The Go Vulnerability Database

Clone this repo:


  1. 992bc2e all: remove wrapper functions to calculate GHSA ID by Tatiana Bradley · 16 hours ago master
  2. d3ed398 internal/observe: package for tracing and metrics by Jonathan Amsterdam · 5 days ago
  3. 9537546 data/excluded: add GO-2022-0998.yaml for CVE-2022-36056 by Tatiana Bradley · 15 hours ago
  4. 9d19cdf cmd/vulnreport: add "vulnreport osv" command by Tatiana Bradley · 20 hours ago
  5. e38f8c0 terraform: remove unused "dev" environment by Tatiana Bradley · 4 days ago

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

If you are interested accessing data from the Go Vulnerability Database, see x/vuln.

Check out for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at


Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See x/vuln for information on how to access these entries.