Skip to content

Commit d05c8fe

Browse files
thatnealpatelgopherbot
thatnealpatel
authored and
gopherbot
committed
data/reports: add 28 reports
 - data/reports/GO-2025-3520.yaml - data/reports/GO-2025-3521.yaml - data/reports/GO-2025-3522.yaml - data/reports/GO-2025-3534.yaml - data/reports/GO-2025-3536.yaml - data/reports/GO-2025-3537.yaml - data/reports/GO-2025-3538.yaml - data/reports/GO-2025-3539.yaml - data/reports/GO-2025-3542.yaml - data/reports/GO-2025-3543.yaml - data/reports/GO-2025-3545.yaml - data/reports/GO-2025-3546.yaml - data/reports/GO-2025-3547.yaml - data/reports/GO-2025-3549.yaml - data/reports/GO-2025-3550.yaml - data/reports/GO-2025-3551.yaml - data/reports/GO-2025-3552.yaml - data/reports/GO-2025-3554.yaml - data/reports/GO-2025-3555.yaml - data/reports/GO-2025-3556.yaml - data/reports/GO-2025-3560.yaml - data/reports/GO-2025-3561.yaml - data/reports/GO-2025-3562.yaml - data/reports/GO-2025-3564.yaml - data/reports/GO-2025-3565.yaml - data/reports/GO-2025-3566.yaml - data/reports/GO-2025-3567.yaml - data/reports/GO-2025-3568.yaml Fixes #3520 Fixes #3521 Fixes #3522 Fixes #3534 Fixes #3536 Fixes #3537 Fixes #3538 Fixes #3539 Fixes #3542 Fixes #3543 Fixes #3545 Fixes #3546 Fixes #3547 Fixes #3549 Fixes #3550 Fixes #3551 Fixes #3552 Fixes #3554 Fixes #3555 Fixes #3556 Fixes #3560 Fixes #3561 Fixes #3562 Fixes #3564 Fixes #3565 Fixes #3566 Fixes #3567 Fixes #3568 Change-Id: Iab8628f215b03aada5b45f0bedffe1cd07f8e90f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/660559 Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Neal Patel <[email protected]>
1 parent 5153d9b commit d05c8fe

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

56 files changed

+2980
-0
lines changed

data/osv/GO-2025-3520.json

+70
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3520",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"GHSA-h2rp-8vpx-q9r4"
8+
],
9+
"summary": "cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) in github.com/cheqd/cheqd-node",
10+
"details": "cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) in github.com/cheqd/cheqd-node.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/cheqd/cheqd-node before v3.1.8.",
11+
"affected": [
12+
{
13+
"package": {
14+
"name": "github.com/cheqd/cheqd-node",
15+
"ecosystem": "Go"
16+
},
17+
"ranges": [
18+
{
19+
"type": "SEMVER",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
}
24+
]
25+
}
26+
],
27+
"ecosystem_specific": {
28+
"custom_ranges": [
29+
{
30+
"type": "ECOSYSTEM",
31+
"events": [
32+
{
33+
"introduced": "0"
34+
},
35+
{
36+
"fixed": "3.1.8"
37+
}
38+
]
39+
}
40+
]
41+
}
42+
}
43+
],
44+
"references": [
45+
{
46+
"type": "ADVISORY",
47+
"url": "https://github.com/cheqd/cheqd-node/security/advisories/GHSA-h2rp-8vpx-q9r4"
48+
},
49+
{
50+
"type": "FIX",
51+
"url": "https://github.com/cheqd/cheqd-node/commit/5a58b08dfb8dfc24631fb85b641cb75e9178d07f"
52+
},
53+
{
54+
"type": "WEB",
55+
"url": "https://github.com/cheqd/cheqd-node/releases/tag/v3.1.8"
56+
},
57+
{
58+
"type": "WEB",
59+
"url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-47ww-ff84-4jrg"
60+
},
61+
{
62+
"type": "WEB",
63+
"url": "https://github.com/cosmos/ibc-go/security/advisories/GHSA-4wf3-5qj9-368v"
64+
}
65+
],
66+
"database_specific": {
67+
"url": "https://pkg.go.dev/vuln/GO-2025-3520",
68+
"review_status": "UNREVIEWED"
69+
}
70+
}

data/osv/GO-2025-3521.json

+57
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3521",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-1767",
8+
"GHSA-3wgm-2gw2-vh5m"
9+
],
10+
"summary": "Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes",
11+
"details": "Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "k8s.io/kubernetes",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-3wgm-2gw2-vh5m"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1767"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/9"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://github.com/kubernetes/kubernetes/pull/130786"
47+
},
48+
{
49+
"type": "WEB",
50+
"url": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s"
51+
}
52+
],
53+
"database_specific": {
54+
"url": "https://pkg.go.dev/vuln/GO-2025-3521",
55+
"review_status": "UNREVIEWED"
56+
}
57+
}

data/osv/GO-2025-3522.json

+94
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3522",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-9042",
8+
"GHSA-vv39-3w5q-974q"
9+
],
10+
"summary": "Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes",
11+
"details": "Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "k8s.io/kubernetes",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "1.29.13"
27+
},
28+
{
29+
"introduced": "1.30.0-alpha.0"
30+
},
31+
{
32+
"fixed": "1.30.9"
33+
},
34+
{
35+
"introduced": "1.31.0-alpha.0"
36+
},
37+
{
38+
"fixed": "1.31.5"
39+
},
40+
{
41+
"introduced": "1.32.0-alpha.0"
42+
},
43+
{
44+
"fixed": "1.32.1"
45+
}
46+
]
47+
}
48+
],
49+
"ecosystem_specific": {}
50+
}
51+
],
52+
"references": [
53+
{
54+
"type": "ADVISORY",
55+
"url": "https://github.com/advisories/GHSA-vv39-3w5q-974q"
56+
},
57+
{
58+
"type": "ADVISORY",
59+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9042"
60+
},
61+
{
62+
"type": "WEB",
63+
"url": "http://www.openwall.com/lists/oss-security/2025/01/16/1"
64+
},
65+
{
66+
"type": "WEB",
67+
"url": "https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c"
68+
},
69+
{
70+
"type": "WEB",
71+
"url": "https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347"
72+
},
73+
{
74+
"type": "WEB",
75+
"url": "https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55"
76+
},
77+
{
78+
"type": "WEB",
79+
"url": "https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc"
80+
},
81+
{
82+
"type": "WEB",
83+
"url": "https://github.com/kubernetes/kubernetes/issues/129654"
84+
},
85+
{
86+
"type": "WEB",
87+
"url": "https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg"
88+
}
89+
],
90+
"database_specific": {
91+
"url": "https://pkg.go.dev/vuln/GO-2025-3522",
92+
"review_status": "UNREVIEWED"
93+
}
94+
}

data/osv/GO-2025-3534.json

+103
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3534",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-1472",
8+
"GHSA-fqrq-xmxj-v47x"
9+
],
10+
"summary": "Mattermost Fails to Properly Perform Viewer Role Authorization in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost Fails to Properly Perform Viewer Role Authorization in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "9.11.0+incompatible"
24+
},
25+
{
26+
"fixed": "9.11.9+incompatible"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
},
33+
{
34+
"package": {
35+
"name": "github.com/mattermost/mattermost-server/v5",
36+
"ecosystem": "Go"
37+
},
38+
"ranges": [
39+
{
40+
"type": "SEMVER",
41+
"events": [
42+
{
43+
"introduced": "0"
44+
}
45+
]
46+
}
47+
],
48+
"ecosystem_specific": {}
49+
},
50+
{
51+
"package": {
52+
"name": "github.com/mattermost/mattermost-server/v6",
53+
"ecosystem": "Go"
54+
},
55+
"ranges": [
56+
{
57+
"type": "SEMVER",
58+
"events": [
59+
{
60+
"introduced": "0"
61+
}
62+
]
63+
}
64+
],
65+
"ecosystem_specific": {}
66+
},
67+
{
68+
"package": {
69+
"name": "github.com/mattermost/mattermost/server/v8",
70+
"ecosystem": "Go"
71+
},
72+
"ranges": [
73+
{
74+
"type": "SEMVER",
75+
"events": [
76+
{
77+
"introduced": "0"
78+
}
79+
]
80+
}
81+
],
82+
"ecosystem_specific": {}
83+
}
84+
],
85+
"references": [
86+
{
87+
"type": "ADVISORY",
88+
"url": "https://github.com/advisories/GHSA-fqrq-xmxj-v47x"
89+
},
90+
{
91+
"type": "ADVISORY",
92+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1472"
93+
},
94+
{
95+
"type": "WEB",
96+
"url": "https://mattermost.com/security-updates"
97+
}
98+
],
99+
"database_specific": {
100+
"url": "https://pkg.go.dev/vuln/GO-2025-3534",
101+
"review_status": "UNREVIEWED"
102+
}
103+
}

data/osv/GO-2025-3536.json

+53
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3536",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-25132",
8+
"GHSA-c392-wrgw-jjfw"
9+
],
10+
"summary": "OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive",
11+
"details": "OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/openshift/hive",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-c392-wrgw-jjfw"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25132"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://access.redhat.com/security/cve/CVE-2024-25132"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260371"
47+
}
48+
],
49+
"database_specific": {
50+
"url": "https://pkg.go.dev/vuln/GO-2025-3536",
51+
"review_status": "UNREVIEWED"
52+
}
53+
}

0 commit comments

Comments
 (0)