internal/osvutils: allow reports with no packages

An empty list of packages indicates a vulnerability affecting all
packages in a module.

Change-Id: Ibcea3e2a6558b8f858f9c833a3c2f76069e2af07
LUCI-TryBot-Result: Go LUCI <>
Reviewed-by: Tatiana Bradley <>
2 files changed
tree: 55bf2cfdc11d1998bfb7dad7a88eeafb7fc81324
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  14. go.mod
  15. go.sum
  19. tools_test.go

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at


Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See for information on how to access these entries.