data/excluded,data/reports: add 10 reports

  - data/excluded/GO-2024-2890.yaml
  - data/excluded/GO-2024-2892.yaml
  - data/excluded/GO-2024-2893.yaml
  - data/excluded/GO-2024-2894.yaml
  - data/excluded/GO-2024-2895.yaml
  - data/excluded/GO-2024-2896.yaml
  - data/excluded/GO-2024-2897.yaml
  - data/reports/GO-2024-2922.yaml
  - data/reports/GO-2024-2923.yaml
  - data/excluded/GO-2024-2925.yaml

Fixes #2890
Fixes #2892
Fixes #2893
Fixes #2894
Fixes #2895
Fixes #2896
Fixes #2897
Fixes #2922
Fixes #2923
Fixes #2925

Change-Id: Ice699e7a8ddc84e18684a19a15e7ada897f3596f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592765
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Damien Neil <[email protected]>

Author: tatianab

data/excluded/GO-2024-2890.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2890
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-23326

data/excluded/GO-2024-2892.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2892
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-32974

data/excluded/GO-2024-2893.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2893
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-32975

data/excluded/GO-2024-2894.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2894
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-32976

data/excluded/GO-2024-2895.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2895
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-34362

data/excluded/GO-2024-2896.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2896
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-34363

data/excluded/GO-2024-2897.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2897
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/envoyproxy/envoy
+cves:
+    - CVE-2024-34364

data/excluded/GO-2024-2925.yaml

@@ -0,0 +1,6 @@
+id: GO-2024-2925
+excluded: NOT_GO_CODE
+modules:
+    - module: github.com/apache/airflow
+cves:
+    - CVE-2024-25142

data/osv/GO-2024-2922.json

@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2922",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-37307",
+    "GHSA-wh78-7948-358j"
+  ],
+  "summary": "Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium",
+  "details": "Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/cilium/cilium",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "1.13.0"
+            },
+            {
+              "fixed": "1.13.17"
+            },
+            {
+              "introduced": "1.14.0"
+            },
+            {
+              "fixed": "1.14.12"
+            },
+            {
+              "introduced": "1.15.0"
+            },
+            {
+              "fixed": "1.15.6"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37307"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2922",
+    "review_status": "UNREVIEWED"
+  }
+}

data/osv/GO-2024-2923.json

@@ -0,0 +1,47 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2923",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-85rg-8m6h-825p"
+  ],
+  "summary": "Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt",
+  "details": "Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/k8sgpt-ai/k8sgpt",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.3.33"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2923",
+    "review_status": "UNREVIEWED"
+  }
+}

data/reports/GO-2024-2922.yaml

@@ -0,0 +1,29 @@
+id: GO-2024-2922
+modules:
+    - module: github.com/cilium/cilium
+      versions:
+        - introduced: 1.13.0
+          fixed: 1.13.17
+        - introduced: 1.14.0
+          fixed: 1.14.12
+        - introduced: 1.15.0
+          fixed: 1.15.6
+      vulnerable_at: 1.15.5
+summary: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium
+cves:
+    - CVE-2024-37307
+ghsas:
+    - GHSA-wh78-7948-358j
+references:
+    - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j
+    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37307
+    - fix: https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407
+    - fix: https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a
+    - fix: https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741
+    - fix: https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653
+    - fix: https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b
+    - fix: https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61
+source:
+    id: GHSA-wh78-7948-358j
+    created: 2024-06-14T13:47:58.347002-04:00
+review_status: UNREVIEWED

data/reports/GO-2024-2923.yaml

@@ -0,0 +1,16 @@
+id: GO-2024-2923
+modules:
+    - module: github.com/k8sgpt-ai/k8sgpt
+      versions:
+        - fixed: 0.3.33
+      vulnerable_at: 0.3.32
+summary: Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt
+ghsas:
+    - GHSA-85rg-8m6h-825p
+references:
+    - advisory: https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p
+    - web: https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33
+source:
+    id: GHSA-85rg-8m6h-825p
+    created: 2024-06-14T13:47:55.972779-04:00
+review_status: UNREVIEWED