - { - "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-21T10:57:35.167856Z" - }, - { - "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" - }, - { - "id": "GO-2026-4865", - "modified": "2026-04-13T08:27:21.310377Z" - }, - { - "id": "GO-2026-4869", - "modified": "2026-04-13T08:27:14.491210Z" - }, - { - "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" - }, - { - "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" - }, - { - "id": "GO-2026-4946", - "modified": "2026-04-13T08:27:23.037509Z" - }, - { - "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" - }, - { - "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" - }, - { - "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" - }, - { - "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" - }, - { - "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" - }, - { - "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" - }, - { - "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" - }, - { - "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" - } - ] - } - ] - } - headers: - Content-Length: - - "3490" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 3 - host: api.osv.dev - body: | - {} - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Go_project_with_an_overridden_go_version - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 2 - body: | - {} - headers: - Content-Length: - - "2" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 260 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.21.7" - }, - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.21.7" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Go_project_with_an_overridden_go_version,_recursive - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 6967 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "GO-2024-2598", - "modified": "2026-02-04T03:12:08.722840Z" - }, - { - "id": "GO-2024-2599", - "modified": "2026-02-04T02:21:09.533216Z" - }, - { - "id": "GO-2024-2600", - "modified": "2026-02-04T02:34:41.672789Z" - }, - { - "id": "GO-2024-2609", - "modified": "2026-02-04T04:37:13.773873Z" - }, - { - "id": "GO-2024-2610", - "modified": "2026-02-04T03:09:18.870079Z" - }, - { - "id": "GO-2024-2687", - "modified": "2026-02-04T04:09:31.762399Z" - }, - { - "id": "GO-2024-2887", - "modified": "2026-03-23T05:07:22.471505Z" - }, - { - "id": "GO-2024-2888", - "modified": "2026-03-23T05:00:55.888787Z" - }, - { - "id": "GO-2024-2963", - "modified": "2026-02-04T03:37:39.895574Z" - }, - { - "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" - }, - { - "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" - }, - { - "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" - }, - { - "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" - }, - { - "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" - }, - { - "id": "GO-2025-3447", - "modified": "2026-03-24T23:48:06.694170Z" - }, - { - "id": "GO-2025-3503", - "modified": "2026-04-16T22:45:11.580296Z" - }, - { - "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" - }, - { - "id": "GO-2025-3750", - "modified": "2026-02-04T03:28:12.135241Z" - }, - { - "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" - }, - { - "id": "GO-2025-3849", - "modified": "2026-03-24T23:55:13.286144Z" - }, - { - "id": "GO-2025-3956", - "modified": "2026-02-04T04:33:27.340869Z" - }, - { - "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" - }, - { - "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" - }, - { - "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" - }, - { - "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" - }, - { - "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" - }, - { - "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" - }, - { - "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" - }, - { - "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" - }, - { - "id": "GO-2025-4014", - "modified": "2026-04-27T10:30:02.875066Z" - }, - { - "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" - }, - { - "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" - }, - { - "id": "GO-2025-4175", - "modified": "2026-04-20T10:29:51.738669Z" - }, - { - "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" - }, - { - "id": "GO-2026-4340", - "modified": "2026-02-04T02:58:11.702669Z" - }, - { - "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" - }, - { - "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" - }, - { - "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-21T10:57:35.167856Z" - }, - { - "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" - }, - { - "id": "GO-2026-4865", - "modified": "2026-04-13T08:27:21.310377Z" - }, - { - "id": "GO-2026-4869", - "modified": "2026-04-13T08:27:14.491210Z" - }, - { - "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" - }, - { - "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" - }, - { - "id": "GO-2026-4946", - "modified": "2026-04-13T08:27:23.037509Z" - }, - { - "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" - }, - { - "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" - }, - { - "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" - }, - { - "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" - }, - { - "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" - }, - { - "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" - }, - { - "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" - }, - { - "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" - } - ] - }, - { - "vulns": [ - { - "id": "GO-2024-2598", - "modified": "2026-02-04T03:12:08.722840Z" - }, - { - "id": "GO-2024-2599", - "modified": "2026-02-04T02:21:09.533216Z" - }, - { - "id": "GO-2024-2600", - "modified": "2026-02-04T02:34:41.672789Z" - }, - { - "id": "GO-2024-2609", - "modified": "2026-02-04T04:37:13.773873Z" - }, - { - "id": "GO-2024-2610", - "modified": "2026-02-04T03:09:18.870079Z" - }, - { - "id": "GO-2024-2687", - "modified": "2026-02-04T04:09:31.762399Z" - }, - { - "id": "GO-2024-2887", - "modified": "2026-03-23T05:07:22.471505Z" - }, - { - "id": "GO-2024-2888", - "modified": "2026-03-23T05:00:55.888787Z" - }, - { - "id": "GO-2024-2963", - "modified": "2026-02-04T03:37:39.895574Z" - }, - { - "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" - }, - { - "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" - }, - { - "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" - }, - { - "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" - }, - { - "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" - }, - { - "id": "GO-2025-3447", - "modified": "2026-03-24T23:48:06.694170Z" - }, - { - "id": "GO-2025-3503", - "modified": "2026-04-16T22:45:11.580296Z" - }, - { - "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" - }, - { - "id": "GO-2025-3750", - "modified": "2026-02-04T03:28:12.135241Z" - }, - { - "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" - }, - { - "id": "GO-2025-3849", - "modified": "2026-03-24T23:55:13.286144Z" - }, - { - "id": "GO-2025-3956", - "modified": "2026-02-04T04:33:27.340869Z" - }, - { - "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" - }, - { - "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" - }, - { - "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" - }, - { - "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" - }, - { - "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" - }, - { - "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" - }, - { - "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" - }, - { - "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" - }, - { - "id": "GO-2025-4014", - "modified": "2026-04-27T10:30:02.875066Z" - }, - { - "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" - }, - { - "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" - }, - { - "id": "GO-2025-4175", - "modified": "2026-04-20T10:29:51.738669Z" - }, - { - "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" - }, - { - "id": "GO-2026-4340", - "modified": "2026-02-04T02:58:11.702669Z" - }, - { - "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" - }, - { - "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" - }, - { - "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-21T10:57:35.167856Z" - }, - { - "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" - }, - { - "id": "GO-2026-4865", - "modified": "2026-04-13T08:27:21.310377Z" - }, - { - "id": "GO-2026-4869", - "modified": "2026-04-13T08:27:14.491210Z" - }, - { - "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" - }, - { - "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" - }, - { - "id": "GO-2026-4946", - "modified": "2026-04-13T08:27:23.037509Z" - }, - { - "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" - }, - { - "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" - }, - { - "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" - }, - { - "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" - }, - { - "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" - }, - { - "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" - }, - { - "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" - }, - { - "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" - } - ] - } - ] - } - headers: - Content-Length: - - "6967" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 3 - host: api.osv.dev - body: | - {} - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Go_project_with_an_overridden_go_version,_recursive - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 2 - body: | - {} - headers: - Content-Length: - - "2" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 141 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.21.7" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Go_project_with_an_overridden_go_version_and_licences - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 3490 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "GO-2024-2598", - "modified": "2026-02-04T03:12:08.722840Z" - }, - { - "id": "GO-2024-2599", - "modified": "2026-02-04T02:21:09.533216Z" - }, - { - "id": "GO-2024-2600", - "modified": "2026-02-04T02:34:41.672789Z" - }, - { - "id": "GO-2024-2609", - "modified": "2026-02-04T04:37:13.773873Z" - }, - { - "id": "GO-2024-2610", - "modified": "2026-02-04T03:09:18.870079Z" - }, - { - "id": "GO-2024-2687", - "modified": "2026-02-04T04:09:31.762399Z" - }, - { - "id": "GO-2024-2887", - "modified": "2026-03-23T05:07:22.471505Z" - }, - { - "id": "GO-2024-2888", - "modified": "2026-03-23T05:00:55.888787Z" - }, - { - "id": "GO-2024-2963", - "modified": "2026-02-04T03:37:39.895574Z" - }, - { - "id": "GO-2024-3105", - "modified": "2026-02-24T16:29:04.364011Z" - }, - { - "id": "GO-2024-3106", - "modified": "2026-02-24T16:29:04.606789Z" - }, - { - "id": "GO-2024-3107", - "modified": "2026-02-24T16:29:04.677030Z" - }, - { - "id": "GO-2025-3373", - "modified": "2026-02-17T16:13:53.362266Z" - }, - { - "id": "GO-2025-3420", - "modified": "2026-02-17T16:13:53.083304Z" - }, - { - "id": "GO-2025-3447", - "modified": "2026-03-24T23:48:06.694170Z" - }, - { - "id": "GO-2025-3503", - "modified": "2026-04-16T22:45:11.580296Z" - }, - { - "id": "GO-2025-3563", - "modified": "2026-02-17T16:13:52.395126Z" - }, - { - "id": "GO-2025-3750", - "modified": "2026-02-04T03:28:12.135241Z" - }, - { - "id": "GO-2025-3751", - "modified": "2026-02-17T16:13:52.185280Z" - }, - { - "id": "GO-2025-3849", - "modified": "2026-03-24T23:55:13.286144Z" - }, - { - "id": "GO-2025-3956", - "modified": "2026-02-04T04:33:27.340869Z" - }, - { - "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" - }, - { - "id": "GO-2025-4007", - "modified": "2026-02-17T13:58:48.676604Z" - }, - { - "id": "GO-2025-4008", - "modified": "2026-02-17T13:58:48.077685Z" - }, - { - "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" - }, - { - "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" - }, - { - "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" - }, - { - "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" - }, - { - "id": "GO-2025-4013", - "modified": "2026-02-17T13:58:47.501939Z" - }, - { - "id": "GO-2025-4014", - "modified": "2026-04-27T10:30:02.875066Z" - }, - { - "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" - }, - { - "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" - }, - { - "id": "GO-2025-4175", - "modified": "2026-04-20T10:29:51.738669Z" - }, - { - "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" - }, - { - "id": "GO-2026-4340", - "modified": "2026-02-04T02:58:11.702669Z" - }, - { - "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" - }, - { - "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" - }, - { - "id": "GO-2026-4403", - "modified": "2026-04-16T23:29:13.433458Z" - }, - { - "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" - }, - { - "id": "GO-2026-4602", - "modified": "2026-03-10T10:43:54.463365Z" - }, - { - "id": "GO-2026-4603", - "modified": "2026-03-21T10:57:35.167856Z" - }, - { - "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" - }, - { - "id": "GO-2026-4865", - "modified": "2026-04-13T08:27:21.310377Z" - }, - { - "id": "GO-2026-4869", - "modified": "2026-04-13T08:27:14.491210Z" - }, - { - "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" - }, - { - "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" - }, - { - "id": "GO-2026-4946", - "modified": "2026-04-13T08:27:23.037509Z" - }, - { - "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" - }, - { - "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" - }, - { - "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" - }, - { - "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" - }, - { - "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" - }, - { - "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" - }, - { - "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" - }, - { - "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" - } - ] - } - ] - } - headers: - Content-Length: - - "3490" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 3 - host: api.osv.dev - body: | - {} - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Go_project_with_an_overridden_go_version_and_licences - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 2 - body: | - {} - headers: - Content-Length: - - "2" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 1852 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Alpine", - "name": "alpine-baselayout" - }, - "version": "3.4.0-r0" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "alpine-baselayout-data" - }, - "version": "3.4.0-r0" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "alpine-keys" - }, - "version": "2.4-r1" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "apk-tools" - }, - "version": "2.12.10-r1" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "busybox-binsh" - }, - "version": "1.36.1-r27" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "ca-certificates-bundle" - }, - "version": "20220614-r4" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "libc-utils" - }, - "version": "0.7.2-r3" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "libcrypto3" - }, - "version": "3.0.8-r0" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "libssl3" - }, - "version": "3.0.8-r0" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "musl" - }, - "version": "1.2.3-r4" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "musl-utils" - }, - "version": "1.2.3-r4" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "scanelf" - }, - "version": "1.3.5-r1" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "ssl_client" - }, - "version": "1.36.1-r27" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "zlib" - }, - "version": "1.2.10-r0" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/PURL_SBOM_case_sensitivity_(api) - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 576 - body: | - { - "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - { - "vulns": [ - { - "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:16:21.978419Z" - }, - { - "id": "ALPINE-CVE-2026-40200", - "modified": "2026-04-11T08:33:07.486264Z" - }, - { - "id": "ALPINE-CVE-2026-6042", - "modified": "2026-04-11T10:34:34.952791Z" - } - ] - }, - {}, - {}, - {}, - { - "vulns": [ - { - "id": "ALPINE-CVE-2018-25032", - "modified": "2025-12-03T22:47:03.844688Z" - }, - { - "id": "ALPINE-CVE-2022-37434", - "modified": "2025-12-03T22:50:43.469206Z" - }, - { - "id": "ALPINE-CVE-2026-22184", - "modified": "2026-04-14T16:32:07.574001Z" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "2026-04-14T16:32:22.282381Z" - } - ] - } - ] - } - headers: - Content-Length: - - "576" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 144 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.1" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/Sarif_with_vulns - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 95 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "GHSA-whgm-jr23-g3j9", - "modified": "2023-11-08T04:05:08.868477Z" - } - ] - } - ] - } - headers: - Content-Length: - - "95" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 298 + content_length: 3 host: api.osv.dev body: | - { - "queries": [ - { - "package": { - "ecosystem": "NuGet", - "name": "System.Text.RegularExpressions" - }, - "version": "4.3.0" - }, - { - "package": { - "ecosystem": "NuGet", - "name": "Newtonsoft.Json" - }, - "version": "12.0.1" - } - ] - } + {} headers: Content-Type: - application/json X-Test-Name: - - TestCommand/Scan_locks-dotnet + - TestCommand/Go_project_with_an_overridden_go_version url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 177 + content_length: 2 body: | - { - "results": [ - { - "vulns": [ - { - "id": "GHSA-cmhx-cq75-c4mj", - "modified": "2023-11-08T04:00:33.819349Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-5crp-9r3c-p9vr", - "modified": "2026-02-04T04:31:41.201349Z" - } - ] - } - ] - } + {} headers: Content-Length: - - "177" + - "2" Content-Type: - application/json status: 200 OK @@ -1698,65 +307,27 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 521 + content_length: 3 host: api.osv.dev body: | - { - "queries": [ - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.8" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - } - ] - } + {} headers: Content-Type: - application/json X-Test-Name: - - TestCommand/Scan_locks-many + - TestCommand/Go_project_with_an_overridden_go_version,_recursive url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 25 + content_length: 2 body: | - { - "results": [ - {}, - {}, - {}, - {} - ] - } + {} headers: Content-Length: - - "25" + - "2" Content-Type: - application/json status: 200 OK @@ -1766,49 +337,27 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 270 + content_length: 3 host: api.osv.dev body: | - { - "queries": [ - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - } - ] - } + {} headers: Content-Type: - application/json X-Test-Name: - - TestCommand/all_supported_lockfiles_in_the_directory_should_be_checked + - TestCommand/Go_project_with_an_overridden_go_version_and_licences url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 19 + content_length: 2 body: | - { - "results": [ - {}, - {} - ] - } + {} headers: Content-Length: - - "19" + - "2" Content-Type: - application/json status: 200 OK @@ -1818,48 +367,11 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 3372 + content_length: 1852 host: api.osv.dev body: | { "queries": [ - { - "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "Go", - "name": "stdlib" - }, - "version": "1.99.9" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.99.9" - }, - { - "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973" - }, - { - "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d" - }, - { - "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6" - }, - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, { "package": { "ecosystem": "Alpine", @@ -1912,93 +424,51 @@ interactions: { "package": { "ecosystem": "Alpine", - "name": "libcrypto3" - }, - "version": "3.0.8-r0" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "libssl3" - }, - "version": "3.0.8-r0" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "musl" - }, - "version": "1.2.3-r4" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "musl-utils" - }, - "version": "1.2.3-r4" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "scanelf" - }, - "version": "1.3.5-r1" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "ssl_client" - }, - "version": "1.36.1-r27" - }, - { - "package": { - "ecosystem": "Alpine", - "name": "zlib" + "name": "libcrypto3" }, - "version": "1.2.13-r0" + "version": "3.0.8-r0" }, { "package": { - "ecosystem": "Packagist", - "name": "drupal/core" + "ecosystem": "Alpine", + "name": "libssl3" }, - "version": "10.4.5" + "version": "3.0.8-r0" }, { "package": { - "ecosystem": "Packagist", - "name": "drupal/simple_sitemap" + "ecosystem": "Alpine", + "name": "musl" }, - "version": "4.2.1" + "version": "1.2.3-r4" }, { "package": { - "ecosystem": "Packagist", - "name": "drupal/tfa" + "ecosystem": "Alpine", + "name": "musl-utils" }, - "version": "2.0.0-alpha4" + "version": "1.2.3-r4" }, { "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" + "ecosystem": "Alpine", + "name": "scanelf" }, - "version": "1.0.8" + "version": "1.3.5-r1" }, { "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" + "ecosystem": "Alpine", + "name": "ssl_client" }, - "version": "2.0.4" + "version": "1.36.1-r27" }, { "package": { - "ecosystem": "Packagist", - "name": "theseer/tokenizer" + "ecosystem": "Alpine", + "name": "zlib" }, - "version": "1.1.3" + "version": "1.2.10-r0" } ] } @@ -2006,42 +476,17 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/config_file_can_be_broad + - TestCommand/PURL_SBOM_case_sensitivity_(api) url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1566 + content_length: 576 body: | { "results": [ - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" - } - ] - }, - {}, - {}, - {}, - { - "vulns": [ - { - "id": "CVE-2023-39137", - "modified": "2026-04-10T05:00:16.792714Z" - }, - { - "id": "CVE-2023-39139", - "modified": "2026-04-10T05:00:16.785150Z" - } - ] - }, - {}, - {}, {}, {}, {}, @@ -2072,6 +517,14 @@ interactions: {}, { "vulns": [ + { + "id": "ALPINE-CVE-2018-25032", + "modified": "2025-12-03T22:47:03.844688Z" + }, + { + "id": "ALPINE-CVE-2022-37434", + "modified": "2025-12-03T22:50:43.469206Z" + }, { "id": "ALPINE-CVE-2026-22184", "modified": "2026-04-14T16:32:07.574001Z" @@ -2081,75 +534,249 @@ interactions: "modified": "2026-04-14T16:32:22.282381Z" } ] - }, + } + ] + } + headers: + Content-Length: + - "576" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 144 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Sarif_with_vulns + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 95 + body: | + { + "results": [ { "vulns": [ { - "id": "DRUPAL-CORE-2025-005", - "modified": "2025-12-10T23:41:07.744028Z" - }, - { - "id": "DRUPAL-CORE-2025-006", - "modified": "2025-12-10T23:41:16.689525Z" - }, - { - "id": "DRUPAL-CORE-2025-007", - "modified": "2025-12-10T23:41:19.050806Z" - }, - { - "id": "DRUPAL-CORE-2025-008", - "modified": "2025-12-10T23:41:00.167393Z" - }, - { - "id": "DRUPAL-CORE-2026-001", - "modified": "2026-04-15T19:57:30.305696Z" - }, - { - "id": "DRUPAL-CORE-2026-002", - "modified": "2026-04-15T19:45:11.714415Z" - }, - { - "id": "GHSA-83v7-c2cf-p9c2", - "modified": "2025-12-10T23:41:07.744028Z" - }, - { - "id": "GHSA-h89p-5896-f4q8", - "modified": "2025-12-10T23:41:19.050806Z" - }, - { - "id": "GHSA-m6vv-vcj8-w8m7", - "modified": "2025-12-10T23:41:16.689525Z" - }, + "id": "GHSA-whgm-jr23-g3j9", + "modified": "2023-11-08T04:05:08.868477Z" + } + ] + } + ] + } + headers: + Content-Length: + - "95" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 298 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "NuGet", + "name": "System.Text.RegularExpressions" + }, + "version": "4.3.0" + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Newtonsoft.Json" + }, + "version": "12.0.1" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Scan_locks-dotnet + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 177 + body: | + { + "results": [ + { + "vulns": [ { - "id": "GHSA-mhpg-hpj5-73r2", - "modified": "2026-02-03T03:15:35.495869Z" + "id": "GHSA-cmhx-cq75-c4mj", + "modified": "2023-11-08T04:00:33.819349Z" } ] }, { "vulns": [ { - "id": "DRUPAL-CONTRIB-2025-083", - "modified": "2025-12-10T23:41:32.857305Z" + "id": "GHSA-5crp-9r3c-p9vr", + "modified": "2026-02-04T04:31:41.201349Z" } ] + } + ] + } + headers: + Content-Length: + - "177" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 521 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" + }, + { + "package": { + "ecosystem": "Packagist", + "name": "sentry/sdk" + }, + "version": "2.0.4" + }, + { + "package": { + "ecosystem": "npm", + "name": "ansi-html" + }, + "version": "0.0.8" }, + { + "package": { + "ecosystem": "npm", + "name": "balanced-match" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/Scan_locks-many + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 25 + body: | + { + "results": [ + {}, {}, + {}, + {} + ] + } + headers: + Content-Length: + - "25" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 270 + host: api.osv.dev + body: | + { + "queries": [ { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" - } - ] + "package": { + "ecosystem": "RubyGems", + "name": "ast" + }, + "version": "2.4.2" }, + { + "package": { + "ecosystem": "npm", + "name": "balanced-match" + }, + "version": "1.0.2" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand/all_supported_lockfiles_in_the_directory_should_be_checked + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 19 + body: | + { + "results": [ {}, {} ] } headers: Content-Length: - - "1566" + - "19" Content-Type: - application/json status: 200 OK @@ -2159,7 +786,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 3253 + content_length: 3372 host: api.osv.dev body: | { @@ -2171,6 +798,13 @@ interactions: }, "version": "1.0.8" }, + { + "package": { + "ecosystem": "Go", + "name": "stdlib" + }, + "version": "1.99.9" + }, { "package": { "ecosystem": "Go", @@ -2347,7 +981,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1278 + content_length: 1566 body: | { "results": [ @@ -2355,21 +989,22 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" + "modified": "2026-03-13T22:01:08.982482Z" } ] }, {}, {}, + {}, { "vulns": [ { "id": "CVE-2023-39137", - "modified": "2025-11-20T12:19:03.518975Z" + "modified": "2026-04-10T05:00:16.792714Z" }, { "id": "CVE-2023-39139", - "modified": "2025-11-20T12:19:06.047365Z" + "modified": "2026-04-10T05:00:16.785150Z" } ] }, @@ -2388,7 +1023,15 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2025-26519", - "modified": "2025-12-11T11:01:04.579010Z" + "modified": "2025-12-11T11:16:21.978419Z" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "2026-04-11T08:33:07.486264Z" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "2026-04-11T10:34:34.952791Z" } ] }, @@ -2399,11 +1042,11 @@ interactions: "vulns": [ { "id": "ALPINE-CVE-2026-22184", - "modified": "2026-03-09T02:10:12.057314Z" + "modified": "2026-04-14T16:32:07.574001Z" }, { "id": "ALPINE-CVE-2026-27171", - "modified": "2026-03-09T02:09:33.041671Z" + "modified": "2026-04-14T16:32:22.282381Z" } ] }, @@ -2426,159 +1069,55 @@ interactions: "modified": "2025-12-10T23:41:00.167393Z" }, { - "id": "GHSA-83v7-c2cf-p9c2", - "modified": "2025-12-10T23:41:07.744028Z" + "id": "DRUPAL-CORE-2026-001", + "modified": "2026-04-15T19:57:30.305696Z" }, { - "id": "GHSA-h89p-5896-f4q8", - "modified": "2025-12-10T23:41:19.050806Z" + "id": "DRUPAL-CORE-2026-002", + "modified": "2026-04-15T19:45:11.714415Z" }, { - "id": "GHSA-m6vv-vcj8-w8m7", - "modified": "2025-12-10T23:41:16.689525Z" + "id": "GHSA-83v7-c2cf-p9c2", + "modified": "2025-12-10T23:41:07.744028Z" }, - { - "id": "GHSA-mhpg-hpj5-73r2", - "modified": "2026-02-03T03:15:35.495869Z" - } - ] - }, - { - "vulns": [ - { - "id": "DRUPAL-CONTRIB-2025-083", - "modified": "2025-12-10T23:41:32.857305Z" - } - ] - }, - {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, - {}, - {} - ] - } - headers: - Content-Length: - - "1278" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 151 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/config_file_is_invalid - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 16 - body: | - { - "results": [ - {} - ] - } - headers: - Content-Length: - - "16" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 521 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.8" - }, - { - "package": { - "ecosystem": "npm", - "name": "balanced-match" - }, - "version": "1.0.2" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 25 - body: | - { - "results": [ - {}, + { + "id": "GHSA-h89p-5896-f4q8", + "modified": "2025-12-10T23:41:19.050806Z" + }, + { + "id": "GHSA-m6vv-vcj8-w8m7", + "modified": "2025-12-10T23:41:16.689525Z" + }, + { + "id": "GHSA-mhpg-hpj5-73r2", + "modified": "2026-02-03T03:15:35.495869Z" + } + ] + }, + { + "vulns": [ + { + "id": "DRUPAL-CONTRIB-2025-083", + "modified": "2025-12-10T23:41:32.857305Z" + } + ] + }, {}, + { + "vulns": [ + { + "id": "GHSA-9f46-5r25-5wfm", + "modified": "2026-03-13T22:01:08.982482Z" + } + ] + }, {}, {} ] } headers: Content-Length: - - "25" + - "1566" Content-Type: - application/json status: 200 OK @@ -2588,38 +1127,17 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 519 + content_length: 151 host: api.osv.dev body: | { "queries": [ - { - "package": { - "ecosystem": "npm", - "name": "has-flag" - }, - "version": "4.0.0" - }, - { - "package": { - "ecosystem": "npm", - "name": "wrappy" - }, - "version": "1.0.2" - }, { "package": { "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" + "name": "sentry/sdk" }, - "version": "1.99.9" + "version": "2.0.4" } ] } @@ -2627,33 +1145,23 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/cyclonedx_1.4_output + - TestCommand/config_file_is_invalid url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 104 + content_length: 16 body: | { "results": [ - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, {} ] } headers: Content-Length: - - "104" + - "16" Content-Type: - application/json status: 200 OK @@ -2663,45 +1171,38 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 638 + content_length: 521 host: api.osv.dev body: | { "queries": [ { "package": { - "ecosystem": "npm", - "name": "has-flag" - }, - "version": "4.0.0" - }, - { - "package": { - "ecosystem": "npm", - "name": "wrappy" + "ecosystem": "RubyGems", + "name": "ast" }, - "version": "1.0.2" + "version": "2.4.2" }, { "package": { "ecosystem": "Packagist", - "name": "league/flysystem" + "name": "sentry/sdk" }, - "version": "1.0.8" + "version": "2.0.4" }, { "package": { - "ecosystem": "Go", - "name": "stdlib" + "ecosystem": "npm", + "name": "ansi-html" }, - "version": "1.99.9" + "version": "0.0.8" }, { "package": { - "ecosystem": "Go", - "name": "toolchain" + "ecosystem": "npm", + "name": "balanced-match" }, - "version": "1.99.9" + "version": "1.0.2" } ] } @@ -2709,34 +1210,26 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/cyclonedx_1.4_output + - TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 107 + content_length: 25 body: | { "results": [ {}, {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-13T22:01:08.982482Z" - } - ] - }, {}, {} ] } headers: Content-Length: - - "107" + - "25" Content-Type: - application/json status: 200 OK @@ -2792,7 +1285,7 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand/cyclonedx_1.5_output + - TestCommand/cyclonedx_1.4_output url: https://api.osv.dev/v1/querybatch method: POST response: @@ -2829,7 +1322,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 519 + content_length: 638 host: api.osv.dev body: | { @@ -2855,6 +1348,13 @@ interactions: }, "version": "1.0.8" }, + { + "package": { + "ecosystem": "Go", + "name": "stdlib" + }, + "version": "1.99.9" + }, { "package": { "ecosystem": "Go", @@ -2875,7 +1375,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 104 + content_length: 107 body: | { "results": [ @@ -2885,16 +1385,17 @@ interactions: "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" + "modified": "2026-03-13T22:01:08.982482Z" } ] }, + {}, {} ] } headers: Content-Length: - - "104" + - "107" Content-Type: - application/json status: 200 OK @@ -5555,7 +4056,7 @@ interactions: }, { "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-04-28T20:31:23.836312Z" + "modified": "2026-05-14T09:00:11.435092Z" }, { "id": "DEBIAN-CVE-2026-28386", @@ -6193,7 +4694,7 @@ interactions: }, { "id": "GO-2025-4006", - "modified": "2026-02-17T16:13:53.018755Z" + "modified": "2026-05-14T10:29:24.258970Z" }, { "id": "GO-2025-4007", @@ -6205,19 +4706,19 @@ interactions: }, { "id": "GO-2025-4009", - "modified": "2026-02-13T02:58:48.571208Z" + "modified": "2026-05-14T10:29:24.122680Z" }, { "id": "GO-2025-4010", - "modified": "2026-02-13T21:28:48.362505Z" + "modified": "2026-05-14T10:29:24.403279Z" }, { "id": "GO-2025-4011", - "modified": "2026-02-17T13:58:47.352598Z" + "modified": "2026-05-14T10:29:25.646977Z" }, { "id": "GO-2025-4012", - "modified": "2026-02-17T13:58:47.721658Z" + "modified": "2026-05-14T10:29:24.051131Z" }, { "id": "GO-2025-4013", @@ -6229,11 +4730,11 @@ interactions: }, { "id": "GO-2025-4015", - "modified": "2026-02-17T16:13:53.510662Z" + "modified": "2026-05-14T10:29:24.698010Z" }, { "id": "GO-2025-4155", - "modified": "2026-05-01T10:44:19.916517Z" + "modified": "2026-05-14T10:29:25.197248Z" }, { "id": "GO-2025-4175", @@ -6241,7 +4742,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-05-01T10:44:19.759070Z" + "modified": "2026-05-14T10:29:24.471667Z" }, { "id": "GO-2026-4340", @@ -6249,15 +4750,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-05-01T10:44:20.067303Z" + "modified": "2026-05-14T10:29:24.191163Z" }, { "id": "GO-2026-4342", - "modified": "2026-05-01T10:44:19.685130Z" + "modified": "2026-05-14T10:29:23.612303Z" }, { "id": "GO-2026-4601", - "modified": "2026-05-06T10:29:20.668884Z" + "modified": "2026-05-14T10:29:25.336143Z" }, { "id": "GO-2026-4602", @@ -6269,7 +4770,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-05-07T10:29:24.131289Z" + "modified": "2026-05-14T10:29:24.631052Z" }, { "id": "GO-2026-4865", @@ -6281,11 +4782,11 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-05-07T10:29:24.251118Z" + "modified": "2026-05-14T10:29:24.836627Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-07T19:48:30.304907Z" + "modified": "2026-05-11T08:11:05.383192Z" }, { "id": "GO-2026-4946", @@ -6293,35 +4794,35 @@ interactions: }, { "id": "GO-2026-4947", - "modified": "2026-05-07T10:29:23.938623Z" + "modified": "2026-05-14T10:29:23.774115Z" }, { "id": "GO-2026-4971", - "modified": "2026-05-07T19:46:46.353468Z" + "modified": "2026-05-11T08:11:03.964539Z" }, { "id": "GO-2026-4976", - "modified": "2026-05-07T19:48:39.650770Z" + "modified": "2026-05-11T08:11:26.883618Z" }, { "id": "GO-2026-4977", - "modified": "2026-05-07T19:48:33.928206Z" + "modified": "2026-05-11T08:11:25.012229Z" }, { "id": "GO-2026-4980", - "modified": "2026-05-07T19:47:48.961884Z" + "modified": "2026-05-11T08:11:24.291670Z" }, { "id": "GO-2026-4981", - "modified": "2026-05-07T19:48:48.608632Z" + "modified": "2026-05-11T08:11:09.084571Z" }, { "id": "GO-2026-4982", - "modified": "2026-05-07T19:48:37.099912Z" + "modified": "2026-05-11T08:11:21.041304Z" }, { "id": "GO-2026-4986", - "modified": "2026-05-07T19:48:26.153681Z" + "modified": "2026-05-11T08:11:18.687307Z" } ] }, @@ -6333,35 +4834,35 @@ interactions: }, { "id": "GO-2026-4339", - "modified": "2026-04-14T11:11:56.511311Z" + "modified": "2026-05-14T10:29:23.985894Z" }, { "id": "GO-2026-4433", - "modified": "2026-04-04T10:29:23.122159Z" + "modified": "2026-05-14T10:29:24.765682Z" }, { "id": "GO-2026-4867", - "modified": "2026-05-06T10:29:20.419872Z" + "modified": "2026-05-12T10:29:43.442643Z" }, { "id": "GO-2026-4868", - "modified": "2026-05-06T10:29:21.042020Z" + "modified": "2026-05-12T10:29:43.343416Z" }, { "id": "GO-2026-4871", - "modified": "2026-05-06T10:29:20.740630Z" + "modified": "2026-05-13T10:44:29.004383Z" }, { "id": "GO-2026-4978", - "modified": "2026-05-07T19:48:45.574896Z" + "modified": "2026-05-11T08:11:12.158741Z" }, { "id": "GO-2026-4979", - "modified": "2026-05-07T19:48:51.744963Z" + "modified": "2026-05-11T08:11:02.813045Z" }, { "id": "GO-2026-4984", - "modified": "2026-05-07T19:48:43.011638Z" + "modified": "2026-05-11T08:11:10.315432Z" } ] } @@ -6375,65 +4876,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 144 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.24.4" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/go_packages_in_osv-scanner.json_format - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 214 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "GO-2025-3828", - "modified": "2026-02-04T03:33:13.542630Z" - }, - { - "id": "GO-2026-4339", - "modified": "2026-02-04T04:20:19.626029Z" - }, - { - "id": "GO-2026-4433", - "modified": "2026-03-02T10:44:08.411132Z" - } - ] - } - ] - } - headers: - Content-Length: - - "214" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -8478,81 +6920,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 519 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "npm", - "name": "has-flag" - }, - "version": "4.0.0" - }, - { - "package": { - "ecosystem": "npm", - "name": "wrappy" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.99.9" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand/spdx_2.3_output - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 104 - body: | - { - "results": [ - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "104" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml index 9432bd47be4..ea406e2dde6 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml @@ -116,11 +116,11 @@ interactions: }, { "id": "GO-2026-4961", - "modified": "2026-05-06T10:29:21.479671Z" + "modified": "2026-05-14T02:44:28.865999Z" }, { "id": "GO-2026-4962", - "modified": "2026-04-21T19:15:13.253886Z" + "modified": "2026-05-14T17:44:15.861193Z" } ] } diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml index 6409a7d09b5..cb699a8cb98 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml @@ -132,7 +132,7 @@ interactions: }, { "id": "OSV-2024-340", - "modified": "2026-05-07T14:09:36.724586Z" + "modified": "2026-05-14T14:26:07.696075Z" } ] }, @@ -181,7 +181,7 @@ interactions: }, { "id": "CVE-2025-9230", - "modified": "2026-05-07T18:29:19.531271Z" + "modified": "2026-05-12T18:44:24.110803Z" }, { "id": "CVE-2025-9231", @@ -197,15 +197,15 @@ interactions: "vulns": [ { "id": "CVE-2025-11187", - "modified": "2026-05-07T18:29:21.756996Z" + "modified": "2026-05-12T18:44:23.891750Z" }, { "id": "CVE-2025-15467", - "modified": "2026-05-07T18:29:22.159755Z" + "modified": "2026-05-12T18:44:23.827627Z" }, { "id": "CVE-2025-15468", - "modified": "2026-05-07T18:29:20.997946Z" + "modified": "2026-05-12T18:44:20.693904Z" }, { "id": "CVE-2025-15469", @@ -241,7 +241,7 @@ interactions: }, { "id": "CVE-2025-9230", - "modified": "2026-05-07T18:29:19.531271Z" + "modified": "2026-05-12T18:44:24.110803Z" }, { "id": "CVE-2025-9231", diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml index 8042c34a95a..888dee00df2 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml @@ -2484,7 +2484,7 @@ interactions: }, { "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-04-28T20:31:23.836312Z" + "modified": "2026-05-14T09:00:11.435092Z" }, { "id": "DEBIAN-CVE-2026-28386", @@ -5120,7 +5120,7 @@ interactions: }, { "id": "DEBIAN-CVE-2026-2673", - "modified": "2026-04-28T20:31:23.836312Z" + "modified": "2026-05-14T09:00:11.435092Z" }, { "id": "DEBIAN-CVE-2026-28386", diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml index 8f53bf3acb4..1a4f50c0c84 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml @@ -296,7 +296,7 @@ interactions: }, { "id": "CVE-2025-15467", - "modified": "2026-05-07T18:29:22.159755Z" + "modified": "2026-05-12T18:44:23.827627Z" }, { "id": "CVE-2025-68160", @@ -320,7 +320,7 @@ interactions: }, { "id": "CVE-2025-9230", - "modified": "2026-05-07T18:29:19.531271Z" + "modified": "2026-05-12T18:44:24.110803Z" }, { "id": "CVE-2025-9232", diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml index ac1b483d3fd..418d85d7930 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Licenses.yaml @@ -604,81 +604,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 529 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.99.9" - }, - { - "package": { - "ecosystem": "RubyGems", - "name": "ast" - }, - "version": "2.4.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "sentry/sdk" - }, - "version": "2.0.4" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_Licenses/Some_packages_with_ignored_licenses - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 104 - body: | - { - "results": [ - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, - {}, - {}, - {} - ] - } - headers: - Content-Length: - - "104" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml index 67959ea1664..660f7fe0eaf 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_LockfileWithExplicitParseAs.yaml @@ -246,111 +246,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 763 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "npm", - "name": "has-flag" - }, - "version": "4.0.0" - }, - { - "package": { - "ecosystem": "npm", - "name": "wrappy" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.1" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.1" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.99.9" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 268 - body: | - { - "results": [ - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-whgm-jr23-g3j9", - "modified": "2023-11-08T04:05:08.868477Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-whgm-jr23-g3j9", - "modified": "2023-11-08T04:05:08.868477Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "268" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -464,111 +359,6 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 763 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "npm", - "name": "has-flag" - }, - "version": "4.0.0" - }, - { - "package": { - "ecosystem": "npm", - "name": "wrappy" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.1" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.1" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.99.9" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_LockfileWithExplicitParseAs/multiple,_+_output_order_is_deterministic_2 - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 268 - body: | - { - "results": [ - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-whgm-jr23-g3j9", - "modified": "2023-11-08T04:05:08.868477Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-whgm-jr23-g3j9", - "modified": "2023-11-08T04:05:08.868477Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "268" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s - request: proto: HTTP/1.1 proto_major: 1 @@ -697,93 +487,3 @@ interactions: status: 200 OK code: 200 duration: 0s - - request: - proto: HTTP/1.1 - proto_major: 1 - proto_minor: 1 - content_length: 641 - host: api.osv.dev - body: | - { - "queries": [ - { - "package": { - "ecosystem": "npm", - "name": "has-flag" - }, - "version": "4.0.0" - }, - { - "package": { - "ecosystem": "npm", - "name": "wrappy" - }, - "version": "1.0.2" - }, - { - "package": { - "ecosystem": "Packagist", - "name": "league/flysystem" - }, - "version": "1.0.8" - }, - { - "package": { - "ecosystem": "npm", - "name": "ansi-html" - }, - "version": "0.0.1" - }, - { - "package": { - "ecosystem": "Go", - "name": "toolchain" - }, - "version": "1.99.9" - } - ] - } - headers: - Content-Type: - - application/json - X-Test-Name: - - TestCommand_LockfileWithExplicitParseAs/when_an_explicit_parse-as_is_given,_it's_applied_to_that_file - url: https://api.osv.dev/v1/querybatch - method: POST - response: - proto: HTTP/2.0 - proto_major: 2 - proto_minor: 0 - content_length: 186 - body: | - { - "results": [ - {}, - {}, - { - "vulns": [ - { - "id": "GHSA-9f46-5r25-5wfm", - "modified": "2026-03-10T23:45:30.937461Z" - } - ] - }, - { - "vulns": [ - { - "id": "GHSA-whgm-jr23-g3j9", - "modified": "2023-11-08T04:05:08.868477Z" - } - ] - }, - {} - ] - } - headers: - Content-Length: - - "186" - Content-Type: - - application/json - status: 200 OK - code: 200 - duration: 0s diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml index e9280d7e352..b746d60a5e7 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml @@ -401,7 +401,7 @@ interactions: }, { "id": "GHSA-c4rq-3m3g-8wgx", - "modified": "2026-05-07T15:59:19.908097Z" + "modified": "2026-05-09T10:44:28.215577Z" }, { "id": "GHSA-mrxw-mxhj-p664", @@ -409,7 +409,7 @@ interactions: }, { "id": "GHSA-v2fc-qm4h-8hqv", - "modified": "2026-05-07T15:59:19.133488Z" + "modified": "2026-05-09T10:44:28.032980Z" }, { "id": "GHSA-vvfq-8hwr-qm4m", @@ -650,11 +650,11 @@ interactions: "vulns": [ { "id": "GHSA-7gcm-g887-7qv7", - "modified": "2026-05-07T15:11:10.704825Z" + "modified": "2026-05-11T00:41:12.384762Z" }, { "id": "GHSA-8qvm-5x2c-j2w7", - "modified": "2026-05-07T15:11:16.613726Z" + "modified": "2026-05-11T00:26:28.487819Z" } ] } diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml index e4ce1459dcb..f58c00d7296 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml @@ -1781,7 +1781,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2153 + content_length: 2223 body: | { "results": [ @@ -1906,6 +1906,10 @@ interactions: "id": "GHSA-pq67-6m6q-mj2v", "modified": "2026-02-04T04:38:01.163387Z" }, + { + "id": "GHSA-qccp-gfcp-xxvc", + "modified": "2026-05-14T20:52:16.468619Z" + }, { "id": "GHSA-v845-jxx5-vc9f", "modified": "2026-02-04T02:58:30.152562Z" @@ -1937,7 +1941,7 @@ interactions: } headers: Content-Length: - - "2153" + - "2223" Content-Type: - application/json status: 200 OK @@ -2056,7 +2060,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2153 + content_length: 2223 body: | { "results": [ @@ -2181,6 +2185,10 @@ interactions: "id": "GHSA-pq67-6m6q-mj2v", "modified": "2026-02-04T04:38:01.163387Z" }, + { + "id": "GHSA-qccp-gfcp-xxvc", + "modified": "2026-05-14T20:52:16.468619Z" + }, { "id": "GHSA-v845-jxx5-vc9f", "modified": "2026-02-04T02:58:30.152562Z" @@ -2212,7 +2220,7 @@ interactions: } headers: Content-Length: - - "2153" + - "2223" Content-Type: - application/json status: 200 OK