internal/worker: fix readAfterWrite bug

When triaging GHSAs, make a list of all GHSAs that need to
be created or updated and do the database writes all at once.

We need to do this to avoid a readAfterWrite bug in which
we attempt to read CVE records after writing GHSA records.

Change-Id: Ib5745e19f3eb9460178d02f7a7e3bc6aa024a848
Run-TryBot: Tatiana Bradley <>
Reviewed-by: Damien Neil <>
TryBot-Result: Gopher Robot <>
Reviewed-by: Tatiana Bradley <>
1 file changed
tree: 9be1421a0978c4788a76e994aa93cb242b930a6f
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  14. go.mod
  15. go.sum
  19. tools_test.go

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

If you are interested accessing data from the Go Vulnerability Database, see x/vuln.

Check out for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at


Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See x/vuln for information on how to access these entries.