Created
September 26, 2025 20:55
-
-
Save sozercan/945e4ebda53751b02b09f8a97ce253fc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@context": "https://openvex.dev/ns/v0.2.0", | |
| "@id": "govulncheck/vex:e47eb4a0ed7d490a5a94dfb6f85150e2244773b6977de80e8dc620dbd3d30a72", | |
| "author": "Unknown Author", | |
| "timestamp": "2025-09-26T20:54:41.812737311Z", | |
| "version": 1, | |
| "tooling": "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck", | |
| "statements": [ | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2022-0635", | |
| "name": "GO-2022-0635", | |
| "description": "In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go", | |
| "aliases": [ | |
| "CVE-2020-8912", | |
| "GHSA-7f33-f4f5-xwgw" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Faws%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_present", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2022-0646", | |
| "name": "GO-2022-0646", | |
| "description": "CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go", | |
| "aliases": [ | |
| "CVE-2020-8911", | |
| "GHSA-f5pg-7wfw-84q9" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Faws%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_present", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2024-3321", | |
| "name": "GO-2024-3321", | |
| "description": "Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto", | |
| "aliases": [ | |
| "CVE-2024-45337", | |
| "GHSA-v778-237x-gjrc" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/golang.org%2Fx%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2024-3333", | |
| "name": "GO-2024-3333", | |
| "description": "Non-linear parsing of case-insensitive content in golang.org/x/net/html", | |
| "aliases": [ | |
| "CVE-2024-45338", | |
| "GHSA-w32m-9786-jp63" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/golang.org%2Fx%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3367", | |
| "name": "GO-2025-3367", | |
| "description": "Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git", | |
| "aliases": [ | |
| "CVE-2025-21614", | |
| "GHSA-r9px-m959-cxf4" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fgo-git%2Fgo-git%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3368", | |
| "name": "GO-2025-3368", | |
| "description": "Argument Injection via the URL field in github.com/go-git/go-git", | |
| "aliases": [ | |
| "CVE-2025-21613", | |
| "GHSA-v725-9546-7q7m" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fgo-git%2Fgo-git%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3487", | |
| "name": "GO-2025-3487", | |
| "description": "Potential denial of service in golang.org/x/crypto", | |
| "aliases": [ | |
| "CVE-2025-22869" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/golang.org%2Fx%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3488", | |
| "name": "GO-2025-3488", | |
| "description": "Unexpected memory consumption during token parsing in golang.org/x/oauth2", | |
| "aliases": [ | |
| "CVE-2025-22868" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/golang.org%2Fx%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3503", | |
| "name": "GO-2025-3503", | |
| "description": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", | |
| "aliases": [ | |
| "CVE-2025-22870" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/golang.org%2Fx%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3527", | |
| "name": "GO-2025-3527", | |
| "description": "buildx allows a possible credential leakage to telemetry endpoint in github.com/docker/buildx", | |
| "aliases": [ | |
| "CVE-2025-0495", | |
| "GHSA-m4gq-fm9h-8q75" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fdocker%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3528", | |
| "name": "GO-2025-3528", | |
| "description": "containerd has an integer overflow in User ID handling in github.com/containerd/containerd", | |
| "aliases": [ | |
| "CVE-2024-40635", | |
| "GHSA-265r-hfxg-fhmg" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fcontainerd%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3595", | |
| "name": "GO-2025-3595", | |
| "description": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", | |
| "aliases": [ | |
| "CVE-2025-22872" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/golang.org%2Fx%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3601", | |
| "name": "GO-2025-3601", | |
| "description": "Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination in helm.sh/helm", | |
| "aliases": [ | |
| "CVE-2025-32386", | |
| "GHSA-4hfp-h4cw-hj8p" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/helm.sh%2Fhelm%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3602", | |
| "name": "GO-2025-3602", | |
| "description": "Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow in helm.sh/helm", | |
| "aliases": [ | |
| "CVE-2025-32387", | |
| "GHSA-5xqw-8hwv-wg92" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/helm.sh%2Fhelm%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3660", | |
| "name": "GO-2025-3660", | |
| "description": "OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa", | |
| "aliases": [ | |
| "CVE-2025-46569", | |
| "GHSA-6m8w-jc87-6cr7" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fopen-policy-agent%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_present", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3754", | |
| "name": "GO-2025-3754", | |
| "description": "CIRCL-Fourq: Missing and wrong validation can lead to incorrect results in github.com/cloudflare/circl", | |
| "aliases": [ | |
| "GHSA-2x5j-vhc8-9cwm" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fcloudflare%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3802", | |
| "name": "GO-2025-3802", | |
| "description": "Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm", | |
| "aliases": [ | |
| "CVE-2025-53547", | |
| "GHSA-557j-xg8c-q2mm" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/helm.sh%2Fhelm%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3829", | |
| "name": "GO-2025-3829", | |
| "description": "Moby firewalld reload removes bridge network isolation in github.com/docker/docker", | |
| "aliases": [ | |
| "CVE-2025-54410", | |
| "GHSA-4vq8-7jfc-9cvp" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fdocker%[email protected]+incompatible" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3887", | |
| "name": "GO-2025-3887", | |
| "description": "Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm", | |
| "aliases": [ | |
| "CVE-2025-55199", | |
| "GHSA-9h84-qmv7-982p" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/helm.sh%2Fhelm%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3888", | |
| "name": "GO-2025-3888", | |
| "description": "Helm May Panic Due To Incorrect YAML Content in helm.sh/helm", | |
| "aliases": [ | |
| "CVE-2025-55198", | |
| "GHSA-f9f8-9pmf-xv68" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/helm.sh%2Fhelm%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3892", | |
| "name": "GO-2025-3892", | |
| "description": "HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter", | |
| "aliases": [ | |
| "CVE-2025-8959", | |
| "GHSA-wjrx-6529-hcj3" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fhashicorp%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "not_affected", | |
| "justification": "vulnerable_code_not_in_execute_path", | |
| "impact_statement": "Govulncheck determined that the vulnerable code isn't called" | |
| }, | |
| { | |
| "vulnerability": { | |
| "@id": "https://pkg.go.dev/vuln/GO-2025-3922", | |
| "name": "GO-2025-3922", | |
| "description": "Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz", | |
| "aliases": [ | |
| "CVE-2025-58058", | |
| "GHSA-jc7w-c686-c4v9" | |
| ] | |
| }, | |
| "products": [ | |
| { | |
| "@id": "Unknown Product", | |
| "subcomponents": [ | |
| { | |
| "@id": "pkg:golang/github.com%2Fulikunitz%[email protected]" | |
| } | |
| ] | |
| } | |
| ], | |
| "status": "affected" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment