The Go Vulnerability Database

Clone this repo:


  1. 376ab8c internal/pkgsite: refactor cache to store endpoint instead of module by Tatiana Bradley · 8 days ago master
  2. 714f3b8 cmd/vulnreport: add command 'vulnreport duplicates' by Tatiana Bradley · 8 days ago
  3. 279e8c0 internal/{report,worker}: update worker to use report client by Tatiana Bradley · 8 days ago
  4. 69f7149 cmd/vulnreport: remove extraneous newlines from logs by Tatiana Bradley · 8 days ago
  5. 00eae41 data/excluded: batch add 15 excluded reports by Tatiana Bradley · 20 hours ago

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at


Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See for information on how to access these entries.