data/reports: add 17 reports
- data/reports/GO-2025-3938.yaml
- data/reports/GO-2025-3939.yaml
- data/reports/GO-2025-3941.yaml
- data/reports/GO-2025-3942.yaml
- data/reports/GO-2025-3943.yaml
- data/reports/GO-2025-3944.yaml
- data/reports/GO-2025-3945.yaml
- data/reports/GO-2025-3949.yaml
- data/reports/GO-2025-3950.yaml
- data/reports/GO-2025-3951.yaml
- data/reports/GO-2025-3952.yaml
- data/reports/GO-2025-3953.yaml
- data/reports/GO-2025-3954.yaml
- data/reports/GO-2025-3958.yaml
- data/reports/GO-2025-3959.yaml
- data/reports/GO-2025-3960.yaml
- data/reports/GO-2025-3961.yaml
Fixes golang/vulndb#3938
Fixes golang/vulndb#3939
Fixes golang/vulndb#3941
Fixes golang/vulndb#3942
Fixes golang/vulndb#3943
Fixes golang/vulndb#3944
Fixes golang/vulndb#3945
Fixes golang/vulndb#3949
Fixes golang/vulndb#3950
Fixes golang/vulndb#3951
Fixes golang/vulndb#3952
Fixes golang/vulndb#3953
Fixes golang/vulndb#3954
Fixes golang/vulndb#3958
Fixes golang/vulndb#3959
Fixes golang/vulndb#3960
Fixes golang/vulndb#3961
Change-Id: Ibf37c5e21e25c0b277506b7a3f78f790bb3080b7
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/704637
Reviewed-by: Markus Kusano <kusano@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2025-3938.json b/data/osv/GO-2025-3938.json
new file mode 100644
index 0000000..3d3b118
--- /dev/null
+++ b/data/osv/GO-2025-3938.json
@@ -0,0 +1,95 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3938",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-58437",
+ "GHSA-j6xf-jwrj-v5qp"
+ ],
+ "summary": "Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder",
+ "details": "Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/coder/coder",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/coder/coder/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "2.22.0"
+ },
+ {
+ "fixed": "2.24.4"
+ },
+ {
+ "introduced": "2.25.0"
+ },
+ {
+ "fixed": "2.25.2"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58437"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coder/coder/pull/19667"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coder/coder/pull/19668"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coder/coder/pull/19669"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3938",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3939.json b/data/osv/GO-2025-3939.json
new file mode 100644
index 0000000..5f4b7f8
--- /dev/null
+++ b/data/osv/GO-2025-3939.json
@@ -0,0 +1,56 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3939",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-7445",
+ "GHSA-rcw7-pqfp-735x"
+ ],
+ "summary": "secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller",
+ "details": "secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller",
+ "affected": [
+ {
+ "package": {
+ "name": "sigs.k8s.io/secrets-store-sync-controller",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.0.2"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/kubernetes-sigs/secrets-store-sync-controller/security/advisories/GHSA-rcw7-pqfp-735x"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7445"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/kubernetes/kubernetes/issues/133897"
+ },
+ {
+ "type": "WEB",
+ "url": "https://groups.google.com/g/kubernetes-security-announce/c/NP7cQvQ1aGA"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3939",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3941.json b/data/osv/GO-2025-3941.json
new file mode 100644
index 0000000..d8f764d
--- /dev/null
+++ b/data/osv/GO-2025-3941.json
@@ -0,0 +1,66 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3941",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-58450",
+ "GHSA-p46v-f2x8-qp98"
+ ],
+ "summary": "pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest",
+ "details": "pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/prest/prest",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/prest/prest/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/prest/prest/security/advisories/GHSA-p46v-f2x8-qp98"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58450"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/prest/prest/commit/47d02b87842900f77d76fc694d9aa7e983b0711c"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3941",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3942.json b/data/osv/GO-2025-3942.json
new file mode 100644
index 0000000..943b900
--- /dev/null
+++ b/data/osv/GO-2025-3942.json
@@ -0,0 +1,52 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3942",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-58063",
+ "GHSA-93mf-426m-g6x9"
+ ],
+ "summary": "CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion in github.com/coredns/coredns",
+ "details": "CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion in github.com/coredns/coredns",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/coredns/coredns",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "1.2.0"
+ },
+ {
+ "fixed": "1.12.4"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58063"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3942",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3943.json b/data/osv/GO-2025-3943.json
new file mode 100644
index 0000000..6cc1965
--- /dev/null
+++ b/data/osv/GO-2025-3943.json
@@ -0,0 +1,45 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3943",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-58430",
+ "GHSA-rf24-wg77-gq7w"
+ ],
+ "summary": "listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk",
+ "details": "listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/knadh/listmonk",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/knadh/listmonk/security/advisories/GHSA-rf24-wg77-gq7w"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58430"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3943",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3944.json b/data/osv/GO-2025-3944.json
new file mode 100644
index 0000000..5a5c291
--- /dev/null
+++ b/data/osv/GO-2025-3944.json
@@ -0,0 +1,69 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3944",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-54123",
+ "GHSA-r4h8-hfp2-ggmf"
+ ],
+ "summary": "Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly",
+ "details": "Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/SpectoLabs/hoverfly",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-r4h8-hfp2-ggmf"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54123"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/SpectoLabs/hoverfly/commit/17e60a9bc78826deb4b782dca1c1abd3dbe60d40"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/SpectoLabs/hoverfly/commit/a9d4da7bd7269651f54542ab790d0c613d568d3e"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/SpectoLabs/hoverfly/pull/1203"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/SpectoLabs/hoverfly/blob/master/core/hoverfly_service.go#L173"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/local_middleware.go#L13"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/middleware.go#L93"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3944",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3945.json b/data/osv/GO-2025-3945.json
new file mode 100644
index 0000000..6c2dc2a
--- /dev/null
+++ b/data/osv/GO-2025-3945.json
@@ -0,0 +1,52 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3945",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-54376",
+ "GHSA-jxmr-2h4q-rhxp"
+ ],
+ "summary": "WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly",
+ "details": "WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/SpectoLabs/hoverfly",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.12.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-jxmr-2h4q-rhxp"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54376"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/SpectoLabs/hoverfly/commit/ffc2cc34563de67fe1a04f7ba5d78fa2d4564424"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3945",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3949.json b/data/osv/GO-2025-3949.json
new file mode 100644
index 0000000..6451669
--- /dev/null
+++ b/data/osv/GO-2025-3949.json
@@ -0,0 +1,71 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3949",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-59361",
+ "GHSA-2gcv-3qpf-c5qr"
+ ],
+ "summary": "Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh",
+ "details": "Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/chaos-mesh/chaos-mesh before v2.7.3.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/chaos-mesh/chaos-mesh",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.7.3"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-2gcv-3qpf-c5qr"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59361"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/pull/4702"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3949",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3950.json b/data/osv/GO-2025-3950.json
new file mode 100644
index 0000000..daa5846
--- /dev/null
+++ b/data/osv/GO-2025-3950.json
@@ -0,0 +1,117 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3950",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-9076",
+ "GHSA-3vcm-c42p-3hhf"
+ ],
+ "summary": "Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.0.0-20250729073403-517ae758cd02.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "10.10.0+incompatible"
+ },
+ {
+ "fixed": "10.10.2+incompatible"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v5",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v6",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost/server/v8",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "8.0.0-20250729073403-517ae758cd02"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-3vcm-c42p-3hhf"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9076"
+ },
+ {
+ "type": "WEB",
+ "url": "https://mattermost.com/security-updates"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3950",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3951.json b/data/osv/GO-2025-3951.json
new file mode 100644
index 0000000..1772f25
--- /dev/null
+++ b/data/osv/GO-2025-3951.json
@@ -0,0 +1,71 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3951",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-59358",
+ "GHSA-2gg8-85m5-8r2p"
+ ],
+ "summary": "Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function in github.com/chaos-mesh/chaos-mesh",
+ "details": "Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function in github.com/chaos-mesh/chaos-mesh.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/chaos-mesh/chaos-mesh before v2.7.3.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/chaos-mesh/chaos-mesh",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.7.3"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-2gg8-85m5-8r2p"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59358"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/pull/4702"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3951",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3952.json b/data/osv/GO-2025-3952.json
new file mode 100644
index 0000000..46f5c44
--- /dev/null
+++ b/data/osv/GO-2025-3952.json
@@ -0,0 +1,71 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3952",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-59359",
+ "GHSA-369h-6j28-wwcg"
+ ],
+ "summary": "Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh",
+ "details": "Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/chaos-mesh/chaos-mesh before v2.7.3.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/chaos-mesh/chaos-mesh",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.7.3"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-369h-6j28-wwcg"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59359"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/pull/4702"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3952",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3953.json b/data/osv/GO-2025-3953.json
new file mode 100644
index 0000000..a640656
--- /dev/null
+++ b/data/osv/GO-2025-3953.json
@@ -0,0 +1,72 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3953",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-8396",
+ "GHSA-p768-c3pr-6459"
+ ],
+ "summary": "Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server",
+ "details": "Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server",
+ "affected": [
+ {
+ "package": {
+ "name": "go.temporal.io/server",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.26.3"
+ },
+ {
+ "introduced": "1.27.0-126.0"
+ },
+ {
+ "fixed": "1.27.3"
+ },
+ {
+ "introduced": "1.28.0-129.0"
+ },
+ {
+ "fixed": "1.28.1"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-p768-c3pr-6459"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8396"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/temporalio/temporal/releases/tag/v1.26.3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/temporalio/temporal/releases/tag/v1.27.3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/temporalio/temporal/releases/tag/v1.28.1"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3953",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3954.json b/data/osv/GO-2025-3954.json
new file mode 100644
index 0000000..b902053
--- /dev/null
+++ b/data/osv/GO-2025-3954.json
@@ -0,0 +1,71 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3954",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-59360",
+ "GHSA-xv9f-728h-9jgv"
+ ],
+ "summary": "Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh",
+ "details": "Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/chaos-mesh/chaos-mesh before v2.7.3.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/chaos-mesh/chaos-mesh",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "2.7.3"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-xv9f-728h-9jgv"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59360"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/chaos-mesh/chaos-mesh/pull/4702"
+ },
+ {
+ "type": "WEB",
+ "url": "https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3954",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3958.json b/data/osv/GO-2025-3958.json
new file mode 100644
index 0000000..4491fe1
--- /dev/null
+++ b/data/osv/GO-2025-3958.json
@@ -0,0 +1,130 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3958",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-9072",
+ "GHSA-69j8-prx2-vx98"
+ ],
+ "summary": "Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "10.5.0+incompatible"
+ },
+ {
+ "fixed": "10.5.10+incompatible"
+ },
+ {
+ "introduced": "10.9.0+incompatible"
+ },
+ {
+ "fixed": "10.9.5+incompatible"
+ },
+ {
+ "introduced": "10.10.0+incompatible"
+ },
+ {
+ "fixed": "10.10.2+incompatible"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v5",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v6",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost/server/v8",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "8.0.0-20250731063404-9eebaadf8f72"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-69j8-prx2-vx98"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9072"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/13cd76009d31754db46115bddef5287a8a29871a"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/9eebaadf8f720788e99b6997337c8df330271326"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/fda403fb6ec41bea8780bff198a26860f105e6e5"
+ },
+ {
+ "type": "WEB",
+ "url": "https://mattermost.com/security-updates"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3958",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3959.json b/data/osv/GO-2025-3959.json
new file mode 100644
index 0000000..62e12a0
--- /dev/null
+++ b/data/osv/GO-2025-3959.json
@@ -0,0 +1,146 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3959",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-9078",
+ "GHSA-9p92-x77w-9fw2"
+ ],
+ "summary": "Mattermost makes Use of Weak Hash in github.com/mattermost/mattermost-server",
+ "details": "Mattermost makes Use of Weak Hash in github.com/mattermost/mattermost-server",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "9.11.0+incompatible"
+ },
+ {
+ "fixed": "9.11.18+incompatible"
+ },
+ {
+ "introduced": "10.5.0+incompatible"
+ },
+ {
+ "fixed": "10.5.9+incompatible"
+ },
+ {
+ "introduced": "10.8.0+incompatible"
+ },
+ {
+ "fixed": "10.8.4+incompatible"
+ },
+ {
+ "introduced": "10.9.0+incompatible"
+ },
+ {
+ "fixed": "10.9.4+incompatible"
+ },
+ {
+ "introduced": "10.10.0+incompatible"
+ },
+ {
+ "fixed": "10.10.2+incompatible"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v5",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v6",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost/server/v8",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "8.0.0-20250718075842-cd87e5c87737"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-9p92-x77w-9fw2"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9078"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/356880c8430b77a4a390c89d5a33f6928188d137"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/944ad5cdd9876ef61c78c8275906262a4118755a"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/a8a4badc130be101e5bc4b7916bbcd2f966c4b79"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/cd87e5c877373f109742aa90a3fa136c14774325"
+ },
+ {
+ "type": "WEB",
+ "url": "https://mattermost.com/security-updates"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3959",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3960.json b/data/osv/GO-2025-3960.json
new file mode 100644
index 0000000..59317bc
--- /dev/null
+++ b/data/osv/GO-2025-3960.json
@@ -0,0 +1,121 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3960",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-9084",
+ "GHSA-hm95-jx66-g2gh"
+ ],
+ "summary": "Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server",
+ "details": "Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.0.0-202508080704-39bd251fe4f600.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "10.5.0+incompatible"
+ },
+ {
+ "fixed": "10.5.10+incompatible"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v5",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost-server/v6",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/mattermost/mattermost/server/v8",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "custom_ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "8.0.0-202508080704-39bd251fe4f600"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-hm95-jx66-g2gh"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9084"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/mattermost/mattermost/commit/39bd251fe4f66b7e847fc6d653221886347ff160"
+ },
+ {
+ "type": "WEB",
+ "url": "https://mattermost.com/security-updates"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3960",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/osv/GO-2025-3961.json b/data/osv/GO-2025-3961.json
new file mode 100644
index 0000000..9cc2b70
--- /dev/null
+++ b/data/osv/GO-2025-3961.json
@@ -0,0 +1,121 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2025-3961",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2025-4953",
+ "GHSA-m68q-4hqr-mc6f"
+ ],
+ "summary": "Podman Creates Temporary File with Insecure Permissions in github.com/containers/podman",
+ "details": "Podman Creates Temporary File with Insecure Permissions in github.com/containers/podman",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/containers/podman",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/containers/podman/v2",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/containers/podman/v3",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/containers/podman/v4",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ },
+ {
+ "package": {
+ "name": "github.com/containers/podman/v5",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-m68q-4hqr-mc6f"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4953"
+ },
+ {
+ "type": "WEB",
+ "url": "https://access.redhat.com/security/cve/CVE-2025-4953"
+ },
+ {
+ "type": "WEB",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367235"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3961",
+ "review_status": "UNREVIEWED"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2025-3938.yaml b/data/reports/GO-2025-3938.yaml
new file mode 100644
index 0000000..b941c62
--- /dev/null
+++ b/data/reports/GO-2025-3938.yaml
@@ -0,0 +1,31 @@
+id: GO-2025-3938
+modules:
+ - module: github.com/coder/coder
+ vulnerable_at: 0.27.3
+ - module: github.com/coder/coder/v2
+ versions:
+ - introduced: 2.22.0
+ - fixed: 2.24.4
+ - introduced: 2.25.0
+ - fixed: 2.25.2
+ vulnerable_at: 2.25.1
+summary: |-
+ Coder vulnerable to privilege escalation could lead to a cross workspace
+ compromise in github.com/coder/coder
+cves:
+ - CVE-2025-58437
+ghsas:
+ - GHSA-j6xf-jwrj-v5qp
+references:
+ - advisory: https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-58437
+ - fix: https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276
+ - fix: https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0
+ - fix: https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a
+ - fix: https://github.com/coder/coder/pull/19667
+ - fix: https://github.com/coder/coder/pull/19668
+ - fix: https://github.com/coder/coder/pull/19669
+source:
+ id: GHSA-j6xf-jwrj-v5qp
+ created: 2025-09-17T12:16:16.913193-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3939.yaml b/data/reports/GO-2025-3939.yaml
new file mode 100644
index 0000000..9f2d8f1
--- /dev/null
+++ b/data/reports/GO-2025-3939.yaml
@@ -0,0 +1,20 @@
+id: GO-2025-3939
+modules:
+ - module: sigs.k8s.io/secrets-store-sync-controller
+ versions:
+ - fixed: 0.0.2
+ vulnerable_at: 0.0.1
+summary: secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller
+cves:
+ - CVE-2025-7445
+ghsas:
+ - GHSA-rcw7-pqfp-735x
+references:
+ - advisory: https://github.com/kubernetes-sigs/secrets-store-sync-controller/security/advisories/GHSA-rcw7-pqfp-735x
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-7445
+ - web: https://github.com/kubernetes/kubernetes/issues/133897
+ - web: https://groups.google.com/g/kubernetes-security-announce/c/NP7cQvQ1aGA
+source:
+ id: GHSA-rcw7-pqfp-735x
+ created: 2025-09-17T12:16:10.326638-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3941.yaml b/data/reports/GO-2025-3941.yaml
new file mode 100644
index 0000000..5a66f8e
--- /dev/null
+++ b/data/reports/GO-2025-3941.yaml
@@ -0,0 +1,19 @@
+id: GO-2025-3941
+modules:
+ - module: github.com/prest/prest
+ vulnerable_at: 1.5.5
+ - module: github.com/prest/prest/v2
+ vulnerable_at: 2.0.0-rc5
+summary: pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest
+cves:
+ - CVE-2025-58450
+ghsas:
+ - GHSA-p46v-f2x8-qp98
+references:
+ - advisory: https://github.com/prest/prest/security/advisories/GHSA-p46v-f2x8-qp98
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-58450
+ - fix: https://github.com/prest/prest/commit/47d02b87842900f77d76fc694d9aa7e983b0711c
+source:
+ id: GHSA-p46v-f2x8-qp98
+ created: 2025-09-17T12:16:05.114725-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3942.yaml b/data/reports/GO-2025-3942.yaml
new file mode 100644
index 0000000..ddfb8d8
--- /dev/null
+++ b/data/reports/GO-2025-3942.yaml
@@ -0,0 +1,20 @@
+id: GO-2025-3942
+modules:
+ - module: github.com/coredns/coredns
+ versions:
+ - introduced: 1.2.0
+ - fixed: 1.12.4
+ vulnerable_at: 1.12.3
+summary: 'CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion in github.com/coredns/coredns'
+cves:
+ - CVE-2025-58063
+ghsas:
+ - GHSA-93mf-426m-g6x9
+references:
+ - advisory: https://github.com/coredns/coredns/security/advisories/GHSA-93mf-426m-g6x9
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-58063
+ - fix: https://github.com/coredns/coredns/commit/e1768a5d272e9da649dfb8588595e5c6e4e640bf
+source:
+ id: GHSA-93mf-426m-g6x9
+ created: 2025-09-17T12:15:59.903742-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3943.yaml b/data/reports/GO-2025-3943.yaml
new file mode 100644
index 0000000..91d44cf
--- /dev/null
+++ b/data/reports/GO-2025-3943.yaml
@@ -0,0 +1,18 @@
+id: GO-2025-3943
+modules:
+ - module: github.com/knadh/listmonk
+ unsupported_versions:
+ - last_affected: 1.1.0
+ vulnerable_at: 1.1.0
+summary: 'listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk'
+cves:
+ - CVE-2025-58430
+ghsas:
+ - GHSA-rf24-wg77-gq7w
+references:
+ - advisory: https://github.com/knadh/listmonk/security/advisories/GHSA-rf24-wg77-gq7w
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-58430
+source:
+ id: GHSA-rf24-wg77-gq7w
+ created: 2025-09-17T12:15:54.784427-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3944.yaml b/data/reports/GO-2025-3944.yaml
new file mode 100644
index 0000000..00f1bd9
--- /dev/null
+++ b/data/reports/GO-2025-3944.yaml
@@ -0,0 +1,26 @@
+id: GO-2025-3944
+modules:
+ - module: github.com/SpectoLabs/hoverfly
+ unsupported_versions:
+ - last_affected: 1.11.3
+ vulnerable_at: 1.12.0
+summary: |-
+ Hoverfly is vulnerable to Remote Code Execution through an insecure middleware
+ implementation in github.com/SpectoLabs/hoverfly
+cves:
+ - CVE-2025-54123
+ghsas:
+ - GHSA-r4h8-hfp2-ggmf
+references:
+ - advisory: https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-r4h8-hfp2-ggmf
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-54123
+ - fix: https://github.com/SpectoLabs/hoverfly/commit/17e60a9bc78826deb4b782dca1c1abd3dbe60d40
+ - fix: https://github.com/SpectoLabs/hoverfly/commit/a9d4da7bd7269651f54542ab790d0c613d568d3e
+ - fix: https://github.com/SpectoLabs/hoverfly/pull/1203
+ - web: https://github.com/SpectoLabs/hoverfly/blob/master/core/hoverfly_service.go#L173
+ - web: https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/local_middleware.go#L13
+ - web: https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/middleware.go#L93
+source:
+ id: GHSA-r4h8-hfp2-ggmf
+ created: 2025-09-17T12:15:47.472862-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3945.yaml b/data/reports/GO-2025-3945.yaml
new file mode 100644
index 0000000..013b6bb
--- /dev/null
+++ b/data/reports/GO-2025-3945.yaml
@@ -0,0 +1,21 @@
+id: GO-2025-3945
+modules:
+ - module: github.com/SpectoLabs/hoverfly
+ versions:
+ - fixed: 1.12.0
+ vulnerable_at: 1.11.3
+summary: |-
+ WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when
+ --auth is enabled in github.com/SpectoLabs/hoverfly
+cves:
+ - CVE-2025-54376
+ghsas:
+ - GHSA-jxmr-2h4q-rhxp
+references:
+ - advisory: https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-jxmr-2h4q-rhxp
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-54376
+ - fix: https://github.com/SpectoLabs/hoverfly/commit/ffc2cc34563de67fe1a04f7ba5d78fa2d4564424
+source:
+ id: GHSA-jxmr-2h4q-rhxp
+ created: 2025-09-17T12:15:42.25386-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3949.yaml b/data/reports/GO-2025-3949.yaml
new file mode 100644
index 0000000..fb8b268
--- /dev/null
+++ b/data/reports/GO-2025-3949.yaml
@@ -0,0 +1,21 @@
+id: GO-2025-3949
+modules:
+ - module: github.com/chaos-mesh/chaos-mesh
+ non_go_versions:
+ - fixed: 2.7.3
+ vulnerable_at: 1.2.4
+summary: Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh
+cves:
+ - CVE-2025-59361
+ghsas:
+ - GHSA-2gcv-3qpf-c5qr
+references:
+ - advisory: https://github.com/advisories/GHSA-2gcv-3qpf-c5qr
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-59361
+ - fix: https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28
+ - fix: https://github.com/chaos-mesh/chaos-mesh/pull/4702
+ - web: https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover
+source:
+ id: GHSA-2gcv-3qpf-c5qr
+ created: 2025-09-17T12:15:34.857225-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3950.yaml b/data/reports/GO-2025-3950.yaml
new file mode 100644
index 0000000..98a6515
--- /dev/null
+++ b/data/reports/GO-2025-3950.yaml
@@ -0,0 +1,28 @@
+id: GO-2025-3950
+modules:
+ - module: github.com/mattermost/mattermost-server
+ versions:
+ - introduced: 10.10.0+incompatible
+ - fixed: 10.10.2+incompatible
+ vulnerable_at: 10.10.2-rc4+incompatible
+ - module: github.com/mattermost/mattermost-server/v5
+ vulnerable_at: 5.39.3
+ - module: github.com/mattermost/mattermost-server/v6
+ vulnerable_at: 6.7.2
+ - module: github.com/mattermost/mattermost/server/v8
+ non_go_versions:
+ - fixed: 8.0.0-20250729073403-517ae758cd02
+ vulnerable_at: 8.0.0-20250917143630-f10997a35168
+summary: Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server
+cves:
+ - CVE-2025-9076
+ghsas:
+ - GHSA-3vcm-c42p-3hhf
+references:
+ - advisory: https://github.com/advisories/GHSA-3vcm-c42p-3hhf
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-9076
+ - web: https://mattermost.com/security-updates
+source:
+ id: GHSA-3vcm-c42p-3hhf
+ created: 2025-09-17T12:14:30.54893-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3951.yaml b/data/reports/GO-2025-3951.yaml
new file mode 100644
index 0000000..e67af6e
--- /dev/null
+++ b/data/reports/GO-2025-3951.yaml
@@ -0,0 +1,23 @@
+id: GO-2025-3951
+modules:
+ - module: github.com/chaos-mesh/chaos-mesh
+ non_go_versions:
+ - fixed: 2.7.3
+ vulnerable_at: 1.2.4
+summary: |-
+ Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical
+ Function in github.com/chaos-mesh/chaos-mesh
+cves:
+ - CVE-2025-59358
+ghsas:
+ - GHSA-2gg8-85m5-8r2p
+references:
+ - advisory: https://github.com/advisories/GHSA-2gg8-85m5-8r2p
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-59358
+ - fix: https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28
+ - fix: https://github.com/chaos-mesh/chaos-mesh/pull/4702
+ - web: https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover
+source:
+ id: GHSA-2gg8-85m5-8r2p
+ created: 2025-09-17T12:14:25.932633-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3952.yaml b/data/reports/GO-2025-3952.yaml
new file mode 100644
index 0000000..ffa415c
--- /dev/null
+++ b/data/reports/GO-2025-3952.yaml
@@ -0,0 +1,21 @@
+id: GO-2025-3952
+modules:
+ - module: github.com/chaos-mesh/chaos-mesh
+ non_go_versions:
+ - fixed: 2.7.3
+ vulnerable_at: 1.2.4
+summary: Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh
+cves:
+ - CVE-2025-59359
+ghsas:
+ - GHSA-369h-6j28-wwcg
+references:
+ - advisory: https://github.com/advisories/GHSA-369h-6j28-wwcg
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-59359
+ - fix: https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28
+ - fix: https://github.com/chaos-mesh/chaos-mesh/pull/4702
+ - web: https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover
+source:
+ id: GHSA-369h-6j28-wwcg
+ created: 2025-09-17T12:14:21.296989-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3953.yaml b/data/reports/GO-2025-3953.yaml
new file mode 100644
index 0000000..d4fa603
--- /dev/null
+++ b/data/reports/GO-2025-3953.yaml
@@ -0,0 +1,27 @@
+id: GO-2025-3953
+modules:
+ - module: go.temporal.io/server
+ versions:
+ - fixed: 1.26.3
+ - introduced: 1.27.0-126.0
+ - fixed: 1.27.3
+ - introduced: 1.28.0-129.0
+ - fixed: 1.28.1
+ vulnerable_at: 1.28.0
+summary: |-
+ Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or
+ Throttling in go.temporal.io/server
+cves:
+ - CVE-2025-8396
+ghsas:
+ - GHSA-p768-c3pr-6459
+references:
+ - advisory: https://github.com/advisories/GHSA-p768-c3pr-6459
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-8396
+ - web: https://github.com/temporalio/temporal/releases/tag/v1.26.3
+ - web: https://github.com/temporalio/temporal/releases/tag/v1.27.3
+ - web: https://github.com/temporalio/temporal/releases/tag/v1.28.1
+source:
+ id: GHSA-p768-c3pr-6459
+ created: 2025-09-17T12:14:15.075281-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3954.yaml b/data/reports/GO-2025-3954.yaml
new file mode 100644
index 0000000..ced5982
--- /dev/null
+++ b/data/reports/GO-2025-3954.yaml
@@ -0,0 +1,21 @@
+id: GO-2025-3954
+modules:
+ - module: github.com/chaos-mesh/chaos-mesh
+ non_go_versions:
+ - fixed: 2.7.3
+ vulnerable_at: 1.2.4
+summary: Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh
+cves:
+ - CVE-2025-59360
+ghsas:
+ - GHSA-xv9f-728h-9jgv
+references:
+ - advisory: https://github.com/advisories/GHSA-xv9f-728h-9jgv
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-59360
+ - fix: https://github.com/chaos-mesh/chaos-mesh/commit/67281c36f8068bf103149318cd0a466417213a28
+ - fix: https://github.com/chaos-mesh/chaos-mesh/pull/4702
+ - web: https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover
+source:
+ id: GHSA-xv9f-728h-9jgv
+ created: 2025-09-17T12:13:58.712068-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3958.yaml b/data/reports/GO-2025-3958.yaml
new file mode 100644
index 0000000..92b1814
--- /dev/null
+++ b/data/reports/GO-2025-3958.yaml
@@ -0,0 +1,36 @@
+id: GO-2025-3958
+modules:
+ - module: github.com/mattermost/mattermost-server
+ versions:
+ - introduced: 10.5.0+incompatible
+ - fixed: 10.5.10+incompatible
+ - introduced: 10.9.0+incompatible
+ - fixed: 10.9.5+incompatible
+ - introduced: 10.10.0+incompatible
+ - fixed: 10.10.2+incompatible
+ vulnerable_at: 10.10.2-rc4+incompatible
+ - module: github.com/mattermost/mattermost-server/v5
+ vulnerable_at: 5.39.3
+ - module: github.com/mattermost/mattermost-server/v6
+ vulnerable_at: 6.7.2
+ - module: github.com/mattermost/mattermost/server/v8
+ versions:
+ - fixed: 8.0.0-20250731063404-9eebaadf8f72
+summary: Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server
+cves:
+ - CVE-2025-9072
+ghsas:
+ - GHSA-69j8-prx2-vx98
+references:
+ - advisory: https://github.com/advisories/GHSA-69j8-prx2-vx98
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-9072
+ - web: https://github.com/mattermost/mattermost/commit/13cd76009d31754db46115bddef5287a8a29871a
+ - web: https://github.com/mattermost/mattermost/commit/9eebaadf8f720788e99b6997337c8df330271326
+ - web: https://github.com/mattermost/mattermost/commit/fda403fb6ec41bea8780bff198a26860f105e6e5
+ - web: https://mattermost.com/security-updates
+notes:
+ - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed'
+source:
+ id: GHSA-69j8-prx2-vx98
+ created: 2025-09-17T12:13:51.127137-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3959.yaml b/data/reports/GO-2025-3959.yaml
new file mode 100644
index 0000000..0d0c38d
--- /dev/null
+++ b/data/reports/GO-2025-3959.yaml
@@ -0,0 +1,41 @@
+id: GO-2025-3959
+modules:
+ - module: github.com/mattermost/mattermost-server
+ versions:
+ - introduced: 9.11.0+incompatible
+ - fixed: 9.11.18+incompatible
+ - introduced: 10.5.0+incompatible
+ - fixed: 10.5.9+incompatible
+ - introduced: 10.8.0+incompatible
+ - fixed: 10.8.4+incompatible
+ - introduced: 10.9.0+incompatible
+ - fixed: 10.9.4+incompatible
+ - introduced: 10.10.0+incompatible
+ - fixed: 10.10.2+incompatible
+ vulnerable_at: 10.10.2-rc4+incompatible
+ - module: github.com/mattermost/mattermost-server/v5
+ vulnerable_at: 5.39.3
+ - module: github.com/mattermost/mattermost-server/v6
+ vulnerable_at: 6.7.2
+ - module: github.com/mattermost/mattermost/server/v8
+ versions:
+ - fixed: 8.0.0-20250718075842-cd87e5c87737
+summary: Mattermost makes Use of Weak Hash in github.com/mattermost/mattermost-server
+cves:
+ - CVE-2025-9078
+ghsas:
+ - GHSA-9p92-x77w-9fw2
+references:
+ - advisory: https://github.com/advisories/GHSA-9p92-x77w-9fw2
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-9078
+ - web: https://github.com/mattermost/mattermost/commit/356880c8430b77a4a390c89d5a33f6928188d137
+ - web: https://github.com/mattermost/mattermost/commit/944ad5cdd9876ef61c78c8275906262a4118755a
+ - web: https://github.com/mattermost/mattermost/commit/a8a4badc130be101e5bc4b7916bbcd2f966c4b79
+ - web: https://github.com/mattermost/mattermost/commit/cd87e5c877373f109742aa90a3fa136c14774325
+ - web: https://mattermost.com/security-updates
+notes:
+ - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed'
+source:
+ id: GHSA-9p92-x77w-9fw2
+ created: 2025-09-17T12:13:11.150585-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3960.yaml b/data/reports/GO-2025-3960.yaml
new file mode 100644
index 0000000..c1f4fbb
--- /dev/null
+++ b/data/reports/GO-2025-3960.yaml
@@ -0,0 +1,29 @@
+id: GO-2025-3960
+modules:
+ - module: github.com/mattermost/mattermost-server
+ versions:
+ - introduced: 10.5.0+incompatible
+ - fixed: 10.5.10+incompatible
+ vulnerable_at: 10.5.10-rc2+incompatible
+ - module: github.com/mattermost/mattermost-server/v5
+ vulnerable_at: 5.39.3
+ - module: github.com/mattermost/mattermost-server/v6
+ vulnerable_at: 6.7.2
+ - module: github.com/mattermost/mattermost/server/v8
+ non_go_versions:
+ - fixed: 8.0.0-202508080704-39bd251fe4f600
+ vulnerable_at: 8.0.0-20250917143630-f10997a35168
+summary: Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server
+cves:
+ - CVE-2025-9084
+ghsas:
+ - GHSA-hm95-jx66-g2gh
+references:
+ - advisory: https://github.com/advisories/GHSA-hm95-jx66-g2gh
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-9084
+ - web: https://github.com/mattermost/mattermost/commit/39bd251fe4f66b7e847fc6d653221886347ff160
+ - web: https://mattermost.com/security-updates
+source:
+ id: GHSA-hm95-jx66-g2gh
+ created: 2025-09-17T12:11:45.408301-04:00
+review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3961.yaml b/data/reports/GO-2025-3961.yaml
new file mode 100644
index 0000000..ce7ca4a
--- /dev/null
+++ b/data/reports/GO-2025-3961.yaml
@@ -0,0 +1,28 @@
+id: GO-2025-3961
+modules:
+ - module: github.com/containers/podman
+ vulnerable_at: 1.9.3
+ - module: github.com/containers/podman/v2
+ vulnerable_at: 2.2.1
+ - module: github.com/containers/podman/v3
+ vulnerable_at: 3.4.7
+ - module: github.com/containers/podman/v4
+ vulnerable_at: 4.9.5
+ - module: github.com/containers/podman/v5
+ unsupported_versions:
+ - last_affected: 5.5.0
+ vulnerable_at: 5.6.1
+summary: Podman Creates Temporary File with Insecure Permissions in github.com/containers/podman
+cves:
+ - CVE-2025-4953
+ghsas:
+ - GHSA-m68q-4hqr-mc6f
+references:
+ - advisory: https://github.com/advisories/GHSA-m68q-4hqr-mc6f
+ - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-4953
+ - web: https://access.redhat.com/security/cve/CVE-2025-4953
+ - web: https://bugzilla.redhat.com/show_bug.cgi?id=2367235
+source:
+ id: GHSA-m68q-4hqr-mc6f
+ created: 2025-09-17T12:11:38.524496-04:00
+review_status: UNREVIEWED
