From 8077c137d3cdba19b30950415aaa246aadf33c09 Mon Sep 17 00:00:00 2001 From: osv-robot Date: Sun, 28 Jun 2026 21:18:25 +0000 Subject: [PATCH] test: update cassettes --- .../image/__snapshots__/command_test.snap | 230 +++++----- .../cassettes/TestCommand_OCIImage.yaml | 404 +++++++++++------- .../TestCommand_OCIImage_JSONFormat.yaml | 262 ++++++------ .../source/__snapshots__/command_test.snap | 72 ++-- .../testdata/cassettes/TestCommand.yaml | 58 ++- .../cassettes/TestCommand_CallAnalysis.yaml | 18 +- .../cassettes/TestCommand_CommitSupport.yaml | 8 +- .../TestCommand_Config_UnusedIgnores.yaml | 36 +- .../cassettes/TestCommand_GithubActions.yaml | 2 +- .../TestCommand_JavareachArchive.yaml | 24 +- .../cassettes/TestCommand_MoreLockfiles.yaml | 36 +- .../cassettes/TestCommand_Transitive.yaml | 6 +- 12 files changed, 678 insertions(+), 478 deletions(-) diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap index eb3ed1bfeb6..a694afbb3ac 100755 --- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap @@ -448,8 +448,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 26 packages affected by 83 known vulnerabilities (10 Critical, 21 High, 36 Medium, 5 Low, 11 Unknown) from 1 ecosystem. -33 vulnerabilities can be fixed. +Total 25 packages affected by 84 known vulnerabilities (10 Critical, 22 High, 35 Medium, 6 Low, 11 Unknown) from 1 ecosystem. +36 vulnerabilities can be fixed. Ubuntu:22.04 @@ -463,7 +463,7 @@ Ubuntu:22.04 | dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | | glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 8 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | | gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 4 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Partial fixes Available | 5 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | @@ -472,18 +472,17 @@ Ubuntu:22.04 | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | | ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 7 | libssl3 | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 8 | libssl3 | # 4 Layer | ubuntu | | pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 12 | perl-base | # 4 Layer | ubuntu | | sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu | | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | | systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 4 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | Partial fixes Available | 2 | tar | # 4 Layer | ubuntu | | util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 5 | bsdutils | # 4 Layer | ubuntu | | util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 6 | libblkid1... (6) | # 4 Layer | ubuntu | | xz-utils | 5.2.5-2ubuntu1 | Fix Available | 1 | liblzma5 | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. @@ -501,8 +500,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 26 packages affected by 83 known vulnerabilities (10 Critical, 21 High, 36 Medium, 5 Low, 11 Unknown) from 1 ecosystem. -33 vulnerabilities can be fixed. +Total 25 packages affected by 84 known vulnerabilities (10 Critical, 22 High, 35 Medium, 6 Low, 11 Unknown) from 1 ecosystem. +36 vulnerabilities can be fixed. Ubuntu:22.04 @@ -516,7 +515,7 @@ Ubuntu:22.04 | dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | | glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 8 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | | gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 4 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Partial fixes Available | 5 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | @@ -525,18 +524,17 @@ Ubuntu:22.04 | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | | ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 7 | libssl3 | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 8 | libssl3 | # 4 Layer | ubuntu | | pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 12 | perl-base | # 4 Layer | ubuntu | | sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu | | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | | systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 4 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | Partial fixes Available | 2 | tar | # 4 Layer | ubuntu | | util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 5 | bsdutils | # 4 Layer | ubuntu | | util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 6 | libblkid1... (6) | # 4 Layer | ubuntu | | xz-utils | 5.2.5-2ubuntu1 | Fix Available | 1 | liblzma5 | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ Filtered Vulnerabilities: @@ -573,8 +571,8 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar" Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image): -Total 26 packages affected by 83 known vulnerabilities (10 Critical, 21 High, 36 Medium, 5 Low, 11 Unknown) from 1 ecosystem. -33 vulnerabilities can be fixed. +Total 25 packages affected by 84 known vulnerabilities (10 Critical, 22 High, 35 Medium, 6 Low, 11 Unknown) from 1 ecosystem. +36 vulnerabilities can be fixed. Ubuntu:22.04 @@ -588,7 +586,7 @@ Ubuntu:22.04 | dpkg | 1.21.1ubuntu2.3 | Fix Available | 1 | dpkg | # 4 Layer | ubuntu | | gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu | | glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 8 | libc-bin, libc6 | # 4 Layer | ubuntu | -| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 4 | gpgv | # 4 Layer | ubuntu | +| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu | | gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 4 | libgnutls30 | # 4 Layer | ubuntu | | krb5 | 1.19.2-2ubuntu0.4 | Partial fixes Available | 5 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu | | libcap2 | 1:2.44-1ubuntu0.22.04.1 | Fix Available | 2 | libcap2 | # 4 Layer | ubuntu | @@ -597,18 +595,17 @@ Ubuntu:22.04 | libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu | | lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu | | ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu | -| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 7 | libssl3 | # 4 Layer | ubuntu | +| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 8 | libssl3 | # 4 Layer | ubuntu | | pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu | | pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu | | perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 12 | perl-base | # 4 Layer | ubuntu | | sed | 4.8-1ubuntu2 | Fix Available | 1 | sed | # 4 Layer | ubuntu | | shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu | | systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 4 | libsystemd0... (2) | # 4 Layer | ubuntu | -| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 2 | tar | # 4 Layer | ubuntu | +| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | Partial fixes Available | 2 | tar | # 4 Layer | ubuntu | | util-linux | 1:2.37.2-4ubuntu3.4 | No fix available | 5 | bsdutils | # 4 Layer | ubuntu | | util-linux | 2.37.2-4ubuntu3.4 | Partial fixes Available | 6 | libblkid1... (6) | # 4 Layer | ubuntu | | xz-utils | 5.2.5-2ubuntu1 | Fix Available | 1 | liblzma5 | # 4 Layer | ubuntu | -| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu | +----------------+------------------------------+-------------------------+------------+-------------------------+------------------+---------------+ Hiding 5 number of vulnerabilities deemed unimportant, use --all-vulns to show them. @@ -626,42 +623,44 @@ Scanning local image tarball "./testdata/test-java-full.tar" Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image): -Total 35 packages affected by 136 known vulnerabilities (6 Critical, 66 High, 56 Medium, 7 Low, 1 Unknown) from 2 ecosystems. -136 vulnerabilities can be fixed. +Total 38 packages affected by 146 known vulnerabilities (5 Critical, 73 High, 59 Medium, 8 Low, 1 Unknown) from 2 ecosystems. +146 vulnerabilities can be fixed. Maven -+-------------------------------------------------------------------------------------------------------------------------------+ -| Source:artifact:/app/target.jar | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ -| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 3 | # 12 Layer | -- | -| com.google.protobuf:protobuf-java | 3.21.12 | Fix Available | 1 | # 12 Layer | -- | -| com.nimbusds:nimbus-jose-jwt | 9.31 | Fix Available | 2 | # 12 Layer | -- | -| commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | -| dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | -| io.netty:netty-codec-dns | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-haproxy | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | -| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 11 | # 12 Layer | -- | -| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 6 | # 12 Layer | -- | -| io.netty:netty-codec-mqtt | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-codec-redis | 4.1.100.Final | Fix Available | 5 | # 12 Layer | -- | -| io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | -| io.netty:netty-handler | 4.1.100.Final | Fix Available | 4 | # 12 Layer | -- | -| io.netty:netty-handler-proxy | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-resolver-dns | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- | -| io.netty:netty-transport-native-epoll | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-transport-native-kqueue | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| io.netty:netty-transport-sctp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | -| org.apache.avro:avro | 1.9.2 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | -| org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 3 | # 12 Layer | -- | -| org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | -| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 3 | # 12 Layer | -- | -+-------------------------------------------+-------------------+---------------+------------+------------------+---------------+ ++---------------------------------------------------------------------------------------------------------------------------------+ +| Source:artifact:/app/target.jar | ++---------------------------------------------+-------------------+---------------+------------+------------------+---------------+ +| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | ++---------------------------------------------+-------------------+---------------+------------+------------------+---------------+ +| com.fasterxml.jackson.core:jackson-core | 2.10.2 | Fix Available | 3 | # 12 Layer | -- | +| com.fasterxml.jackson.core:jackson-databind | 2.12.7.1 | Fix Available | 5 | # 12 Layer | -- | +| com.google.protobuf:protobuf-java | 3.21.12 | Fix Available | 1 | # 12 Layer | -- | +| com.nimbusds:nimbus-jose-jwt | 9.31 | Fix Available | 2 | # 12 Layer | -- | +| commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- | +| dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | +| io.netty:netty-codec-dns | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec-haproxy | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | +| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 11 | # 12 Layer | -- | +| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 6 | # 12 Layer | -- | +| io.netty:netty-codec-mqtt | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-codec-redis | 4.1.100.Final | Fix Available | 5 | # 12 Layer | -- | +| io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- | +| io.netty:netty-handler | 4.1.100.Final | Fix Available | 4 | # 12 Layer | -- | +| io.netty:netty-handler-proxy | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-resolver-dns | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- | +| io.netty:netty-transport-native-epoll | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-transport-native-kqueue | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| io.netty:netty-transport-sctp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- | +| org.apache.avro:avro | 1.9.2 | Fix Available | 2 | # 12 Layer | -- | +| org.apache.commons:commons-compress | 1.21 | Fix Available | 2 | # 12 Layer | -- | +| org.apache.commons:commons-configuration2 | 2.8.0 | Fix Available | 3 | # 12 Layer | -- | +| org.apache.commons:commons-lang3 | 3.12.0 | Fix Available | 1 | # 12 Layer | -- | +| org.eclipse.jetty:jetty-http | 9.4.53.v20231009 | Fix Available | 3 | # 12 Layer | -- | +| org.jline:jline-remote-telnet | 3.9.0 | Fix Available | 2 | # 12 Layer | -- | ++---------------------------------------------+-------------------+---------------+------------+------------------+---------------+ Alpine:v3.21 +-----------------------------------------------------------------------------------------------------------------------------------+ | Source:os:/lib/apk/db/installed | @@ -669,13 +668,14 @@ Alpine:v3.21 | SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE | +----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ | busybox | 1.37.0-r9 | Fix Available | 2 | busybox... (3) | # 0 Layer | alpine | -| expat | 2.6.4-r0 | Fix Available | 7 | libexpat | # 5 Layer | eclipse-temurin | +| expat | 2.6.4-r0 | Fix Available | 9 | libexpat | # 5 Layer | eclipse-temurin | | gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin | | gnutls | 3.8.8-r0 | Fix Available | 21 | gnutls | # 5 Layer | eclipse-temurin | | libpng | 1.6.44-r0 | Fix Available | 11 | libpng | # 5 Layer | eclipse-temurin | | libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin | | musl | 1.2.5-r8 | Fix Available | 3 | musl, musl-utils | # 0 Layer | alpine | | openssl | 3.3.2-r4 | Fix Available | 21 | libcrypto3, libssl3... (3) | # 0 Layer | alpine | +| p11-kit | 0.25.5-r2 | Fix Available | 1 | p11-kit... (2) | # 5 Layer | eclipse-temurin | | sqlite | 3.47.1-r0 | Fix Available | 4 | sqlite-libs | # 5 Layer | eclipse-temurin | | zlib | 1.3.1-r2 | Fix Available | 2 | zlib | # 0 Layer | alpine | +----------------+-------------------+---------------+------------+----------------------------+------------------+-----------------+ @@ -1061,52 +1061,52 @@ Scanning local image tarball "./testdata/test-chisel.tar" Container Scanning Result (Ubuntu 26.04 LTS): -Total 7 packages affected by 121 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 120 Unknown) from 2 ecosystems. -120 vulnerabilities can be fixed. +Total 7 packages affected by 139 known vulnerabilities (0 Critical, 0 High, 1 Medium, 0 Low, 138 Unknown) from 2 ecosystems. +138 vulnerabilities can be fixed. Go +---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/lib/go-1.25/bin/go | +| Source:artifact:/usr/lib/go-1.26/bin/go | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- | +| stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/lib/go-1.25/bin/gofmt | +| Source:artifact:/usr/lib/go-1.26/bin/gofmt | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- | +| stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/lib/go-1.25/pkg/tool/linux_amd64/asm | +| Source:artifact:/usr/lib/go-1.26/pkg/tool/linux_amd64/asm | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- | +| stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/lib/go-1.25/pkg/tool/linux_amd64/compile | +| Source:artifact:/usr/lib/go-1.26/pkg/tool/linux_amd64/compile | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- | +| stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/lib/go-1.25/pkg/tool/linux_amd64/link | +| Source:artifact:/usr/lib/go-1.26/pkg/tool/linux_amd64/link | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- | +| stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ +---------------------------------------------------------------------------------------------+ -| Source:artifact:/usr/lib/go-1.25/pkg/tool/linux_amd64/vet | +| Source:artifact:/usr/lib/go-1.26/pkg/tool/linux_amd64/vet | +---------+-------------------+---------------+------------+------------------+---------------+ | PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE | +---------+-------------------+---------------+------------+------------------+---------------+ -| stdlib | 1.25.7 | Fix Available | 20 | # 0 Layer | -- | +| stdlib | 1.26.0 | Fix Available | 23 | # 0 Layer | -- | +---------+-------------------+---------------+------------+------------------+---------------+ Ubuntu:26.04 +-------------------------------------------------------------------------------------------------------------------------------------------+ @@ -3041,26 +3041,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" "results": [ { "source": { - "path": "/usr/lib/go-1.25/bin/go", + "path": "/usr/lib/go-1.26/bin/go", "type": "artifact" }, "packages": [ { "package": { "name": "stdlib", - "version": "1.25.7", + "version": "1.26.0", "ecosystem": "Go", "image_origin_details": { "index": 0 } }, - "groups": 20, + "groups": 23, "vulnerabilities": [ + "GO-2026-4599", + "GO-2026-4600", "GO-2026-4601", "GO-2026-4602", "GO-2026-4603", "GO-2026-4864", "GO-2026-4865", + "GO-2026-4866", "GO-2026-4869", "GO-2026-4870", "GO-2026-4918", @@ -3082,26 +3085,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" }, { "source": { - "path": "/usr/lib/go-1.25/bin/gofmt", + "path": "/usr/lib/go-1.26/bin/gofmt", "type": "artifact" }, "packages": [ { "package": { "name": "stdlib", - "version": "1.25.7", + "version": "1.26.0", "ecosystem": "Go", "image_origin_details": { "index": 0 } }, - "groups": 20, + "groups": 23, "vulnerabilities": [ + "GO-2026-4599", + "GO-2026-4600", "GO-2026-4601", "GO-2026-4602", "GO-2026-4603", "GO-2026-4864", "GO-2026-4865", + "GO-2026-4866", "GO-2026-4869", "GO-2026-4870", "GO-2026-4918", @@ -3123,26 +3129,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" }, { "source": { - "path": "/usr/lib/go-1.25/pkg/tool/linux_amd64/asm", + "path": "/usr/lib/go-1.26/pkg/tool/linux_amd64/asm", "type": "artifact" }, "packages": [ { "package": { "name": "stdlib", - "version": "1.25.7", + "version": "1.26.0", "ecosystem": "Go", "image_origin_details": { "index": 0 } }, - "groups": 20, + "groups": 23, "vulnerabilities": [ + "GO-2026-4599", + "GO-2026-4600", "GO-2026-4601", "GO-2026-4602", "GO-2026-4603", "GO-2026-4864", "GO-2026-4865", + "GO-2026-4866", "GO-2026-4869", "GO-2026-4870", "GO-2026-4918", @@ -3164,26 +3173,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" }, { "source": { - "path": "/usr/lib/go-1.25/pkg/tool/linux_amd64/compile", + "path": "/usr/lib/go-1.26/pkg/tool/linux_amd64/compile", "type": "artifact" }, "packages": [ { "package": { "name": "stdlib", - "version": "1.25.7", + "version": "1.26.0", "ecosystem": "Go", "image_origin_details": { "index": 0 } }, - "groups": 20, + "groups": 23, "vulnerabilities": [ + "GO-2026-4599", + "GO-2026-4600", "GO-2026-4601", "GO-2026-4602", "GO-2026-4603", "GO-2026-4864", "GO-2026-4865", + "GO-2026-4866", "GO-2026-4869", "GO-2026-4870", "GO-2026-4918", @@ -3205,26 +3217,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" }, { "source": { - "path": "/usr/lib/go-1.25/pkg/tool/linux_amd64/link", + "path": "/usr/lib/go-1.26/pkg/tool/linux_amd64/link", "type": "artifact" }, "packages": [ { "package": { "name": "stdlib", - "version": "1.25.7", + "version": "1.26.0", "ecosystem": "Go", "image_origin_details": { "index": 0 } }, - "groups": 20, + "groups": 23, "vulnerabilities": [ + "GO-2026-4599", + "GO-2026-4600", "GO-2026-4601", "GO-2026-4602", "GO-2026-4603", "GO-2026-4864", "GO-2026-4865", + "GO-2026-4866", "GO-2026-4869", "GO-2026-4870", "GO-2026-4918", @@ -3246,26 +3261,29 @@ Scanning local image tarball "./testdata/test-alpine-etcshadow.tar" }, { "source": { - "path": "/usr/lib/go-1.25/pkg/tool/linux_amd64/vet", + "path": "/usr/lib/go-1.26/pkg/tool/linux_amd64/vet", "type": "artifact" }, "packages": [ { "package": { "name": "stdlib", - "version": "1.25.7", + "version": "1.26.0", "ecosystem": "Go", "image_origin_details": { "index": 0 } }, - "groups": 20, + "groups": 23, "vulnerabilities": [ + "GO-2026-4599", + "GO-2026-4600", "GO-2026-4601", "GO-2026-4602", "GO-2026-4603", "GO-2026-4864", "GO-2026-4865", + "GO-2026-4866", "GO-2026-4869", "GO-2026-4870", "GO-2026-4918", @@ -3720,13 +3738,14 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 4, + "groups": 5, "vulnerabilities": [ "USN-7412-1", "USN-7946-1", "UBUNTU-CVE-2022-3219", "UBUNTU-CVE-2025-30258", "UBUNTU-CVE-2025-68973", + "UBUNTU-CVE-2026-57062", "USN-7412-2" ] }, @@ -4235,7 +4254,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "index": 4 } }, - "groups": 7, + "groups": 8, "vulnerabilities": [ "USN-8414-1", "USN-7980-1", @@ -4253,6 +4272,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2025-69420", "UBUNTU-CVE-2025-69421", "UBUNTU-CVE-2025-9230", + "UBUNTU-CVE-2026-11999", "UBUNTU-CVE-2026-22795", "UBUNTU-CVE-2026-22796", "UBUNTU-CVE-2026-28387", @@ -4550,6 +4570,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" }, "groups": 2, "vulnerabilities": [ + "USN-8477-1", "UBUNTU-CVE-2025-45582", "UBUNTU-CVE-2026-5704" ] @@ -4573,21 +4594,6 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar" "UBUNTU-CVE-2026-53615", "USN-8091-1" ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib1g", - "version": "1:1.2.11.dfsg-2ubuntu9.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2026-27171" - ] } ] } @@ -4877,13 +4883,14 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 4, + "groups": 5, "vulnerabilities": [ "USN-7412-1", "USN-7946-1", "UBUNTU-CVE-2022-3219", "UBUNTU-CVE-2025-30258", "UBUNTU-CVE-2025-68973", + "UBUNTU-CVE-2026-57062", "USN-7412-2" ] }, @@ -5392,7 +5399,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "index": 4 } }, - "groups": 7, + "groups": 8, "vulnerabilities": [ "USN-8414-1", "USN-7980-1", @@ -5410,6 +5417,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2025-69420", "UBUNTU-CVE-2025-69421", "UBUNTU-CVE-2025-9230", + "UBUNTU-CVE-2026-11999", "UBUNTU-CVE-2026-22795", "UBUNTU-CVE-2026-22796", "UBUNTU-CVE-2026-28387", @@ -5707,6 +5715,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" }, "groups": 2, "vulnerabilities": [ + "USN-8477-1", "UBUNTU-CVE-2025-45582", "UBUNTU-CVE-2026-5704" ] @@ -5730,21 +5739,6 @@ Scanning local image tarball "./testdata/test-ubuntu.tar" "UBUNTU-CVE-2026-53615", "USN-8091-1" ] - }, - { - "package": { - "name": "zlib", - "os_package_name": "zlib1g", - "version": "1:1.2.11.dfsg-2ubuntu9.2", - "ecosystem": "Ubuntu:22.04", - "image_origin_details": { - "index": 4 - } - }, - "groups": 1, - "vulnerabilities": [ - "UBUNTU-CVE-2026-27171" - ] } ] } diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml index 016665fa533..4916c2415b3 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml @@ -1661,7 +1661,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11969 + content_length: 12086 body: | { "results": [ @@ -1754,6 +1754,10 @@ interactions: "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" }, + { + "id": "UBUNTU-CVE-2026-57062", + "modified": "2026-06-25T19:19:16.469882Z" + }, { "id": "USN-7412-1", "modified": "2026-02-10T04:47:47Z" @@ -1764,7 +1768,7 @@ interactions: }, { "id": "USN-7946-1", - "modified": "2026-05-20T16:03:55.565581Z" + "modified": "2026-06-25T13:32:31.788231Z" } ] }, @@ -1859,7 +1863,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-29T19:15:06.810342Z" + "modified": "2026-06-24T11:00:25.318641Z" }, { "id": "USN-7259-1", @@ -1875,7 +1879,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-05-20T16:03:57.629529Z" + "modified": "2026-06-25T13:32:31.787765Z" } ] }, @@ -1884,11 +1888,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-04-22T15:31:21.010462Z" + "modified": "2026-06-23T22:00:07.953148Z" }, { "id": "UBUNTU-CVE-2026-4878", - "modified": "2026-04-29T11:29:22.138592Z" + "modified": "2026-06-24T02:29:23.557692Z" }, { "id": "USN-7287-1", @@ -1908,11 +1912,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-06-02T14:00:10.803243Z" + "modified": "2026-06-26T19:30:07.097771Z" }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-06-02T14:00:20.958338Z" + "modified": "2026-06-26T19:30:06.785492Z" }, { "id": "USN-8319-1", @@ -1989,7 +1993,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-06-17T11:01:28.854907Z" + "modified": "2026-06-24T11:01:39.860701Z" }, { "id": "UBUNTU-CVE-2026-42015", @@ -2058,7 +2062,7 @@ interactions: }, { "id": "USN-7257-1", - "modified": "2026-05-20T16:03:28.032877Z" + "modified": "2026-06-25T13:32:30.106589Z" }, { "id": "USN-7314-1", @@ -2066,7 +2070,7 @@ interactions: }, { "id": "USN-7542-1", - "modified": "2026-05-20T16:03:46.356475Z" + "modified": "2026-06-25T13:32:30.616782Z" } ] }, @@ -2123,7 +2127,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-54411", - "modified": "2026-06-17T11:02:56.948731Z" + "modified": "2026-06-24T09:03:12Z" }, { "id": "USN-7580-1", @@ -2168,7 +2172,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-06-18T04:30:07.553679Z" + "modified": "2026-06-22T09:30:07.721290Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -2198,6 +2202,10 @@ interactions: "id": "UBUNTU-CVE-2025-9230", "modified": "2026-05-20T16:24:04.817135Z" }, + { + "id": "UBUNTU-CVE-2026-11999", + "modified": "2026-06-26T12:27:59.525197Z" + }, { "id": "UBUNTU-CVE-2026-22795", "modified": "2026-05-20T16:24:13.263285Z" @@ -2276,11 +2284,11 @@ interactions: }, { "id": "USN-7786-1", - "modified": "2026-05-20T16:03:48.800001Z" + "modified": "2026-06-25T13:32:31.234820Z" }, { "id": "USN-7980-1", - "modified": "2026-06-18T04:30:17.825715Z" + "modified": "2026-06-22T09:30:53.470047Z" }, { "id": "USN-8155-1", @@ -2385,11 +2393,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2026-05-20T16:13:34.139215Z" + "modified": "2026-06-24T15:30:22.242365Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2026-04-22T14:15:27.303492Z" + "modified": "2026-06-24T15:30:22.223640Z" }, { "id": "UBUNTU-CVE-2024-56406", @@ -2397,43 +2405,43 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15649", - "modified": "2026-06-01T07:15:36.150813Z" + "modified": "2026-06-24T15:30:22.189337Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-04-22T16:02:28.067448Z" + "modified": "2026-06-24T15:30:22.288512Z" }, { "id": "UBUNTU-CVE-2026-12087", - "modified": "2026-06-17T06:31:05.062220Z" + "modified": "2026-06-24T15:30:23.739218Z" }, { "id": "UBUNTU-CVE-2026-42496", - "modified": "2026-05-29T18:00:44.834841Z" + "modified": "2026-06-24T19:45:37.156847Z" }, { "id": "UBUNTU-CVE-2026-42497", - "modified": "2026-05-29T18:00:44.772881Z" + "modified": "2026-06-24T15:30:24.246186Z" }, { "id": "UBUNTU-CVE-2026-48959", - "modified": "2026-06-01T07:15:44.250395Z" + "modified": "2026-06-24T15:30:26.294978Z" }, { "id": "UBUNTU-CVE-2026-48961", - "modified": "2026-06-01T07:15:44.261753Z" + "modified": "2026-06-24T15:30:27.006080Z" }, { "id": "UBUNTU-CVE-2026-48962", - "modified": "2026-05-29T18:01:00.200422Z" + "modified": "2026-06-24T15:30:26.989040Z" }, { "id": "UBUNTU-CVE-2026-8376", - "modified": "2026-05-29T18:01:03.136712Z" + "modified": "2026-06-24T19:45:44.609183Z" }, { "id": "UBUNTU-CVE-2026-9538", - "modified": "2026-05-29T18:01:01.753968Z" + "modified": "2026-06-24T15:30:29.122606Z" }, { "id": "USN-7434-1", @@ -2463,29 +2471,26 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-45582", - "modified": "2026-05-20T16:23:29.580676Z" + "modified": "2026-06-25T23:45:12.526389Z" }, { "id": "UBUNTU-CVE-2026-5704", - "modified": "2026-05-20T16:26:24.372107Z" + "modified": "2026-06-26T14:47:36.043245Z" + }, + { + "id": "USN-8477-1", + "modified": "2026-06-26T14:59:24.298942Z" } ] }, {}, {}, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-06-16T13:30:42.791654Z" - } - ] - } + {} ] } headers: Content-Length: - - "11969" + - "12086" Content-Type: - application/json status: 200 OK @@ -3010,7 +3015,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11969 + content_length: 12086 body: | { "results": [ @@ -3103,6 +3108,10 @@ interactions: "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" }, + { + "id": "UBUNTU-CVE-2026-57062", + "modified": "2026-06-25T19:19:16.469882Z" + }, { "id": "USN-7412-1", "modified": "2026-02-10T04:47:47Z" @@ -3113,7 +3122,7 @@ interactions: }, { "id": "USN-7946-1", - "modified": "2026-05-20T16:03:55.565581Z" + "modified": "2026-06-25T13:32:31.788231Z" } ] }, @@ -3208,7 +3217,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-29T19:15:06.810342Z" + "modified": "2026-06-24T11:00:25.318641Z" }, { "id": "USN-7259-1", @@ -3224,7 +3233,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-05-20T16:03:57.629529Z" + "modified": "2026-06-25T13:32:31.787765Z" } ] }, @@ -3233,11 +3242,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-04-22T15:31:21.010462Z" + "modified": "2026-06-23T22:00:07.953148Z" }, { "id": "UBUNTU-CVE-2026-4878", - "modified": "2026-04-29T11:29:22.138592Z" + "modified": "2026-06-24T02:29:23.557692Z" }, { "id": "USN-7287-1", @@ -3257,11 +3266,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-06-02T14:00:10.803243Z" + "modified": "2026-06-26T19:30:07.097771Z" }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-06-02T14:00:20.958338Z" + "modified": "2026-06-26T19:30:06.785492Z" }, { "id": "USN-8319-1", @@ -3338,7 +3347,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-06-17T11:01:28.854907Z" + "modified": "2026-06-24T11:01:39.860701Z" }, { "id": "UBUNTU-CVE-2026-42015", @@ -3407,7 +3416,7 @@ interactions: }, { "id": "USN-7257-1", - "modified": "2026-05-20T16:03:28.032877Z" + "modified": "2026-06-25T13:32:30.106589Z" }, { "id": "USN-7314-1", @@ -3415,7 +3424,7 @@ interactions: }, { "id": "USN-7542-1", - "modified": "2026-05-20T16:03:46.356475Z" + "modified": "2026-06-25T13:32:30.616782Z" } ] }, @@ -3472,7 +3481,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-54411", - "modified": "2026-06-17T11:02:56.948731Z" + "modified": "2026-06-24T09:03:12Z" }, { "id": "USN-7580-1", @@ -3517,7 +3526,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-06-18T04:30:07.553679Z" + "modified": "2026-06-22T09:30:07.721290Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -3547,6 +3556,10 @@ interactions: "id": "UBUNTU-CVE-2025-9230", "modified": "2026-05-20T16:24:04.817135Z" }, + { + "id": "UBUNTU-CVE-2026-11999", + "modified": "2026-06-26T12:27:59.525197Z" + }, { "id": "UBUNTU-CVE-2026-22795", "modified": "2026-05-20T16:24:13.263285Z" @@ -3625,11 +3638,11 @@ interactions: }, { "id": "USN-7786-1", - "modified": "2026-05-20T16:03:48.800001Z" + "modified": "2026-06-25T13:32:31.234820Z" }, { "id": "USN-7980-1", - "modified": "2026-06-18T04:30:17.825715Z" + "modified": "2026-06-22T09:30:53.470047Z" }, { "id": "USN-8155-1", @@ -3734,11 +3747,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2026-05-20T16:13:34.139215Z" + "modified": "2026-06-24T15:30:22.242365Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2026-04-22T14:15:27.303492Z" + "modified": "2026-06-24T15:30:22.223640Z" }, { "id": "UBUNTU-CVE-2024-56406", @@ -3746,43 +3759,43 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15649", - "modified": "2026-06-01T07:15:36.150813Z" + "modified": "2026-06-24T15:30:22.189337Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-04-22T16:02:28.067448Z" + "modified": "2026-06-24T15:30:22.288512Z" }, { "id": "UBUNTU-CVE-2026-12087", - "modified": "2026-06-17T06:31:05.062220Z" + "modified": "2026-06-24T15:30:23.739218Z" }, { "id": "UBUNTU-CVE-2026-42496", - "modified": "2026-05-29T18:00:44.834841Z" + "modified": "2026-06-24T19:45:37.156847Z" }, { "id": "UBUNTU-CVE-2026-42497", - "modified": "2026-05-29T18:00:44.772881Z" + "modified": "2026-06-24T15:30:24.246186Z" }, { "id": "UBUNTU-CVE-2026-48959", - "modified": "2026-06-01T07:15:44.250395Z" + "modified": "2026-06-24T15:30:26.294978Z" }, { "id": "UBUNTU-CVE-2026-48961", - "modified": "2026-06-01T07:15:44.261753Z" + "modified": "2026-06-24T15:30:27.006080Z" }, { "id": "UBUNTU-CVE-2026-48962", - "modified": "2026-05-29T18:01:00.200422Z" + "modified": "2026-06-24T15:30:26.989040Z" }, { "id": "UBUNTU-CVE-2026-8376", - "modified": "2026-05-29T18:01:03.136712Z" + "modified": "2026-06-24T19:45:44.609183Z" }, { "id": "UBUNTU-CVE-2026-9538", - "modified": "2026-05-29T18:01:01.753968Z" + "modified": "2026-06-24T15:30:29.122606Z" }, { "id": "USN-7434-1", @@ -3812,29 +3825,26 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-45582", - "modified": "2026-05-20T16:23:29.580676Z" + "modified": "2026-06-25T23:45:12.526389Z" }, { "id": "UBUNTU-CVE-2026-5704", - "modified": "2026-05-20T16:26:24.372107Z" + "modified": "2026-06-26T14:47:36.043245Z" + }, + { + "id": "USN-8477-1", + "modified": "2026-06-26T14:59:24.298942Z" } ] }, {}, {}, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-06-16T13:30:42.791654Z" - } - ] - } + {} ] } headers: Content-Length: - - "11969" + - "12086" Content-Type: - application/json status: 200 OK @@ -4373,7 +4383,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 18291 + content_length: 18408 body: | { "results": [ @@ -4749,7 +4759,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-06-04T10:29:16.617520Z" + "modified": "2026-06-26T12:29:46.364453Z" }, { "id": "GO-2025-4015", @@ -4757,7 +4767,7 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-06-12T10:29:15.211985Z" + "modified": "2026-06-26T12:29:45.675399Z" }, { "id": "GO-2025-4175", @@ -4765,7 +4775,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-06-12T10:29:15.605437Z" + "modified": "2026-06-26T12:29:46.638671Z" }, { "id": "GO-2026-4340", @@ -4773,11 +4783,11 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-06-12T10:29:15.035295Z" + "modified": "2026-06-26T12:29:46.427297Z" }, { "id": "GO-2026-4342", - "modified": "2026-06-12T10:29:15.283039Z" + "modified": "2026-06-26T12:29:45.958091Z" }, { "id": "GO-2026-4403", @@ -4785,7 +4795,7 @@ interactions: }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -4797,7 +4807,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", @@ -4809,19 +4819,19 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -4829,7 +4839,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -4845,7 +4855,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -4861,7 +4871,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, @@ -4879,6 +4889,10 @@ interactions: "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" }, + { + "id": "UBUNTU-CVE-2026-57062", + "modified": "2026-06-25T19:19:16.469882Z" + }, { "id": "USN-7412-1", "modified": "2026-02-10T04:47:47Z" @@ -4889,7 +4903,7 @@ interactions: }, { "id": "USN-7946-1", - "modified": "2026-05-20T16:03:55.565581Z" + "modified": "2026-06-25T13:32:31.788231Z" } ] }, @@ -4984,7 +4998,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-29T19:15:06.810342Z" + "modified": "2026-06-24T11:00:25.318641Z" }, { "id": "USN-7259-1", @@ -5000,7 +5014,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-05-20T16:03:57.629529Z" + "modified": "2026-06-25T13:32:31.787765Z" } ] }, @@ -5009,11 +5023,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-04-22T15:31:21.010462Z" + "modified": "2026-06-23T22:00:07.953148Z" }, { "id": "UBUNTU-CVE-2026-4878", - "modified": "2026-04-29T11:29:22.138592Z" + "modified": "2026-06-24T02:29:23.557692Z" }, { "id": "USN-7287-1", @@ -5033,11 +5047,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-06-02T14:00:10.803243Z" + "modified": "2026-06-26T19:30:07.097771Z" }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-06-02T14:00:20.958338Z" + "modified": "2026-06-26T19:30:06.785492Z" }, { "id": "USN-8319-1", @@ -5114,7 +5128,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-06-17T11:01:28.854907Z" + "modified": "2026-06-24T11:01:39.860701Z" }, { "id": "UBUNTU-CVE-2026-42015", @@ -5183,7 +5197,7 @@ interactions: }, { "id": "USN-7257-1", - "modified": "2026-05-20T16:03:28.032877Z" + "modified": "2026-06-25T13:32:30.106589Z" }, { "id": "USN-7314-1", @@ -5191,7 +5205,7 @@ interactions: }, { "id": "USN-7542-1", - "modified": "2026-05-20T16:03:46.356475Z" + "modified": "2026-06-25T13:32:30.616782Z" } ] }, @@ -5248,7 +5262,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-54411", - "modified": "2026-06-17T11:02:56.948731Z" + "modified": "2026-06-24T09:03:12Z" }, { "id": "USN-7580-1", @@ -5293,7 +5307,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-06-18T04:30:07.553679Z" + "modified": "2026-06-22T09:30:07.721290Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -5323,6 +5337,10 @@ interactions: "id": "UBUNTU-CVE-2025-9230", "modified": "2026-05-20T16:24:04.817135Z" }, + { + "id": "UBUNTU-CVE-2026-11999", + "modified": "2026-06-26T12:27:59.525197Z" + }, { "id": "UBUNTU-CVE-2026-22795", "modified": "2026-05-20T16:24:13.263285Z" @@ -5401,11 +5419,11 @@ interactions: }, { "id": "USN-7786-1", - "modified": "2026-05-20T16:03:48.800001Z" + "modified": "2026-06-25T13:32:31.234820Z" }, { "id": "USN-7980-1", - "modified": "2026-06-18T04:30:17.825715Z" + "modified": "2026-06-22T09:30:53.470047Z" }, { "id": "USN-8155-1", @@ -5510,11 +5528,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2026-05-20T16:13:34.139215Z" + "modified": "2026-06-24T15:30:22.242365Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2026-04-22T14:15:27.303492Z" + "modified": "2026-06-24T15:30:22.223640Z" }, { "id": "UBUNTU-CVE-2024-56406", @@ -5522,43 +5540,43 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15649", - "modified": "2026-06-01T07:15:36.150813Z" + "modified": "2026-06-24T15:30:22.189337Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-04-22T16:02:28.067448Z" + "modified": "2026-06-24T15:30:22.288512Z" }, { "id": "UBUNTU-CVE-2026-12087", - "modified": "2026-06-17T06:31:05.062220Z" + "modified": "2026-06-24T15:30:23.739218Z" }, { "id": "UBUNTU-CVE-2026-42496", - "modified": "2026-05-29T18:00:44.834841Z" + "modified": "2026-06-24T19:45:37.156847Z" }, { "id": "UBUNTU-CVE-2026-42497", - "modified": "2026-05-29T18:00:44.772881Z" + "modified": "2026-06-24T15:30:24.246186Z" }, { "id": "UBUNTU-CVE-2026-48959", - "modified": "2026-06-01T07:15:44.250395Z" + "modified": "2026-06-24T15:30:26.294978Z" }, { "id": "UBUNTU-CVE-2026-48961", - "modified": "2026-06-01T07:15:44.261753Z" + "modified": "2026-06-24T15:30:27.006080Z" }, { "id": "UBUNTU-CVE-2026-48962", - "modified": "2026-05-29T18:01:00.200422Z" + "modified": "2026-06-24T15:30:26.989040Z" }, { "id": "UBUNTU-CVE-2026-8376", - "modified": "2026-05-29T18:01:03.136712Z" + "modified": "2026-06-24T19:45:44.609183Z" }, { "id": "UBUNTU-CVE-2026-9538", - "modified": "2026-05-29T18:01:01.753968Z" + "modified": "2026-06-24T15:30:29.122606Z" }, { "id": "USN-7434-1", @@ -5588,29 +5606,26 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-45582", - "modified": "2026-05-20T16:23:29.580676Z" + "modified": "2026-06-25T23:45:12.526389Z" }, { "id": "UBUNTU-CVE-2026-5704", - "modified": "2026-05-20T16:26:24.372107Z" + "modified": "2026-06-26T14:47:36.043245Z" + }, + { + "id": "USN-8477-1", + "modified": "2026-06-26T14:59:24.298942Z" } ] }, {}, {}, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-06-16T13:30:42.791654Z" - } - ] - } + {} ] } headers: Content-Length: - - "18291" + - "18408" Content-Type: - application/json status: 200 OK @@ -6905,7 +6920,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 10527 + content_length: 11259 body: | { "results": [ @@ -6946,7 +6961,30 @@ interactions: } ] }, - {}, + { + "vulns": [ + { + "id": "GHSA-3wrr-7qpf-2prh", + "modified": "2026-06-23T21:30:07.970334Z" + }, + { + "id": "GHSA-5jmj-h7xm-6q6v", + "modified": "2026-06-26T00:29:18.736248Z" + }, + { + "id": "GHSA-hgj6-7826-r7m5", + "modified": "2026-06-25T00:29:24.783131Z" + }, + { + "id": "GHSA-j3rv-43j4-c7qm", + "modified": "2026-06-25T00:29:23.656899Z" + }, + { + "id": "GHSA-rmj7-2vxq-3g9f", + "modified": "2026-06-25T00:29:23.888358Z" + } + ] + }, {}, {}, {}, @@ -7482,6 +7520,14 @@ interactions: { "id": "ALPINE-CVE-2026-32778", "modified": "2026-06-15T18:18:11.072930Z" + }, + { + "id": "ALPINE-CVE-2026-41080", + "modified": "2026-06-20T12:30:05.052957Z" + }, + { + "id": "ALPINE-CVE-2026-45186", + "modified": "2026-06-20T12:30:05.157190Z" } ] }, @@ -7693,14 +7739,32 @@ interactions: {}, {}, {}, + { + "vulns": [ + { + "id": "GHSA-2r2c-cx56-8933", + "modified": "2026-06-25T22:29:16.891915Z" + }, + { + "id": "GHSA-47qp-hqvx-6r3f", + "modified": "2026-06-25T22:29:17.064782Z" + } + ] + }, {}, {}, {}, {}, {}, {}, - {}, - {}, + { + "vulns": [ + { + "id": "ALPINE-CVE-2026-2100", + "modified": "2026-06-25T10:30:05.031172Z" + } + ] + }, {}, {}, {}, @@ -7720,7 +7784,7 @@ interactions: }, { "id": "ALPINE-CVE-2025-6965", - "modified": "2026-06-15T18:27:21.155416Z" + "modified": "2026-06-27T10:30:06.109296Z" } ] }, @@ -7743,7 +7807,7 @@ interactions: } headers: Content-Length: - - "10527" + - "11259" Content-Type: - application/json status: 200 OK @@ -9744,7 +9808,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-06-04T10:29:16.617520Z" + "modified": "2026-06-26T12:29:46.364453Z" }, { "id": "GO-2025-4015", @@ -9752,7 +9816,7 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-06-12T10:29:15.211985Z" + "modified": "2026-06-26T12:29:45.675399Z" }, { "id": "GO-2025-4175", @@ -9760,7 +9824,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-06-12T10:29:15.605437Z" + "modified": "2026-06-26T12:29:46.638671Z" }, { "id": "GO-2026-4340", @@ -9768,11 +9832,11 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-06-12T10:29:15.035295Z" + "modified": "2026-06-26T12:29:46.427297Z" }, { "id": "GO-2026-4342", - "modified": "2026-06-12T10:29:15.283039Z" + "modified": "2026-06-26T12:29:45.958091Z" }, { "id": "GO-2026-4403", @@ -9780,7 +9844,7 @@ interactions: }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -9792,7 +9856,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", @@ -9804,19 +9868,19 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -9824,7 +9888,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -9840,7 +9904,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -9856,7 +9920,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, @@ -10580,7 +10644,7 @@ interactions: "ecosystem": "Go", "name": "stdlib" }, - "version": "1.25.7" + "version": "1.26.0" }, { "package": { @@ -10592,16 +10656,16 @@ interactions: { "package": { "ecosystem": "Ubuntu:26.04", - "name": "golang-1.25-go" + "name": "golang-1.26-go" }, - "version": "1.25.7-2" + "version": "1.26.0-1" }, { "package": { "ecosystem": "Ubuntu:26.04", - "name": "golang-1.25-src" + "name": "golang-1.26-src" }, - "version": "1.25.7-2" + "version": "1.26.0-1" }, { "package": { @@ -10735,7 +10799,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1443 + content_length: 1632 body: | { "results": [ @@ -10754,9 +10818,17 @@ interactions: {}, { "vulns": [ + { + "id": "GO-2026-4599", + "modified": "2026-06-23T10:29:22.873094Z" + }, + { + "id": "GO-2026-4600", + "modified": "2026-05-15T10:59:23.758905Z" + }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -10768,31 +10840,35 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", "modified": "2026-05-15T10:59:24.648972Z" }, + { + "id": "GO-2026-4866", + "modified": "2026-06-23T10:29:22.654028Z" + }, { "id": "GO-2026-4869", "modified": "2026-05-15T10:59:23.054049Z" }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -10800,7 +10876,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -10816,7 +10892,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -10832,7 +10908,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, @@ -10860,7 +10936,7 @@ interactions: } headers: Content-Length: - - "1443" + - "1632" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml index a8a92a92699..5f2ef2816c4 100644 --- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml +++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml @@ -1789,7 +1789,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-06-04T10:29:16.617520Z" + "modified": "2026-06-26T12:29:46.364453Z" }, { "id": "GO-2025-4015", @@ -1797,7 +1797,7 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-06-12T10:29:15.211985Z" + "modified": "2026-06-26T12:29:45.675399Z" }, { "id": "GO-2025-4175", @@ -1805,7 +1805,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-06-12T10:29:15.605437Z" + "modified": "2026-06-26T12:29:46.638671Z" }, { "id": "GO-2026-4340", @@ -1813,11 +1813,11 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-06-12T10:29:15.035295Z" + "modified": "2026-06-26T12:29:46.427297Z" }, { "id": "GO-2026-4342", - "modified": "2026-06-12T10:29:15.283039Z" + "modified": "2026-06-26T12:29:45.958091Z" }, { "id": "GO-2026-4403", @@ -1825,7 +1825,7 @@ interactions: }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -1837,7 +1837,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", @@ -1849,19 +1849,19 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -1869,7 +1869,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -1885,7 +1885,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -1901,7 +1901,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, @@ -2363,7 +2363,7 @@ interactions: "ecosystem": "Go", "name": "stdlib" }, - "version": "1.25.7" + "version": "1.26.0" }, { "package": { @@ -2375,16 +2375,16 @@ interactions: { "package": { "ecosystem": "Ubuntu:26.04", - "name": "golang-1.25-go" + "name": "golang-1.26-go" }, - "version": "1.25.7-2" + "version": "1.26.0-1" }, { "package": { "ecosystem": "Ubuntu:26.04", - "name": "golang-1.25-src" + "name": "golang-1.26-src" }, - "version": "1.25.7-2" + "version": "1.26.0-1" }, { "package": { @@ -2518,7 +2518,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1443 + content_length: 1632 body: | { "results": [ @@ -2537,9 +2537,17 @@ interactions: {}, { "vulns": [ + { + "id": "GO-2026-4599", + "modified": "2026-06-23T10:29:22.873094Z" + }, + { + "id": "GO-2026-4600", + "modified": "2026-05-15T10:59:23.758905Z" + }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -2551,31 +2559,35 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", "modified": "2026-05-15T10:59:24.648972Z" }, + { + "id": "GO-2026-4866", + "modified": "2026-06-23T10:29:22.654028Z" + }, { "id": "GO-2026-4869", "modified": "2026-05-15T10:59:23.054049Z" }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -2583,7 +2595,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -2599,7 +2611,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -2615,7 +2627,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, @@ -2643,7 +2655,7 @@ interactions: } headers: Content-Length: - - "1443" + - "1632" Content-Type: - application/json status: 200 OK @@ -3400,7 +3412,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 11969 + content_length: 12086 body: | { "results": [ @@ -3493,6 +3505,10 @@ interactions: "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" }, + { + "id": "UBUNTU-CVE-2026-57062", + "modified": "2026-06-25T19:19:16.469882Z" + }, { "id": "USN-7412-1", "modified": "2026-02-10T04:47:47Z" @@ -3503,7 +3519,7 @@ interactions: }, { "id": "USN-7946-1", - "modified": "2026-05-20T16:03:55.565581Z" + "modified": "2026-06-25T13:32:31.788231Z" } ] }, @@ -3598,7 +3614,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-29T19:15:06.810342Z" + "modified": "2026-06-24T11:00:25.318641Z" }, { "id": "USN-7259-1", @@ -3614,7 +3630,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-05-20T16:03:57.629529Z" + "modified": "2026-06-25T13:32:31.787765Z" } ] }, @@ -3623,11 +3639,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-04-22T15:31:21.010462Z" + "modified": "2026-06-23T22:00:07.953148Z" }, { "id": "UBUNTU-CVE-2026-4878", - "modified": "2026-04-29T11:29:22.138592Z" + "modified": "2026-06-24T02:29:23.557692Z" }, { "id": "USN-7287-1", @@ -3647,11 +3663,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-06-02T14:00:10.803243Z" + "modified": "2026-06-26T19:30:07.097771Z" }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-06-02T14:00:20.958338Z" + "modified": "2026-06-26T19:30:06.785492Z" }, { "id": "USN-8319-1", @@ -3728,7 +3744,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-06-17T11:01:28.854907Z" + "modified": "2026-06-24T11:01:39.860701Z" }, { "id": "UBUNTU-CVE-2026-42015", @@ -3797,7 +3813,7 @@ interactions: }, { "id": "USN-7257-1", - "modified": "2026-05-20T16:03:28.032877Z" + "modified": "2026-06-25T13:32:30.106589Z" }, { "id": "USN-7314-1", @@ -3805,7 +3821,7 @@ interactions: }, { "id": "USN-7542-1", - "modified": "2026-05-20T16:03:46.356475Z" + "modified": "2026-06-25T13:32:30.616782Z" } ] }, @@ -3862,7 +3878,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-54411", - "modified": "2026-06-17T11:02:56.948731Z" + "modified": "2026-06-24T09:03:12Z" }, { "id": "USN-7580-1", @@ -3907,7 +3923,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-06-18T04:30:07.553679Z" + "modified": "2026-06-22T09:30:07.721290Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -3937,6 +3953,10 @@ interactions: "id": "UBUNTU-CVE-2025-9230", "modified": "2026-05-20T16:24:04.817135Z" }, + { + "id": "UBUNTU-CVE-2026-11999", + "modified": "2026-06-26T12:27:59.525197Z" + }, { "id": "UBUNTU-CVE-2026-22795", "modified": "2026-05-20T16:24:13.263285Z" @@ -4015,11 +4035,11 @@ interactions: }, { "id": "USN-7786-1", - "modified": "2026-05-20T16:03:48.800001Z" + "modified": "2026-06-25T13:32:31.234820Z" }, { "id": "USN-7980-1", - "modified": "2026-06-18T04:30:17.825715Z" + "modified": "2026-06-22T09:30:53.470047Z" }, { "id": "USN-8155-1", @@ -4124,11 +4144,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2026-05-20T16:13:34.139215Z" + "modified": "2026-06-24T15:30:22.242365Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2026-04-22T14:15:27.303492Z" + "modified": "2026-06-24T15:30:22.223640Z" }, { "id": "UBUNTU-CVE-2024-56406", @@ -4136,43 +4156,43 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15649", - "modified": "2026-06-01T07:15:36.150813Z" + "modified": "2026-06-24T15:30:22.189337Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-04-22T16:02:28.067448Z" + "modified": "2026-06-24T15:30:22.288512Z" }, { "id": "UBUNTU-CVE-2026-12087", - "modified": "2026-06-17T06:31:05.062220Z" + "modified": "2026-06-24T15:30:23.739218Z" }, { "id": "UBUNTU-CVE-2026-42496", - "modified": "2026-05-29T18:00:44.834841Z" + "modified": "2026-06-24T19:45:37.156847Z" }, { "id": "UBUNTU-CVE-2026-42497", - "modified": "2026-05-29T18:00:44.772881Z" + "modified": "2026-06-24T15:30:24.246186Z" }, { "id": "UBUNTU-CVE-2026-48959", - "modified": "2026-06-01T07:15:44.250395Z" + "modified": "2026-06-24T15:30:26.294978Z" }, { "id": "UBUNTU-CVE-2026-48961", - "modified": "2026-06-01T07:15:44.261753Z" + "modified": "2026-06-24T15:30:27.006080Z" }, { "id": "UBUNTU-CVE-2026-48962", - "modified": "2026-05-29T18:01:00.200422Z" + "modified": "2026-06-24T15:30:26.989040Z" }, { "id": "UBUNTU-CVE-2026-8376", - "modified": "2026-05-29T18:01:03.136712Z" + "modified": "2026-06-24T19:45:44.609183Z" }, { "id": "UBUNTU-CVE-2026-9538", - "modified": "2026-05-29T18:01:01.753968Z" + "modified": "2026-06-24T15:30:29.122606Z" }, { "id": "USN-7434-1", @@ -4202,29 +4222,26 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-45582", - "modified": "2026-05-20T16:23:29.580676Z" + "modified": "2026-06-25T23:45:12.526389Z" }, { "id": "UBUNTU-CVE-2026-5704", - "modified": "2026-05-20T16:26:24.372107Z" + "modified": "2026-06-26T14:47:36.043245Z" + }, + { + "id": "USN-8477-1", + "modified": "2026-06-26T14:59:24.298942Z" } ] }, {}, {}, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-06-16T13:30:42.791654Z" - } - ] - } + {} ] } headers: Content-Length: - - "11969" + - "12086" Content-Type: - application/json status: 200 OK @@ -4763,7 +4780,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 18291 + content_length: 18408 body: | { "results": [ @@ -5139,7 +5156,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-06-04T10:29:16.617520Z" + "modified": "2026-06-26T12:29:46.364453Z" }, { "id": "GO-2025-4015", @@ -5147,7 +5164,7 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-06-12T10:29:15.211985Z" + "modified": "2026-06-26T12:29:45.675399Z" }, { "id": "GO-2025-4175", @@ -5155,7 +5172,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-06-12T10:29:15.605437Z" + "modified": "2026-06-26T12:29:46.638671Z" }, { "id": "GO-2026-4340", @@ -5163,11 +5180,11 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-06-12T10:29:15.035295Z" + "modified": "2026-06-26T12:29:46.427297Z" }, { "id": "GO-2026-4342", - "modified": "2026-06-12T10:29:15.283039Z" + "modified": "2026-06-26T12:29:45.958091Z" }, { "id": "GO-2026-4403", @@ -5175,7 +5192,7 @@ interactions: }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -5187,7 +5204,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", @@ -5199,19 +5216,19 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -5219,7 +5236,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -5235,7 +5252,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -5251,7 +5268,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, @@ -5269,6 +5286,10 @@ interactions: "id": "UBUNTU-CVE-2025-68973", "modified": "2026-02-05T00:30:28.335358Z" }, + { + "id": "UBUNTU-CVE-2026-57062", + "modified": "2026-06-25T19:19:16.469882Z" + }, { "id": "USN-7412-1", "modified": "2026-02-10T04:47:47Z" @@ -5279,7 +5300,7 @@ interactions: }, { "id": "USN-7946-1", - "modified": "2026-05-20T16:03:55.565581Z" + "modified": "2026-06-25T13:32:31.788231Z" } ] }, @@ -5374,7 +5395,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-6238", - "modified": "2026-05-29T19:15:06.810342Z" + "modified": "2026-06-24T11:00:25.318641Z" }, { "id": "USN-7259-1", @@ -5390,7 +5411,7 @@ interactions: }, { "id": "USN-8005-1", - "modified": "2026-05-20T16:03:57.629529Z" + "modified": "2026-06-25T13:32:31.787765Z" } ] }, @@ -5399,11 +5420,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-1390", - "modified": "2026-04-22T15:31:21.010462Z" + "modified": "2026-06-23T22:00:07.953148Z" }, { "id": "UBUNTU-CVE-2026-4878", - "modified": "2026-04-29T11:29:22.138592Z" + "modified": "2026-06-24T02:29:23.557692Z" }, { "id": "USN-7287-1", @@ -5423,11 +5444,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2024-2236", - "modified": "2026-06-02T14:00:10.803243Z" + "modified": "2026-06-26T19:30:07.097771Z" }, { "id": "UBUNTU-CVE-2026-41989", - "modified": "2026-06-02T14:00:20.958338Z" + "modified": "2026-06-26T19:30:06.785492Z" }, { "id": "USN-8319-1", @@ -5504,7 +5525,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-42014", - "modified": "2026-06-17T11:01:28.854907Z" + "modified": "2026-06-24T11:01:39.860701Z" }, { "id": "UBUNTU-CVE-2026-42015", @@ -5573,7 +5594,7 @@ interactions: }, { "id": "USN-7257-1", - "modified": "2026-05-20T16:03:28.032877Z" + "modified": "2026-06-25T13:32:30.106589Z" }, { "id": "USN-7314-1", @@ -5581,7 +5602,7 @@ interactions: }, { "id": "USN-7542-1", - "modified": "2026-05-20T16:03:46.356475Z" + "modified": "2026-06-25T13:32:30.616782Z" } ] }, @@ -5638,7 +5659,7 @@ interactions: }, { "id": "UBUNTU-CVE-2026-54411", - "modified": "2026-06-17T11:02:56.948731Z" + "modified": "2026-06-24T09:03:12Z" }, { "id": "USN-7580-1", @@ -5683,7 +5704,7 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15467", - "modified": "2026-06-18T04:30:07.553679Z" + "modified": "2026-06-22T09:30:07.721290Z" }, { "id": "UBUNTU-CVE-2025-27587", @@ -5713,6 +5734,10 @@ interactions: "id": "UBUNTU-CVE-2025-9230", "modified": "2026-05-20T16:24:04.817135Z" }, + { + "id": "UBUNTU-CVE-2026-11999", + "modified": "2026-06-26T12:27:59.525197Z" + }, { "id": "UBUNTU-CVE-2026-22795", "modified": "2026-05-20T16:24:13.263285Z" @@ -5791,11 +5816,11 @@ interactions: }, { "id": "USN-7786-1", - "modified": "2026-05-20T16:03:48.800001Z" + "modified": "2026-06-25T13:32:31.234820Z" }, { "id": "USN-7980-1", - "modified": "2026-06-18T04:30:17.825715Z" + "modified": "2026-06-22T09:30:53.470047Z" }, { "id": "USN-8155-1", @@ -5900,11 +5925,11 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2023-31486", - "modified": "2026-05-20T16:13:34.139215Z" + "modified": "2026-06-24T15:30:22.242365Z" }, { "id": "UBUNTU-CVE-2023-47039", - "modified": "2026-04-22T14:15:27.303492Z" + "modified": "2026-06-24T15:30:22.223640Z" }, { "id": "UBUNTU-CVE-2024-56406", @@ -5912,43 +5937,43 @@ interactions: }, { "id": "UBUNTU-CVE-2025-15649", - "modified": "2026-06-01T07:15:36.150813Z" + "modified": "2026-06-24T15:30:22.189337Z" }, { "id": "UBUNTU-CVE-2025-40909", - "modified": "2026-04-22T16:02:28.067448Z" + "modified": "2026-06-24T15:30:22.288512Z" }, { "id": "UBUNTU-CVE-2026-12087", - "modified": "2026-06-17T06:31:05.062220Z" + "modified": "2026-06-24T15:30:23.739218Z" }, { "id": "UBUNTU-CVE-2026-42496", - "modified": "2026-05-29T18:00:44.834841Z" + "modified": "2026-06-24T19:45:37.156847Z" }, { "id": "UBUNTU-CVE-2026-42497", - "modified": "2026-05-29T18:00:44.772881Z" + "modified": "2026-06-24T15:30:24.246186Z" }, { "id": "UBUNTU-CVE-2026-48959", - "modified": "2026-06-01T07:15:44.250395Z" + "modified": "2026-06-24T15:30:26.294978Z" }, { "id": "UBUNTU-CVE-2026-48961", - "modified": "2026-06-01T07:15:44.261753Z" + "modified": "2026-06-24T15:30:27.006080Z" }, { "id": "UBUNTU-CVE-2026-48962", - "modified": "2026-05-29T18:01:00.200422Z" + "modified": "2026-06-24T15:30:26.989040Z" }, { "id": "UBUNTU-CVE-2026-8376", - "modified": "2026-05-29T18:01:03.136712Z" + "modified": "2026-06-24T19:45:44.609183Z" }, { "id": "UBUNTU-CVE-2026-9538", - "modified": "2026-05-29T18:01:01.753968Z" + "modified": "2026-06-24T15:30:29.122606Z" }, { "id": "USN-7434-1", @@ -5978,29 +6003,26 @@ interactions: "vulns": [ { "id": "UBUNTU-CVE-2025-45582", - "modified": "2026-05-20T16:23:29.580676Z" + "modified": "2026-06-25T23:45:12.526389Z" }, { "id": "UBUNTU-CVE-2026-5704", - "modified": "2026-05-20T16:26:24.372107Z" + "modified": "2026-06-26T14:47:36.043245Z" + }, + { + "id": "USN-8477-1", + "modified": "2026-06-26T14:59:24.298942Z" } ] }, {}, {}, - { - "vulns": [ - { - "id": "UBUNTU-CVE-2026-27171", - "modified": "2026-06-16T13:30:42.791654Z" - } - ] - } + {} ] } headers: Content-Length: - - "18291" + - "18408" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index 8de17cc764b..0f8b6ce4ba8 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -511,7 +511,7 @@ overriding license for package Packagist/league/flysystem/1.0.8 with 0BSD overriding license for package Packagist/sentry/sdk/2.0.4 with 0BSD overriding license for package Packagist/theseer/tokenizer/1.1.3 with 0BSD -Total 5 packages affected by 16 known vulnerabilities (2 Critical, 1 High, 3 Medium, 3 Low, 7 Unknown) from 4 ecosystems. +Total 5 packages affected by 16 known vulnerabilities (3 Critical, 1 High, 3 Medium, 3 Low, 6 Unknown) from 4 ecosystems. 15 vulnerabilities can be fixed. +-----------------------------------------+------+--------------+-----------------------+----------+---------------+--------------------------------------------------+ @@ -530,7 +530,8 @@ Total 5 packages affected by 16 known vulnerabilities (2 Critical, 1 High, 3 Med | https://osv.dev/GHSA-f3cj-mjqm-fhvj | | | | | | | | https://osv.dev/DRUPAL-CORE-2026-002 | 6.6 | Packagist | drupal/core | 10.4.5 | 10.5.9 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/GHSA-xmjc-63pr-2mpg | | | | | | | -| https://osv.dev/DRUPAL-CORE-2026-004 | | Packagist | drupal/core | 10.4.5 | 10.4.10 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/DRUPAL-CORE-2026-004 | 9.8 | Packagist | drupal/core | 10.4.5 | 10.4.10 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-ghwc-95x2-682j | | | | | | | | https://osv.dev/DRUPAL-CORE-2026-005 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CORE-2026-006 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CORE-2026-007 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | @@ -1120,8 +1121,8 @@ Scanned /testdata/sbom-insecure/postgres-stretch.cdx.xml file and found Scanned /testdata/sbom-insecure/with-duplicates.cdx.xml file and found 17 packages Filtered 10 local/unscannable package/s from the scan. -Total 27 packages affected by 224 known vulnerabilities (26 Critical, 96 High, 68 Medium, 6 Low, 28 Unknown) from 5 ecosystems. -21 vulnerabilities can be fixed. +Total 27 packages affected by 226 known vulnerabilities (26 Critical, 97 High, 69 Medium, 6 Low, 28 Unknown) from 5 ecosystems. +22 vulnerabilities can be fixed. +---------------------------------------+------+--------------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -1146,6 +1147,7 @@ Total 27 packages affected by 224 known vulnerabilities (26 Critical, 96 High, 6 | https://osv.dev/GHSA-qw9x-cqr3-wc7r | | | | | | | | https://osv.dev/GO-2025-4098 | 7.3 | Go | github.com/opencontainers/runc | v1.0.1 | 1.2.8 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-cgrx-mc8f-2prm | | | | | | | +| https://osv.dev/GHSA-xjvp-4fhw-gc47 | 4.8 | Go | github.com/opencontainers/runc | v1.0.1 | 1.3.6 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/GO-2026-5024 | | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.44.0 | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -1226,6 +1228,7 @@ Total 27 packages affected by 224 known vulnerabilities (26 Critical, 96 High, 6 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6653 | 7.0 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-6732 | 7.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2386,8 +2389,8 @@ Filtered 8 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 25 packages affected by 218 known vulnerabilities (26 Critical, 91 High, 67 Medium, 6 Low, 28 Unknown) from 5 ecosystems. -16 vulnerabilities can be fixed. +Total 25 packages affected by 220 known vulnerabilities (26 Critical, 92 High, 68 Medium, 6 Low, 28 Unknown) from 5 ecosystems. +17 vulnerabilities can be fixed. +---------------------------------------+------+--------------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -2410,6 +2413,7 @@ Total 25 packages affected by 218 known vulnerabilities (26 Critical, 91 High, 6 | https://osv.dev/GHSA-qw9x-cqr3-wc7r | | | | | | | | https://osv.dev/GO-2025-4098 | 7.3 | Go | github.com/opencontainers/runc | v1.0.1 | 1.2.8 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-cgrx-mc8f-2prm | | | | | | | +| https://osv.dev/GHSA-xjvp-4fhw-gc47 | 4.8 | Go | github.com/opencontainers/runc | v1.0.1 | 1.3.6 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/GO-2026-5024 | | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.44.0 | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2484,6 +2488,7 @@ Total 25 packages affected by 218 known vulnerabilities (26 Critical, 91 High, 6 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6653 | 7.0 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-6732 | 7.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2659,8 +2664,8 @@ Filtered 6 vulnerabilities from output testdata/osv-scanner-partial-ignores-config.toml has unused ignores: - CVE-2019-5188 -Total 23 packages affected by 214 known vulnerabilities (24 Critical, 90 High, 66 Medium, 6 Low, 28 Unknown) from 3 ecosystems. -12 vulnerabilities can be fixed. +Total 23 packages affected by 216 known vulnerabilities (24 Critical, 91 High, 67 Medium, 6 Low, 28 Unknown) from 3 ecosystems. +13 vulnerabilities can be fixed. +---------------------------------------+------+--------------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -2683,6 +2688,7 @@ Total 23 packages affected by 214 known vulnerabilities (24 Critical, 90 High, 6 | https://osv.dev/GHSA-qw9x-cqr3-wc7r | | | | | | | | https://osv.dev/GO-2025-4098 | 7.3 | Go | github.com/opencontainers/runc | v1.0.1 | 1.2.8 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-cgrx-mc8f-2prm | | | | | | | +| https://osv.dev/GHSA-xjvp-4fhw-gc47 | 4.8 | Go | github.com/opencontainers/runc | v1.0.1 | 1.3.6 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/GO-2026-5024 | | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.44.0 | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -2753,6 +2759,7 @@ Total 23 packages affected by 214 known vulnerabilities (24 Critical, 90 High, 6 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6653 | 7.0 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-6732 | 7.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -3857,8 +3864,8 @@ Java reachability enricher marked 14 packages as unreachable Scanned /testdata/artifact/javareach_test.jar file and found 21 packages failed to download package err jar not found: https://repo1.maven.org/maven2/com/example/hello-tester/1.0-SNAPSHOT/hello-tester-1.0-SNAPSHOT.jar -Total 4 packages affected by 56 known vulnerabilities (18 Critical, 30 High, 6 Medium, 2 Low, 0 Unknown) from 1 ecosystem. -56 vulnerabilities can be fixed. +Total 4 packages affected by 57 known vulnerabilities (18 Critical, 30 High, 7 Medium, 2 Low, 0 Unknown) from 1 ecosystem. +57 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3896,6 +3903,7 @@ Total 4 packages affected by 56 known vulnerabilities (18 Critical, 30 High, 6 M | https://osv.dev/GHSA-h3cw-g4mq-c5x2 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h592-38cm-4ggp | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h822-r4r5-v8jg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | +| https://osv.dev/GHSA-hgj6-7826-r7m5 | 5.3 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.18.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-jjjh-jjxp-wpff | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.12.7.1 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-m6x4-97wx-4q27 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-mph4-vhrx-mv67 | 5.9 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | @@ -3940,8 +3948,8 @@ Total 4 packages affected by 56 known vulnerabilities (18 Critical, 30 High, 6 M Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -61 vulnerabilities can be fixed. +Total 8 packages affected by 63 known vulnerabilities (18 Critical, 32 High, 10 Medium, 3 Low, 0 Unknown) from 1 ecosystem. +62 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -3980,6 +3988,7 @@ Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 M | https://osv.dev/GHSA-h3cw-g4mq-c5x2 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h592-38cm-4ggp | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h822-r4r5-v8jg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | +| https://osv.dev/GHSA-hgj6-7826-r7m5 | 5.3 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.18.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-jjjh-jjxp-wpff | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.12.7.1 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-m6x4-97wx-4q27 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-mph4-vhrx-mv67 | 5.9 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | @@ -4020,8 +4029,8 @@ Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 M Scanning dir ./testdata/artifact/javareach_test.jar Scanned /testdata/artifact/javareach_test.jar file and found 21 packages -Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem. -61 vulnerabilities can be fixed. +Total 8 packages affected by 63 known vulnerabilities (18 Critical, 32 High, 10 Medium, 3 Low, 0 Unknown) from 1 ecosystem. +62 vulnerabilities can be fixed. +-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -4060,6 +4069,7 @@ Total 8 packages affected by 62 known vulnerabilities (18 Critical, 32 High, 9 M | https://osv.dev/GHSA-h3cw-g4mq-c5x2 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.6 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h592-38cm-4ggp | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-h822-r4r5-v8jg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | +| https://osv.dev/GHSA-hgj6-7826-r7m5 | 5.3 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.18.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-jjjh-jjxp-wpff | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.12.7.1 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-m6x4-97wx-4q27 | 8.1 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.9.10.8 | testdata/artifact/javareach_test.jar | | https://osv.dev/GHSA-mph4-vhrx-mv67 | 5.9 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.3 | testdata/artifact/javareach_test.jar | @@ -4779,7 +4789,7 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip Loaded Packagist local db from /osv-scanner/Packagist/all.zip Loaded npm local db from /osv-scanner/npm/all.zip -Total 5 packages affected by 16 known vulnerabilities (1 Critical, 2 High, 3 Medium, 3 Low, 7 Unknown) from 3 ecosystems. +Total 5 packages affected by 16 known vulnerabilities (2 Critical, 2 High, 3 Medium, 3 Low, 6 Unknown) from 3 ecosystems. 15 vulnerabilities can be fixed. +-----------------------------------------+------+--------------+-----------------------+----------+---------------+-----------------------------------------------------+ @@ -4797,7 +4807,8 @@ Total 5 packages affected by 16 known vulnerabilities (1 Critical, 2 High, 3 Med | https://osv.dev/GHSA-f3cj-mjqm-fhvj | | | | | | | | https://osv.dev/DRUPAL-CORE-2026-002 | 6.6 | Packagist | drupal/core | 10.4.5 | 10.5.9 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/GHSA-xmjc-63pr-2mpg | | | | | | | -| https://osv.dev/DRUPAL-CORE-2026-004 | | Packagist | drupal/core | 10.4.5 | 10.4.10 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/DRUPAL-CORE-2026-004 | 9.8 | Packagist | drupal/core | 10.4.5 | 10.4.10 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-ghwc-95x2-682j | | | | | | | | https://osv.dev/DRUPAL-CORE-2026-005 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CORE-2026-006 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CORE-2026-007 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | @@ -4828,7 +4839,7 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip Loaded Packagist local db from /osv-scanner/Packagist/all.zip Loaded npm local db from /osv-scanner/npm/all.zip -Total 5 packages affected by 16 known vulnerabilities (1 Critical, 2 High, 3 Medium, 3 Low, 7 Unknown) from 3 ecosystems. +Total 5 packages affected by 16 known vulnerabilities (2 Critical, 2 High, 3 Medium, 3 Low, 6 Unknown) from 3 ecosystems. 15 vulnerabilities can be fixed. +-----------------------------------------+------+--------------+-----------------------+----------+---------------+-----------------------------------------------------+ @@ -4846,7 +4857,8 @@ Total 5 packages affected by 16 known vulnerabilities (1 Critical, 2 High, 3 Med | https://osv.dev/GHSA-f3cj-mjqm-fhvj | | | | | | | | https://osv.dev/DRUPAL-CORE-2026-002 | 6.6 | Packagist | drupal/core | 10.4.5 | 10.5.9 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/GHSA-xmjc-63pr-2mpg | | | | | | | -| https://osv.dev/DRUPAL-CORE-2026-004 | | Packagist | drupal/core | 10.4.5 | 10.4.10 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/DRUPAL-CORE-2026-004 | 9.8 | Packagist | drupal/core | 10.4.5 | 10.4.10 | testdata/locks-many-with-insecure/composer.lock | +| https://osv.dev/GHSA-ghwc-95x2-682j | | | | | | | | https://osv.dev/DRUPAL-CORE-2026-005 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CORE-2026-006 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | | https://osv.dev/DRUPAL-CORE-2026-007 | | Packagist | drupal/core | 10.4.5 | 10.5.12 | testdata/locks-many-with-insecure/composer.lock | @@ -5027,8 +5039,8 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 22 packages affected by 215 known vulnerabilities (23 Critical, 91 High, 67 Medium, 6 Low, 28 Unknown) from 2 ecosystems. -12 vulnerabilities can be fixed. +Total 22 packages affected by 217 known vulnerabilities (23 Critical, 92 High, 68 Medium, 6 Low, 28 Unknown) from 2 ecosystems. +13 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -5053,6 +5065,7 @@ Total 22 packages affected by 215 known vulnerabilities (23 Critical, 91 High, 6 | https://osv.dev/GHSA-qw9x-cqr3-wc7r | | | | | | | | https://osv.dev/GO-2025-4098 | 7.3 | Go | github.com/opencontainers/runc | v1.0.1 | 1.2.8 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-cgrx-mc8f-2prm | | | | | | | +| https://osv.dev/GHSA-xjvp-4fhw-gc47 | 4.8 | Go | github.com/opencontainers/runc | v1.0.1 | 1.3.6 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/GO-2026-5024 | | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.44.0 | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5124,6 +5137,7 @@ Total 22 packages affected by 215 known vulnerabilities (23 Critical, 91 High, 6 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6653 | 7.0 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-6732 | 7.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5292,8 +5306,8 @@ Filtered 1 local/unscannable package/s from the scan. Loaded Debian local db from /osv-scanner/Debian/all.zip Loaded Go local db from /osv-scanner/Go/all.zip -Total 22 packages affected by 215 known vulnerabilities (23 Critical, 91 High, 67 Medium, 6 Low, 28 Unknown) from 2 ecosystems. -12 vulnerabilities can be fixed. +Total 22 packages affected by 217 known vulnerabilities (23 Critical, 92 High, 68 Medium, 6 Low, 28 Unknown) from 2 ecosystems. +13 vulnerabilities can be fixed. +---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -5318,6 +5332,7 @@ Total 22 packages affected by 215 known vulnerabilities (23 Critical, 91 High, 6 | https://osv.dev/GHSA-qw9x-cqr3-wc7r | | | | | | | | https://osv.dev/GO-2025-4098 | 7.3 | Go | github.com/opencontainers/runc | v1.0.1 | 1.2.8 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-cgrx-mc8f-2prm | | | | | | | +| https://osv.dev/GHSA-xjvp-4fhw-gc47 | 4.8 | Go | github.com/opencontainers/runc | v1.0.1 | 1.3.6 | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GO-2022-0493 | 5.3 | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.0.0-20220412211240-33da011f77ad | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/GHSA-p782-xgp4-8hr8 | | | | | | | | https://osv.dev/GO-2026-5024 | | Go | golang.org/x/sys | v0.0.0-20210817142637-7d9622a276b7 | 0.44.0 | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -5389,6 +5404,7 @@ Total 22 packages affected by 215 known vulnerabilities (23 Critical, 91 High, 6 | https://osv.dev/DEBIAN-CVE-2026-0989 | 3.7 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0990 | 5.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-0992 | 2.9 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DEBIAN-CVE-2026-6653 | 7.0 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DEBIAN-CVE-2026-6732 | 7.5 | Debian | libxml2 | 2.9.4+dfsg1-2.2+deb9u6 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-1 | 4.7 | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-4539-3 | | Debian | openssl | 1.1.0l-1~deb9u5 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml | @@ -6011,19 +6027,27 @@ Total 1 package affected by 1 known vulnerability (0 Critical, 0 High, 0 Medium, [TestCommand_MoreLockfiles/gems.locked - 1] Scanned /testdata/locks-scalibr/gems.locked file and found 26 packages -Total 2 packages affected by 8 known vulnerabilities (0 Critical, 3 High, 2 Medium, 0 Low, 3 Unknown) from 1 ecosystem. -8 vulnerabilities can be fixed. +Total 2 packages affected by 16 known vulnerabilities (0 Critical, 3 High, 3 Medium, 6 Low, 4 Unknown) from 1 ecosystem. +16 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ | https://osv.dev/GHSA-9m3q-rhmv-5q44 | 7.5 | RubyGems | json | 2.10.1 | 2.10.2 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-353f-x4gh-cqq8 | | RubyGems | nokogiri | 1.18.2 | 1.18.9 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-5prr-v3j2-97mh | 6.3 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-5v8h-3h3q-446p | 1.7 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-5w6v-399v-w3cc | | RubyGems | nokogiri | 1.18.2 | 1.18.8 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-8678-w3jw-xfc2 | 2.6 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-9cv2-cfxc-v4v2 | 1.7 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-c4rq-3m3g-8wgx | 7.5 | RubyGems | nokogiri | 1.18.2 | 1.19.3 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-mrxw-mxhj-p664 | 7.8 | RubyGems | nokogiri | 1.18.2 | 1.18.4 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-p67v-3w7g-wjg7 | 1.7 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-phwj-rprq-35pp | 1.7 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-v2fc-qm4h-8hqv | 5.3 | RubyGems | nokogiri | 1.18.2 | 1.19.3 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-vvfq-8hwr-qm4m | | RubyGems | nokogiri | 1.18.2 | 1.18.3 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-wfpw-mmfh-qq69 | | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | +| https://osv.dev/GHSA-wjv4-x9w8-wm3h | 1.7 | RubyGems | nokogiri | 1.18.2 | 1.19.4 | testdata/locks-scalibr/gems.locked | | https://osv.dev/GHSA-wx95-c6cv-8532 | 5.3 | RubyGems | nokogiri | 1.18.2 | 1.19.1 | testdata/locks-scalibr/gems.locked | +-------------------------------------+------+-----------+----------+---------+---------------+------------------------------------+ diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml index e606cb6e3f5..ef26c5c1c96 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml @@ -1046,7 +1046,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1754 + content_length: 1824 body: | { "results": [ @@ -1124,11 +1124,11 @@ interactions: }, { "id": "DRUPAL-CORE-2026-004", - "modified": "2026-05-29T09:26:01.201397Z" + "modified": "2026-06-18T20:26:07.761498Z" }, { "id": "DRUPAL-CORE-2026-005", - "modified": "2026-06-17T19:41:28.882665Z" + "modified": "2026-06-19T19:15:05.088567Z" }, { "id": "DRUPAL-CORE-2026-006", @@ -1154,6 +1154,10 @@ interactions: "id": "GHSA-f3cj-mjqm-fhvj", "modified": "2026-06-05T18:42:12.797816Z" }, + { + "id": "GHSA-ghwc-95x2-682j", + "modified": "2026-06-18T20:26:07.761498Z" + }, { "id": "GHSA-h89p-5896-f4q8", "modified": "2025-12-10T23:41:19.050806Z" @@ -1187,7 +1191,7 @@ interactions: } headers: Content-Length: - - "1754" + - "1824" Content-Type: - application/json status: 200 OK @@ -3070,7 +3074,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 25083 + content_length: 25224 body: | { "results": [ @@ -3300,6 +3304,10 @@ interactions: "id": "GHSA-vpvm-3wq2-2wvm", "modified": "2026-02-04T02:53:37.613379Z" }, + { + "id": "GHSA-xjvp-4fhw-gc47", + "modified": "2026-06-23T18:29:29.325196Z" + }, { "id": "GHSA-xr7r-f8xq-vfvv", "modified": "2026-02-04T03:18:48.377509Z" @@ -3753,6 +3761,10 @@ interactions: "id": "DEBIAN-CVE-2026-1757", "modified": "2026-06-15T19:06:07.689307Z" }, + { + "id": "DEBIAN-CVE-2026-6653", + "modified": "2026-06-23T05:00:15.700358Z" + }, { "id": "DEBIAN-CVE-2026-6732", "modified": "2026-06-15T19:06:32.212693Z" @@ -4661,15 +4673,15 @@ interactions: }, { "id": "DEBIAN-CVE-2026-53612", - "modified": "2026-06-17T07:00:08.875942Z" + "modified": "2026-06-26T22:00:12.721900Z" }, { "id": "DEBIAN-CVE-2026-53613", - "modified": "2026-06-17T08:00:09.754851Z" + "modified": "2026-06-26T22:00:13.040059Z" }, { "id": "DEBIAN-CVE-2026-53614", - "modified": "2026-06-17T08:00:09.493161Z" + "modified": "2026-06-26T22:00:12.733790Z" }, { "id": "DEBIAN-CVE-2026-53615", @@ -4723,7 +4735,7 @@ interactions: } headers: Content-Length: - - "25083" + - "25224" Content-Type: - application/json status: 200 OK @@ -4864,7 +4876,7 @@ interactions: }, { "id": "GO-2025-4014", - "modified": "2026-06-04T10:29:16.617520Z" + "modified": "2026-06-26T12:29:46.364453Z" }, { "id": "GO-2025-4015", @@ -4872,7 +4884,7 @@ interactions: }, { "id": "GO-2025-4155", - "modified": "2026-06-12T10:29:15.211985Z" + "modified": "2026-06-26T12:29:45.675399Z" }, { "id": "GO-2025-4175", @@ -4880,7 +4892,7 @@ interactions: }, { "id": "GO-2026-4337", - "modified": "2026-06-12T10:29:15.605437Z" + "modified": "2026-06-26T12:29:46.638671Z" }, { "id": "GO-2026-4340", @@ -4888,15 +4900,15 @@ interactions: }, { "id": "GO-2026-4341", - "modified": "2026-06-12T10:29:15.035295Z" + "modified": "2026-06-26T12:29:46.427297Z" }, { "id": "GO-2026-4342", - "modified": "2026-06-12T10:29:15.283039Z" + "modified": "2026-06-26T12:29:45.958091Z" }, { "id": "GO-2026-4601", - "modified": "2026-06-17T10:29:19.633057Z" + "modified": "2026-06-26T12:29:45.825096Z" }, { "id": "GO-2026-4602", @@ -4908,7 +4920,7 @@ interactions: }, { "id": "GO-2026-4864", - "modified": "2026-06-16T10:29:15.527117Z" + "modified": "2026-06-24T10:29:19.181568Z" }, { "id": "GO-2026-4865", @@ -4920,19 +4932,19 @@ interactions: }, { "id": "GO-2026-4870", - "modified": "2026-06-17T10:29:19.204036Z" + "modified": "2026-06-26T12:29:46.233435Z" }, { "id": "GO-2026-4918", - "modified": "2026-05-11T08:11:05.383192Z" + "modified": "2026-06-27T10:44:20.771417Z" }, { "id": "GO-2026-4946", - "modified": "2026-06-17T10:29:19.549582Z" + "modified": "2026-06-26T12:29:46.031545Z" }, { "id": "GO-2026-4947", - "modified": "2026-06-17T10:29:19.948808Z" + "modified": "2026-06-26T12:29:46.300439Z" }, { "id": "GO-2026-4971", @@ -4940,7 +4952,7 @@ interactions: }, { "id": "GO-2026-4976", - "modified": "2026-05-11T08:11:26.883618Z" + "modified": "2026-06-27T10:44:21.221469Z" }, { "id": "GO-2026-4977", @@ -4956,7 +4968,7 @@ interactions: }, { "id": "GO-2026-4982", - "modified": "2026-05-11T08:11:21.041304Z" + "modified": "2026-06-27T10:44:21.066171Z" }, { "id": "GO-2026-4986", @@ -4972,7 +4984,7 @@ interactions: }, { "id": "GO-2026-5039", - "modified": "2026-06-05T07:56:26.571479Z" + "modified": "2026-06-27T10:44:21.143168Z" } ] }, diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml index 990f111f9f6..661255f9eb3 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml @@ -44,7 +44,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1183 + content_length: 1372 body: | { "results": [ @@ -116,7 +116,7 @@ interactions: }, { "id": "GO-2026-4961", - "modified": "2026-05-15T10:59:24.181813Z" + "modified": "2026-06-25T18:45:14.933531Z" }, { "id": "GO-2026-4962", @@ -129,6 +129,18 @@ interactions: { "id": "GO-2026-5032", "modified": "2026-06-16T06:14:21.615391Z" + }, + { + "id": "GO-2026-5061", + "modified": "2026-06-26T13:44:18.873843Z" + }, + { + "id": "GO-2026-5062", + "modified": "2026-06-26T13:44:19.052864Z" + }, + { + "id": "GO-2026-5066", + "modified": "2026-06-27T06:14:20.408848Z" } ] } @@ -136,7 +148,7 @@ interactions: } headers: Content-Length: - - "1183" + - "1372" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml index c63b3f039e9..400d8e728c0 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml @@ -132,7 +132,7 @@ interactions: }, { "id": "OSV-2024-340", - "modified": "2026-06-17T14:22:21.220057Z" + "modified": "2026-06-28T14:24:17.774597Z" } ] }, @@ -197,15 +197,15 @@ interactions: "vulns": [ { "id": "CVE-2025-11187", - "modified": "2026-06-17T09:29:28.544232Z" + "modified": "2026-06-27T08:59:22.027603Z" }, { "id": "CVE-2025-15467", - "modified": "2026-06-17T09:29:34.311321Z" + "modified": "2026-06-27T08:59:22.606167Z" }, { "id": "CVE-2025-15468", - "modified": "2026-06-17T09:29:27.564360Z" + "modified": "2026-06-27T08:59:18.821732Z" }, { "id": "CVE-2025-15469", diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml index 673a439edc7..7005e7c603d 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml @@ -1246,7 +1246,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 25083 + content_length: 25224 body: | { "results": [ @@ -1476,6 +1476,10 @@ interactions: "id": "GHSA-vpvm-3wq2-2wvm", "modified": "2026-02-04T02:53:37.613379Z" }, + { + "id": "GHSA-xjvp-4fhw-gc47", + "modified": "2026-06-23T18:29:29.325196Z" + }, { "id": "GHSA-xr7r-f8xq-vfvv", "modified": "2026-02-04T03:18:48.377509Z" @@ -1929,6 +1933,10 @@ interactions: "id": "DEBIAN-CVE-2026-1757", "modified": "2026-06-15T19:06:07.689307Z" }, + { + "id": "DEBIAN-CVE-2026-6653", + "modified": "2026-06-23T05:00:15.700358Z" + }, { "id": "DEBIAN-CVE-2026-6732", "modified": "2026-06-15T19:06:32.212693Z" @@ -2837,15 +2845,15 @@ interactions: }, { "id": "DEBIAN-CVE-2026-53612", - "modified": "2026-06-17T07:00:08.875942Z" + "modified": "2026-06-26T22:00:12.721900Z" }, { "id": "DEBIAN-CVE-2026-53613", - "modified": "2026-06-17T08:00:09.754851Z" + "modified": "2026-06-26T22:00:13.040059Z" }, { "id": "DEBIAN-CVE-2026-53614", - "modified": "2026-06-17T08:00:09.493161Z" + "modified": "2026-06-26T22:00:12.733790Z" }, { "id": "DEBIAN-CVE-2026-53615", @@ -2899,7 +2907,7 @@ interactions: } headers: Content-Length: - - "25083" + - "25224" Content-Type: - application/json status: 200 OK @@ -3970,7 +3978,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 24771 + content_length: 24912 body: | { "results": [ @@ -4176,6 +4184,10 @@ interactions: "id": "GHSA-vpvm-3wq2-2wvm", "modified": "2026-02-04T02:53:37.613379Z" }, + { + "id": "GHSA-xjvp-4fhw-gc47", + "modified": "2026-06-23T18:29:29.325196Z" + }, { "id": "GHSA-xr7r-f8xq-vfvv", "modified": "2026-02-04T03:18:48.377509Z" @@ -4629,6 +4641,10 @@ interactions: "id": "DEBIAN-CVE-2026-1757", "modified": "2026-06-15T19:06:07.689307Z" }, + { + "id": "DEBIAN-CVE-2026-6653", + "modified": "2026-06-23T05:00:15.700358Z" + }, { "id": "DEBIAN-CVE-2026-6732", "modified": "2026-06-15T19:06:32.212693Z" @@ -5537,15 +5553,15 @@ interactions: }, { "id": "DEBIAN-CVE-2026-53612", - "modified": "2026-06-17T07:00:08.875942Z" + "modified": "2026-06-26T22:00:12.721900Z" }, { "id": "DEBIAN-CVE-2026-53613", - "modified": "2026-06-17T08:00:09.754851Z" + "modified": "2026-06-26T22:00:13.040059Z" }, { "id": "DEBIAN-CVE-2026-53614", - "modified": "2026-06-17T08:00:09.493161Z" + "modified": "2026-06-26T22:00:12.733790Z" }, { "id": "DEBIAN-CVE-2026-53615", @@ -5599,7 +5615,7 @@ interactions: } headers: Content-Length: - - "24771" + - "24912" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml index b8b37642639..ce4c0d4d0f8 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml @@ -296,7 +296,7 @@ interactions: }, { "id": "CVE-2025-15467", - "modified": "2026-06-17T09:29:34.311321Z" + "modified": "2026-06-27T08:59:22.606167Z" }, { "id": "CVE-2025-68160", diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml index 9cb145c0f21..b75defe9a23 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml @@ -170,7 +170,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4488 + content_length: 4558 body: | { "results": [ @@ -325,6 +325,10 @@ interactions: "id": "GHSA-h822-r4r5-v8jg", "modified": "2026-02-04T02:19:17.186100Z" }, + { + "id": "GHSA-hgj6-7826-r7m5", + "modified": "2026-06-25T00:29:24.783131Z" + }, { "id": "GHSA-jjjh-jjxp-wpff", "modified": "2026-02-04T02:23:59.070528Z" @@ -471,7 +475,7 @@ interactions: } headers: Content-Length: - - "4488" + - "4558" Content-Type: - application/json status: 200 OK @@ -646,7 +650,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4488 + content_length: 4558 body: | { "results": [ @@ -801,6 +805,10 @@ interactions: "id": "GHSA-h822-r4r5-v8jg", "modified": "2026-02-04T02:19:17.186100Z" }, + { + "id": "GHSA-hgj6-7826-r7m5", + "modified": "2026-06-25T00:29:24.783131Z" + }, { "id": "GHSA-jjjh-jjxp-wpff", "modified": "2026-02-04T02:23:59.070528Z" @@ -947,7 +955,7 @@ interactions: } headers: Content-Length: - - "4488" + - "4558" Content-Type: - application/json status: 200 OK @@ -1122,7 +1130,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 4488 + content_length: 4558 body: | { "results": [ @@ -1277,6 +1285,10 @@ interactions: "id": "GHSA-h822-r4r5-v8jg", "modified": "2026-02-04T02:19:17.186100Z" }, + { + "id": "GHSA-hgj6-7826-r7m5", + "modified": "2026-06-25T00:29:24.783131Z" + }, { "id": "GHSA-jjjh-jjxp-wpff", "modified": "2026-02-04T02:23:59.070528Z" @@ -1423,7 +1435,7 @@ interactions: } headers: Content-Length: - - "4488" + - "4558" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml index d0ec48b8bfe..691f7840dbf 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml @@ -474,7 +474,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 666 + content_length: 1226 body: | { "results": [ @@ -505,10 +505,26 @@ interactions: "id": "GHSA-353f-x4gh-cqq8", "modified": "2026-02-04T03:08:45.682451Z" }, + { + "id": "GHSA-5prr-v3j2-97mh", + "modified": "2026-06-21T00:59:19.679931Z" + }, + { + "id": "GHSA-5v8h-3h3q-446p", + "modified": "2026-06-21T03:59:17.924033Z" + }, { "id": "GHSA-5w6v-399v-w3cc", "modified": "2026-02-04T02:49:28.572138Z" }, + { + "id": "GHSA-8678-w3jw-xfc2", + "modified": "2026-06-20T21:59:19.065214Z" + }, + { + "id": "GHSA-9cv2-cfxc-v4v2", + "modified": "2026-06-21T01:59:33.897972Z" + }, { "id": "GHSA-c4rq-3m3g-8wgx", "modified": "2026-05-09T10:44:28.215577Z" @@ -517,6 +533,14 @@ interactions: "id": "GHSA-mrxw-mxhj-p664", "modified": "2026-02-04T04:34:58.905946Z" }, + { + "id": "GHSA-p67v-3w7g-wjg7", + "modified": "2026-06-20T21:59:19.171261Z" + }, + { + "id": "GHSA-phwj-rprq-35pp", + "modified": "2026-06-21T01:59:33.972596Z" + }, { "id": "GHSA-v2fc-qm4h-8hqv", "modified": "2026-05-09T10:44:28.032980Z" @@ -525,6 +549,14 @@ interactions: "id": "GHSA-vvfq-8hwr-qm4m", "modified": "2026-02-04T03:58:31.466756Z" }, + { + "id": "GHSA-wfpw-mmfh-qq69", + "modified": "2026-06-21T01:59:34.106167Z" + }, + { + "id": "GHSA-wjv4-x9w8-wm3h", + "modified": "2026-06-21T01:59:34.550548Z" + }, { "id": "GHSA-wx95-c6cv-8532", "modified": "2026-02-25T10:44:01.279701Z" @@ -545,7 +577,7 @@ interactions: } headers: Content-Length: - - "666" + - "1226" Content-Type: - application/json status: 200 OK diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml index f082c189927..98790b17cba 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml @@ -979,7 +979,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.4.1" + "version": "8.4.2" }, { "package": { @@ -1158,7 +1158,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.4.1" + "version": "8.4.2" }, { "package": { @@ -1445,7 +1445,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.4.1" + "version": "8.4.2" }, { "package": {