all: use unprefixed SemVer 2.0.0 versions in reports

Standardize on the same version syntax as OSV: X.Y.Z, no "v" prefix.
Avoids confusion about what a "go"-prefixed version is: A tag (in
which case we need to support "go1.19rc1") or a weird semver version?

Fixes golang/go#52877.

Change-Id: I4053e765f93d8c20a890d5481d264f009831b5b8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/406155
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
diff --git a/internal/database/generate.go b/internal/database/generate.go
index 715f005..2aeaa9a 100644
--- a/internal/database/generate.go
+++ b/internal/database/generate.go
@@ -14,7 +14,6 @@
 	"path/filepath"
 	"strings"
 
-	"golang.org/x/mod/semver"
 	"golang.org/x/vuln/client"
 	"golang.org/x/vuln/osv"
 	"golang.org/x/vulndb/internal/derrors"
@@ -206,12 +205,10 @@
 	}
 	for _, v := range versions {
 		if v.Introduced != "" {
-			v.Introduced = canonicalizeSemverPrefix(v.Introduced)
-			a.Events = append(a.Events, osv.RangeEvent{Introduced: removeSemverPrefix(semver.Canonical(v.Introduced))})
+			a.Events = append(a.Events, osv.RangeEvent{Introduced: v.Introduced.Canonical()})
 		}
 		if v.Fixed != "" {
-			v.Fixed = canonicalizeSemverPrefix(v.Fixed)
-			a.Events = append(a.Events, osv.RangeEvent{Fixed: removeSemverPrefix(semver.Canonical(v.Fixed))})
+			a.Events = append(a.Events, osv.RangeEvent{Fixed: v.Fixed.Canonical()})
 		}
 	}
 	return osv.Affects{a}
@@ -232,29 +229,3 @@
 		},
 	}
 }
-
-// removeSemverPrefix removes the 'v' or 'go' prefixes from go-style
-// SEMVER strings, for usage in the public vulnerability format.
-func removeSemverPrefix(s string) string {
-	s = strings.TrimPrefix(s, "v")
-	s = strings.TrimPrefix(s, "go")
-	return s
-}
-
-// canonicalizeSemverPrefix turns a SEMVER string into the canonical
-// representation using the 'v' prefix, as used by the OSV format.
-// Input may be a bare SEMVER ("1.2.3"), Go prefixed SEMVER ("go1.2.3"),
-// or already canonical SEMVER ("v1.2.3").
-func canonicalizeSemverPrefix(s string) string {
-	return addSemverPrefix(removeSemverPrefix(s))
-}
-
-// addSemverPrefix adds a 'v' prefix to s if it isn't already prefixed
-// with 'v' or 'go'. This allows us to easily test go-style SEMVER
-// strings against normal SEMVER strings.
-func addSemverPrefix(s string) string {
-	if !strings.HasPrefix(s, "v") && !strings.HasPrefix(s, "go") {
-		return "v" + s
-	}
-	return s
-}
diff --git a/internal/database/generate_test.go b/internal/database/generate_test.go
index 86d0922..9206a7d 100644
--- a/internal/database/generate_test.go
+++ b/internal/database/generate_test.go
@@ -21,9 +21,9 @@
 			{
 				Module: "example.com/vulnerable/v2",
 				Versions: []report.VersionRange{
-					{Fixed: "v2.1.1"},
-					{Introduced: "v2.3.4", Fixed: "v2.3.5"},
-					{Introduced: "v2.5.0"},
+					{Fixed: "2.1.1"},
+					{Introduced: "2.3.4", Fixed: "2.3.5"},
+					{Introduced: "2.5.0"},
 				},
 				Symbols:        []string{"A", "B.b"},
 				DerivedSymbols: []string{"D"},
@@ -33,9 +33,9 @@
 				Package: "vanity.host/vulnerable/package",
 				Symbols: []string{"b", "A.b"},
 				Versions: []report.VersionRange{
-					{Fixed: "v2.1.1"},
-					{Introduced: "v2.3.4", Fixed: "v2.3.5"},
-					{Introduced: "v2.5.0"},
+					{Fixed: "2.1.1"},
+					{Introduced: "2.3.4", Fixed: "2.3.5"},
+					{Introduced: "2.5.0"},
 				},
 			},
 			{
@@ -43,7 +43,7 @@
 				Package: "example.com/also-vulnerable/package",
 				Symbols: []string{"z"},
 				Versions: []report.VersionRange{
-					{Fixed: "v2.1.1"},
+					{Fixed: "2.1.1"},
 				},
 			},
 		},
@@ -182,8 +182,8 @@
 func TestSemverCanonicalize(t *testing.T) {
 	in := []report.VersionRange{
 		{
-			Introduced: "go1.16",
-			Fixed:      "go1.17",
+			Introduced: "1.16.0",
+			Fixed:      "1.17.0",
 		},
 	}
 	expected := osv.Affects{
diff --git a/internal/report/cve.go b/internal/report/cve.go
index 55890db..b92ee14 100644
--- a/internal/report/cve.go
+++ b/internal/report/cve.go
@@ -97,13 +97,13 @@
 	for _, vr := range versions {
 		if vr.Introduced != "" {
 			vd.Data = append(vd.Data, cveschema.VersionDataItem{
-				VersionValue:    vr.Introduced,
+				VersionValue:    string(vr.Introduced),
 				VersionAffected: ">=",
 			})
 		}
 		if vr.Fixed != "" {
 			vd.Data = append(vd.Data, cveschema.VersionDataItem{
-				VersionValue:    vr.Fixed,
+				VersionValue:    string(vr.Fixed),
 				VersionAffected: "<",
 			})
 		}
diff --git a/internal/report/ghsa.go b/internal/report/ghsa.go
index 1658a1e..c52c7c7 100644
--- a/internal/report/ghsa.go
+++ b/internal/report/ghsa.go
@@ -57,7 +57,7 @@
 	items, err := parseVulnRange(vulnRange)
 	if err != nil {
 		return []VersionRange{{
-			Introduced: fmt.Sprintf("TODO (got error %q)", err),
+			Introduced: Version(fmt.Sprintf("TODO (got error %q)", err)),
 		}}
 	}
 
@@ -65,19 +65,19 @@
 
 	// Most common case: a single "<" item with a version that matches earliestFixed.
 	if len(items) == 1 && items[0].op == "<" && items[0].version == earliestFixed {
-		intro = "v0.0.0"
-		fixed = "v" + earliestFixed
+		intro = "0.0.0"
+		fixed = earliestFixed
 	}
 
 	// Two items, one >= and one <, with the latter matching earliestFixed.
 	if len(items) == 2 && items[0].op == ">=" && items[1].op == "<" && items[1].version == earliestFixed {
-		intro = "v" + items[0].version
-		fixed = "v" + earliestFixed
+		intro = items[0].version
+		fixed = earliestFixed
 	}
 
 	// A single "<=" item with no fixed version.
 	if len(items) == 1 && items[0].op == "<=" && earliestFixed == "" {
-		intro = "v0.0.0"
+		intro = "0.0.0"
 	}
 
 	if intro == "" {
@@ -85,11 +85,11 @@
 	}
 
 	// Unset intro if vuln was always present.
-	if intro == "v0.0.0" {
+	if intro == "0.0.0" {
 		intro = ""
 	}
 
-	return []VersionRange{{Introduced: intro, Fixed: fixed}}
+	return []VersionRange{{Introduced: Version(intro), Fixed: Version(fixed)}}
 }
 
 type vulnRangeItem struct {
diff --git a/internal/report/ghsa_test.go b/internal/report/ghsa_test.go
index 13d0f57..ebe338a 100644
--- a/internal/report/ghsa_test.go
+++ b/internal/report/ghsa_test.go
@@ -32,7 +32,7 @@
 			Module:  "aModule",
 			Package: "aPackage",
 			Versions: []VersionRange{
-				{Fixed: "v1.2.3"},
+				{Fixed: "1.2.3"},
 			},
 		}},
 		LastModified: &updatedTime,
@@ -72,11 +72,11 @@
 	for _, test := range []struct {
 		earliestFixed string
 		vulnRange     string
-		intro, fixed  string
+		intro, fixed  Version
 	}{
-		{"1.0.0", "< 1.0.0", "", "v1.0.0"},
+		{"1.0.0", "< 1.0.0", "", "1.0.0"},
 		{"", "<= 1.4.2", "", ""},
-		{"1.1.3", ">= 1.1.0, < 1.1.3", "v1.1.0", "v1.1.3"},
+		{"1.1.3", ">= 1.1.0, < 1.1.3", "1.1.0", "1.1.3"},
 		{
 			"1.2.3", "<= 2.3.4",
 			`TODO (earliest fixed "1.2.3", vuln range "<= 2.3.4")`, "",
diff --git a/internal/report/lint.go b/internal/report/lint.go
index de5cbe1..cc37654 100644
--- a/internal/report/lint.go
+++ b/internal/report/lint.go
@@ -115,17 +115,17 @@
 	if err != nil {
 		return fmt.Errorf("unable to retrieve module versions from proxy: %s", err)
 	}
-	checkVersion := func(version string) error {
-		if !semver.IsValid(version) {
+	checkVersion := func(version Version) error {
+		if !version.IsValid() {
 			return errors.New("invalid module semver")
 		}
-		if err := module.Check(path, version); err != nil {
+		if err := module.Check(path, version.V()); err != nil {
 			return err
 		}
-		if err := versionExists(version, realVersions); err != nil {
+		if err := versionExists(version.V(), realVersions); err != nil {
 			return err
 		}
-		canonicalPath, err := getCanonicalModName(path, version)
+		canonicalPath, err := getCanonicalModName(path, version.V())
 		if err != nil {
 			return err
 		}
@@ -181,7 +181,6 @@
 		addPkgIssue := func(iss string) {
 			issues = append(issues, fmt.Sprintf("packages[%v]: %v", i, iss))
 		}
-		versions := p.Versions
 		if !stdlib.Contains(p.Module) {
 			if p.Module == "" {
 				addPkgIssue("missing module")
@@ -207,41 +206,26 @@
 					addPkgIssue(err.Error())
 				}
 			}
-			for _, v := range p.Versions {
-				if v.Introduced != "" && !semver.IsValid(v.Introduced) {
-					addPkgIssue(fmt.Sprintf("invalid semantic version: %q", v.Introduced))
-				}
-				if v.Fixed != "" && !semver.IsValid(v.Fixed) {
-					addPkgIssue(fmt.Sprintf("invalid semantic version: %q", v.Fixed))
-				}
-			}
 		} else {
 			if p.Package == "" {
 				addPkgIssue("missing package")
 			}
-			versions = nil // replace with actual semver versions
-			for _, v := range p.Versions {
-				introduced := "v" + strings.TrimPrefix(v.Introduced, "go")
-				fixed := "v" + strings.TrimPrefix(v.Fixed, "go")
-				if v.Introduced != "" && (!strings.HasPrefix(v.Introduced, "go") || !semver.IsValid(introduced)) {
-					addPkgIssue(fmt.Sprintf("invalid Go version: %q", v.Introduced))
-				}
-				if v.Fixed != "" && (!strings.HasPrefix(v.Fixed, "go") || !semver.IsValid(fixed)) {
-					addPkgIssue(fmt.Sprintf("invalid Go version: %q", v.Fixed))
-				}
-				versions = append(versions, VersionRange{
-					Introduced: introduced,
-					Fixed:      fixed,
-				})
-			}
 		}
-		for i, v1 := range versions {
-			if v1.Fixed != "" && semver.Compare(v1.Introduced, v1.Fixed) >= 0 {
+		for i, v1 := range p.Versions {
+			for _, v := range []Version{v1.Introduced, v1.Fixed} {
+				if v == "" {
+					continue
+				}
+				if !v.IsValid() {
+					addPkgIssue(fmt.Sprintf("invalid semantic version: %q", v))
+				}
+			}
+			if v1.Introduced != "" && v1.Fixed != "" && !v1.Introduced.Before(v1.Fixed) {
 				addPkgIssue(fmt.Sprintf("version %q >= %q", p.Versions[i].Introduced, p.Versions[i].Fixed))
 				continue
 			}
-			for j, v2 := range versions[:i] {
-				if semver.Compare(v1.Fixed, v2.Introduced) > 0 && semver.Compare(v1.Introduced, v2.Fixed) < 0 {
+			for j, v2 := range p.Versions[:i] {
+				if v2.Introduced.Before(v1.Fixed) && v1.Introduced.Before(v2.Fixed) {
 					addPkgIssue(fmt.Sprintf("version ranges overlap: [%v,%v), [%v,%v)", p.Versions[i].Introduced, p.Versions[i].Fixed, p.Versions[j].Introduced, p.Versions[j].Fixed))
 				}
 			}
@@ -291,6 +275,28 @@
 	for _, l := range r.Links.Context {
 		fixed = append(fixed, fixURL(l))
 	}
+	fixVersion := func(vp *Version) {
+		v := *vp
+		if v == "" {
+			return
+		}
+		v = Version(strings.TrimPrefix(string(v), "v"))
+		v = Version(strings.TrimPrefix(string(v), "go"))
+		if v.IsValid() {
+			build := semver.Build(v.V())
+			v = Version(v.Canonical())
+			if build != "" {
+				v += Version("+" + build)
+			}
+		}
+		*vp = v
+	}
+	for i, p := range r.Packages {
+		for j, _ := range p.Versions {
+			fixVersion(&r.Packages[i].Versions[j].Introduced)
+			fixVersion(&r.Packages[i].Versions[j].Fixed)
+		}
+	}
 	r.Links.Context = fixed
 }
 
diff --git a/internal/report/lint_test.go b/internal/report/lint_test.go
index 8f045c2..43a858d 100644
--- a/internal/report/lint_test.go
+++ b/internal/report/lint_test.go
@@ -20,9 +20,9 @@
 				Module:  "std",
 				Package: "time",
 				Versions: []VersionRange{{
-					Fixed: "go1.2.1",
+					Fixed: "1.2.1",
 				}, {
-					Fixed: "go1.3.2",
+					Fixed: "1.3.2",
 				}},
 			}},
 		},
@@ -33,12 +33,12 @@
 				Module:  "std",
 				Package: "time",
 				Versions: []VersionRange{{
-					Introduced: "go1.3",
-					Fixed:      "go1.2.1",
+					Introduced: "1.3",
+					Fixed:      "1.2.1",
 				}},
 			}},
 		},
-		want: []string{`version "go1.3" >= "go1.2.1"`},
+		want: []string{`version "1.3" >= "1.2.1"`},
 	}} {
 		got := test.report.Lint()
 		var missing []string
diff --git a/internal/report/report.go b/internal/report/report.go
index 6816b76..0e29d6f 100644
--- a/internal/report/report.go
+++ b/internal/report/report.go
@@ -13,13 +13,38 @@
 	"strings"
 	"time"
 
+	"golang.org/x/mod/semver"
 	"golang.org/x/vulndb/internal/derrors"
 	"gopkg.in/yaml.v3"
 )
 
+// Version is an SemVer 2.0.0 semantic version with no leading "v" prefix,
+// as used by OSV.
+type Version string
+
+// V returns the version with a "v" prefix.
+func (v Version) V() string {
+	return "v" + string(v)
+}
+
+// IsValid reports whether v is a valid semantic version string.
+func (v Version) IsValid() bool {
+	return semver.IsValid(v.V())
+}
+
+// Before reports whether v < v2.
+func (v Version) Before(v2 Version) bool {
+	return semver.Compare(v.V(), v2.V()) < 0
+}
+
+// Canonical returns the canonical formatting of the version.
+func (v Version) Canonical() string {
+	return strings.TrimPrefix(semver.Canonical(v.V()), "v")
+}
+
 type VersionRange struct {
-	Introduced string `yaml:"introduced,omitempty"`
-	Fixed      string `yaml:"fixed,omitempty"`
+	Introduced Version `yaml:"introduced,omitempty"`
+	Fixed      Version `yaml:"fixed,omitempty"`
 }
 
 type Package struct {
diff --git a/internal/worker/worker_test.go b/internal/worker/worker_test.go
index 51671d6..58c5335 100644
--- a/internal/worker/worker_test.go
+++ b/internal/worker/worker_test.go
@@ -275,7 +275,7 @@
 packages:
   - package: aPackage
     versions:
-      - fixed: v1.2.3
+      - fixed: 1.2.3
 description: a description
 ghsas:
   - G1
diff --git a/reports/GO-2020-0001.yaml b/reports/GO-2020-0001.yaml
index c69d861..1bdba60 100644
--- a/reports/GO-2020-0001.yaml
+++ b/reports/GO-2020-0001.yaml
@@ -3,7 +3,7 @@
     symbols:
       - defaultLogFormatter
     versions:
-      - fixed: v1.6.0
+      - fixed: 1.6.0
 description: |
     The default Formatter for the Logger middleware (LoggerConfig.Formatter),
     which is included in the Default engine, allows attackers to inject arbitrary
diff --git a/reports/GO-2020-0002.yaml b/reports/GO-2020-0002.yaml
index 670eccc..c658ed4 100644
--- a/reports/GO-2020-0002.yaml
+++ b/reports/GO-2020-0002.yaml
@@ -1,7 +1,7 @@
 packages:
   - module: github.com/proglottis/gpgme
     versions:
-      - fixed: v0.1.1
+      - fixed: 0.1.1
 description: |
     The Data, Context, or Key finalizers might run during or before GPGME
     operations. This will release the C structures that are still in use, leading
diff --git a/reports/GO-2020-0003.yaml b/reports/GO-2020-0003.yaml
index d673b4a..f9e70da 100644
--- a/reports/GO-2020-0003.yaml
+++ b/reports/GO-2020-0003.yaml
@@ -1,7 +1,7 @@
 packages:
   - module: github.com/revel/revel
     versions:
-      - fixed: v1.0.0
+      - fixed: 1.0.0
 description: |
     An attacker can cause an application that accepts slice parameters
     (https://revel.github.io/manual/parameters.html#slices) to allocate large
diff --git a/reports/GO-2020-0004.yaml b/reports/GO-2020-0004.yaml
index 687f06b..32932b5 100644
--- a/reports/GO-2020-0004.yaml
+++ b/reports/GO-2020-0004.yaml
@@ -8,8 +8,8 @@
       - ListenAndServe
       - ListenAndServeTLS
     versions:
-      - introduced: v0.0.0-20160722212129-ac0cc4484ad4
-        fixed: v0.0.0-20200131131040-063a3fb69896
+      - introduced: 0.0.0-20160722212129-ac0cc4484ad4
+        fixed: 0.0.0-20200131131040-063a3fb69896
 description: |
     If any of the ListenAndServe functions are called with an empty token,
     token authentication is disabled globally for all listeners.
diff --git a/reports/GO-2020-0005.yaml b/reports/GO-2020-0005.yaml
index 8899eca..60548c7 100644
--- a/reports/GO-2020-0005.yaml
+++ b/reports/GO-2020-0005.yaml
@@ -5,7 +5,7 @@
       - WAL.ReadAll
       - decoder.decodeRecord
     versions:
-      - fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
+      - fixed: 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
 description: |
     Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
     out of bounds reads, or creation of arbitrarily sized slices, which may be used as
diff --git a/reports/GO-2020-0006.yaml b/reports/GO-2020-0006.yaml
index 30702b0..a87a0de 100644
--- a/reports/GO-2020-0006.yaml
+++ b/reports/GO-2020-0006.yaml
@@ -9,7 +9,7 @@
       - Server.ActivateAndServe
       - Server.ListenAndServe
     versions:
-      - fixed: v1.0.4-0.20180125103619-43913f2f4fbd
+      - fixed: 1.0.4-0.20180125103619-43913f2f4fbd
 description: |
     An attacker may prevent TCP connections to a Server by opening
     a connection and leaving it idle, until the connection is closed by
diff --git a/reports/GO-2020-0007.yaml b/reports/GO-2020-0007.yaml
index ff72395..b03ce71 100644
--- a/reports/GO-2020-0007.yaml
+++ b/reports/GO-2020-0007.yaml
@@ -8,7 +8,7 @@
       - ScmpFilter.AddRuleConditionalExact
       - ScmpFilter.AddRuleExact
     versions:
-      - fixed: v0.9.1-0.20170424173420-06e7a29f36a3
+      - fixed: 0.9.1-0.20170424173420-06e7a29f36a3
 description: |
     Filters containing rules with multiple syscall arguments are improperly
     constructed, such that all arguments are required to match rather than
diff --git a/reports/GO-2020-0008.yaml b/reports/GO-2020-0008.yaml
index 03107c0..e0e59dd 100644
--- a/reports/GO-2020-0008.yaml
+++ b/reports/GO-2020-0008.yaml
@@ -9,7 +9,7 @@
       - Msg.SetQuestion
       - Msg.SetUpdate
     versions:
-      - fixed: v1.1.25-0.20191211073109-8ebf2e419df7
+      - fixed: 1.1.25-0.20191211073109-8ebf2e419df7
 description: |
     DNS message transaction IDs are generated using math/rand which
     makes them relatively predictable. This reduces the complexity
diff --git a/reports/GO-2020-0009.yaml b/reports/GO-2020-0009.yaml
index d2f4cab..b7a60b1 100644
--- a/reports/GO-2020-0009.yaml
+++ b/reports/GO-2020-0009.yaml
@@ -4,7 +4,7 @@
     symbols:
       - cbcAEAD.computeAuthTag
     versions:
-      - fixed: v0.0.0-20160903044734-789a4c4bd4c1
+      - fixed: 0.0.0-20160903044734-789a4c4bd4c1
   - module: github.com/square/go-jose
     symbols:
       - JsonWebEncryption.Decrypt
diff --git a/reports/GO-2020-0010.yaml b/reports/GO-2020-0010.yaml
index b00ab4f..82c14cf 100644
--- a/reports/GO-2020-0010.yaml
+++ b/reports/GO-2020-0010.yaml
@@ -6,7 +6,7 @@
       - ecDecrypterSigner.decryptKey
       - rawJsonWebKey.ecPublicKey
     versions:
-      - fixed: v0.0.0-20160831185616-c7581939a365
+      - fixed: 0.0.0-20160831185616-c7581939a365
   - module: github.com/square/go-jose
     symbols:
       - JsonWebEncryption.Decrypt
diff --git a/reports/GO-2020-0011.yaml b/reports/GO-2020-0011.yaml
index 00bfbcf..d9687db 100644
--- a/reports/GO-2020-0011.yaml
+++ b/reports/GO-2020-0011.yaml
@@ -4,7 +4,7 @@
       - JsonWebEncryption.Decrypt
       - JsonWebSignature.Verify
     versions:
-      - fixed: v0.0.0-20160922232413-2c5656adca99
+      - fixed: 0.0.0-20160922232413-2c5656adca99
 description: |
     When decrypting JsonWebEncryption objects with multiple recipients
     or JsonWebSignature objects with multiple signatures the Decrypt
diff --git a/reports/GO-2020-0012.yaml b/reports/GO-2020-0012.yaml
index 5810e6c..ec4bea3 100644
--- a/reports/GO-2020-0012.yaml
+++ b/reports/GO-2020-0012.yaml
@@ -8,7 +8,7 @@
       - skEd25519PublicKey.Verify
       - NewPublicKey
     versions:
-      - fixed: v0.0.0-20200220183623-bac4c82f6975
+      - fixed: 0.0.0-20200220183623-bac4c82f6975
 description: |
     An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
     key, such that the library will panic when trying to verify a signature
diff --git a/reports/GO-2020-0013.yaml b/reports/GO-2020-0013.yaml
index ae9a823..756e18d 100644
--- a/reports/GO-2020-0013.yaml
+++ b/reports/GO-2020-0013.yaml
@@ -4,7 +4,7 @@
     symbols:
       - NewClientConn
     versions:
-      - fixed: v0.0.0-20170330155735-e4e2799dd7aa
+      - fixed: 0.0.0-20170330155735-e4e2799dd7aa
 description: |
     By default host key verification is disabled which allows for
     man-in-the-middle attacks against SSH clients if
diff --git a/reports/GO-2020-0014.yaml b/reports/GO-2020-0014.yaml
index eb13d8a..189016d 100644
--- a/reports/GO-2020-0014.yaml
+++ b/reports/GO-2020-0014.yaml
@@ -5,7 +5,7 @@
       - inSelectIM
       - inSelectInTableIM
     versions:
-      - fixed: v0.0.0-20190125091013-d26f9f9a57f3
+      - fixed: 0.0.0-20190125091013-d26f9f9a57f3
 description: |
     html.Parse does not properly handle "select" tags, which can lead
     to an infinite loop. If parsing user supplied input, this may be used
diff --git a/reports/GO-2020-0015.yaml b/reports/GO-2020-0015.yaml
index d7e33b4..8a3cd18 100644
--- a/reports/GO-2020-0015.yaml
+++ b/reports/GO-2020-0015.yaml
@@ -6,13 +6,13 @@
     derived_symbols:
       - bomOverride.Transform
     versions:
-      - fixed: v0.3.3
+      - fixed: 0.3.3
   - module: golang.org/x/text
     package: golang.org/x/text/transform
     symbols:
       - Transform
     versions:
-      - fixed: v0.3.3
+      - fixed: 0.3.3
 description: |
     An attacker could provide a single byte to a UTF16 decoder instantiated with
     UseBOM or ExpectBOM to trigger an infinite loop if the String function on
diff --git a/reports/GO-2020-0016.yaml b/reports/GO-2020-0016.yaml
index 7bac4d3..62308ae 100644
--- a/reports/GO-2020-0016.yaml
+++ b/reports/GO-2020-0016.yaml
@@ -7,7 +7,7 @@
       - blockHeader.UnmarshalBinary
       - streamReader.Read
     versions:
-      - fixed: v0.5.8
+      - fixed: 0.5.8
 description: |
     An attacker can construct a series of bytes such that calling
     Reader.Read on the bytes could cause an infinite loop. If
diff --git a/reports/GO-2020-0017.yaml b/reports/GO-2020-0017.yaml
index 36d94d9..c5a731e 100644
--- a/reports/GO-2020-0017.yaml
+++ b/reports/GO-2020-0017.yaml
@@ -3,12 +3,12 @@
     symbols:
       - MapClaims.VerifyAudience
     versions:
-      - introduced: v0.0.0-20150717181359-44718f8a89b0
+      - introduced: 0.0.0-20150717181359-44718f8a89b0
   - module: github.com/dgrijalva/jwt-go/v4
     symbols:
       - MapClaims.VerifyAudience
     versions:
-      - fixed: v4.0.0-preview1
+      - fixed: 4.0.0-preview1
 description: |
     If a JWT contains an audience claim with an array of strings, rather
     than a single string, and MapClaims.VerifyAudience is called with
diff --git a/reports/GO-2020-0018.yaml b/reports/GO-2020-0018.yaml
index e811da9..b168122 100644
--- a/reports/GO-2020-0018.yaml
+++ b/reports/GO-2020-0018.yaml
@@ -10,7 +10,7 @@
       - init
       - safeRandom
     versions:
-      - fixed: v1.2.1-0.20181016170032-d91630c85102
+      - fixed: 1.2.1-0.20181016170032-d91630c85102
 description: |
     UUIDs generated using NewV1 and NewV4 may not read the expected
     number of random bytes. These UUIDs may contain a significantly smaller
diff --git a/reports/GO-2020-0019.yaml b/reports/GO-2020-0019.yaml
index 59a4d82..403c2e7 100644
--- a/reports/GO-2020-0019.yaml
+++ b/reports/GO-2020-0019.yaml
@@ -25,7 +25,7 @@
       - proxy_envOnce.Get
       - proxy_socks5.Dial
     versions:
-      - fixed: v1.4.1
+      - fixed: 1.4.1
 description: |
     An attacker can craft malicious WebSocket frames that cause an integer
     overflow in a variable which tracks the number of bytes remaining. This
diff --git a/reports/GO-2020-0020.yaml b/reports/GO-2020-0020.yaml
index 3421f92..c9865e9 100644
--- a/reports/GO-2020-0020.yaml
+++ b/reports/GO-2020-0020.yaml
@@ -3,7 +3,7 @@
     symbols:
       - cors.ServeHTTP
     versions:
-      - fixed: v1.3.0
+      - fixed: 1.3.0
 description: |
     Usage of the CORS handler may apply improper CORS headers, allowing
     the requester to explicitly control the value of the Access-Control-Allow-Origin
diff --git a/reports/GO-2020-0021.yaml b/reports/GO-2020-0021.yaml
index f62017e..9158517 100644
--- a/reports/GO-2020-0021.yaml
+++ b/reports/GO-2020-0021.yaml
@@ -5,7 +5,7 @@
       - SearchRepositoryByName
       - SearchUserByName
     versions:
-      - fixed: v0.5.8
+      - fixed: 0.5.8
 description: |
     Due to improper santization of user input, a number of methods are
     vulnerable to SQL injection if used with user input that has not
diff --git a/reports/GO-2020-0022.yaml b/reports/GO-2020-0022.yaml
index 6661c8d..ba0056b 100644
--- a/reports/GO-2020-0022.yaml
+++ b/reports/GO-2020-0022.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Uncompress
     versions:
-      - fixed: v0.0.0-20140711154735-199f5f787806
+      - fixed: 0.0.0-20140711154735-199f5f787806
 description: |
     LZ4 bindings use a deprecated C API that is vulnerable to
     memory corruption, which could lead to arbitrary code execution
diff --git a/reports/GO-2020-0023.yaml b/reports/GO-2020-0023.yaml
index d514889..3992e0a 100644
--- a/reports/GO-2020-0023.yaml
+++ b/reports/GO-2020-0023.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Algorithm.validateSignature
     versions:
-      - fixed: v0.0.0-20170426191122-ca1404ee6e83
+      - fixed: 0.0.0-20170426191122-ca1404ee6e83
 description: |
     Token validation methods are susceptible to a timing side-channel
     during HMAC comparison. With a large enough number of requests
diff --git a/reports/GO-2020-0024.yaml b/reports/GO-2020-0024.yaml
index 5e0fa44..3c12129 100644
--- a/reports/GO-2020-0024.yaml
+++ b/reports/GO-2020-0024.yaml
@@ -5,14 +5,14 @@
       - proxiedConn.LocalAddr
       - proxiedConn.RemoteAddr
     versions:
-      - fixed: v0.0.0-20130808000456-233bccbb1abe
+      - fixed: 0.0.0-20130808000456-233bccbb1abe
   - module: github.com/btcsuitereleases/go-socks
     package: github.com/btcsuitereleases/go-socks/socks
     symbols:
       - proxiedConn.LocalAddr
       - proxiedConn.RemoteAddr
     versions:
-      - fixed: v0.0.0-20130808000456-233bccbb1abe
+      - fixed: 0.0.0-20130808000456-233bccbb1abe
 description: |
     The RemoteAddr and LocalAddr methods on the returned net.Conn may
     call themselves, leading to an infinite loop which will crash the
diff --git a/reports/GO-2020-0025.yaml b/reports/GO-2020-0025.yaml
index 6545ea1..f6426d5 100644
--- a/reports/GO-2020-0025.yaml
+++ b/reports/GO-2020-0025.yaml
@@ -4,13 +4,13 @@
       - tgzExtractor.Extract
       - zipExtractor.Extract
     versions:
-      - fixed: v0.0.0-20180523222229-09b5706aa936
+      - fixed: 0.0.0-20180523222229-09b5706aa936
   - module: code.cloudfoundry.org/archiver
     symbols:
       - tgzExtractor.Extract
       - zipExtractor.Extract
     versions:
-      - fixed: v0.0.0-20180523222229-09b5706aa936
+      - fixed: 0.0.0-20180523222229-09b5706aa936
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2020-0026.yaml b/reports/GO-2020-0026.yaml
index 389c13a..02e53f7 100644
--- a/reports/GO-2020-0026.yaml
+++ b/reports/GO-2020-0026.yaml
@@ -9,7 +9,7 @@
       - stiTar.ExtractTarStream
       - stiTar.ExtractTarStreamWithLogging
     versions:
-      - fixed: v1.1.10-0.20180427153919-f5cbcbc5cc6f
+      - fixed: 1.1.10-0.20180427153919-f5cbcbc5cc6f
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2020-0027.yaml b/reports/GO-2020-0027.yaml
index bfff53e..81d8140 100644
--- a/reports/GO-2020-0027.yaml
+++ b/reports/GO-2020-0027.yaml
@@ -6,7 +6,7 @@
       - SetProcessPrivileges
       - Handle.StopAsPamUser
     versions:
-      - fixed: v0.2.4
+      - fixed: 0.2.4
   - module: github.com/google/fscrypt
     package: github.com/google/fscrypt/security
     symbols:
diff --git a/reports/GO-2020-0028.yaml b/reports/GO-2020-0028.yaml
index e6e2704..12484cf 100644
--- a/reports/GO-2020-0028.yaml
+++ b/reports/GO-2020-0028.yaml
@@ -6,7 +6,7 @@
       - ParseZone
       - ReadRR
     versions:
-      - fixed: v1.0.10
+      - fixed: 1.0.10
 description: |
     Due to a nil pointer dereference, parsing a malformed zone file
     containing TA records may cause a panic. If parsing user supplied
diff --git a/reports/GO-2020-0029.yaml b/reports/GO-2020-0029.yaml
index 6498f9b..9194bdc 100644
--- a/reports/GO-2020-0029.yaml
+++ b/reports/GO-2020-0029.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Context.ClientIP
     versions:
-      - fixed: v0.0.0-20141229113116-0099840c98ae
+      - fixed: 0.0.0-20141229113116-0099840c98ae
 description: |
     Due to improper HTTP header santization, a malicious user can spoof their
     source IP address by setting the X-Forwarded-For header. This may allow
diff --git a/reports/GO-2020-0031.yaml b/reports/GO-2020-0031.yaml
index 859b5b9..b3ebb00 100644
--- a/reports/GO-2020-0031.yaml
+++ b/reports/GO-2020-0031.yaml
@@ -1,7 +1,7 @@
 packages:
   - module: github.com/proglottis/gpgme
     versions:
-      - fixed: v0.1.1
+      - fixed: 0.1.1
 description: |
     Due to improper setting of finalizers, memory passed to C may be freed before it is used,
     leading to crashes due to memory corruption or possible code execution.
diff --git a/reports/GO-2020-0032.yaml b/reports/GO-2020-0032.yaml
index 7b0f261..17a85fd 100644
--- a/reports/GO-2020-0032.yaml
+++ b/reports/GO-2020-0032.yaml
@@ -3,17 +3,17 @@
     symbols:
       - Controller.FileHandler
     versions:
-      - fixed: v1.4.3
+      - fixed: 1.4.3
   - module: goa.design/goa
     symbols:
       - Controller.FileHandler
     versions:
-      - fixed: v1.4.3
+      - fixed: 1.4.3
   - module: goa.design/goa/v3
     symbols:
       - Controller.FileHandler
     versions:
-      - fixed: v3.0.9
+      - fixed: 3.0.9
 description: |
     Due to improper santization of user input, Controller.FileHandler allows
     for directory traversal, allowing an attacker to read files outside of
diff --git a/reports/GO-2020-0033.yaml b/reports/GO-2020-0033.yaml
index 1259941..44c259f 100644
--- a/reports/GO-2020-0033.yaml
+++ b/reports/GO-2020-0033.yaml
@@ -7,7 +7,7 @@
       - Application.ServeHTTP
       - Application.Start
     versions:
-      - fixed: v0.12.4
+      - fixed: 0.12.4
 description: |
     Due to improper santization of user input, HTTPEngine.Handle allows
     for directory traversal, allowing an attacker to read files outside of
diff --git a/reports/GO-2020-0034.yaml b/reports/GO-2020-0034.yaml
index 504274e..80dd71d 100644
--- a/reports/GO-2020-0034.yaml
+++ b/reports/GO-2020-0034.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Unzip.Extract
     versions:
-      - fixed: v1.0.0
+      - fixed: 1.0.0
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2020-0035.yaml b/reports/GO-2020-0035.yaml
index 077e386..e098875 100644
--- a/reports/GO-2020-0035.yaml
+++ b/reports/GO-2020-0035.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Unzip.Extract
     versions:
-      - fixed: v1.0.3-0.20200308084313-2adbaa4891b9
+      - fixed: 1.0.3-0.20200308084313-2adbaa4891b9
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2020-0036.yaml b/reports/GO-2020-0036.yaml
index 2b99922..6c20348 100644
--- a/reports/GO-2020-0036.yaml
+++ b/reports/GO-2020-0036.yaml
@@ -7,7 +7,7 @@
       - Unmarshal
       - UnmarshalStrict
     versions:
-      - fixed: v2.2.8
+      - fixed: 2.2.8
   - module: github.com/go-yaml/yaml
     symbols:
       - yaml_parser_fetch_more_tokens
diff --git a/reports/GO-2020-0037.yaml b/reports/GO-2020-0037.yaml
index 6e031a8..56edd79 100644
--- a/reports/GO-2020-0037.yaml
+++ b/reports/GO-2020-0037.yaml
@@ -4,7 +4,7 @@
     symbols:
       - makeHTTPClient
     versions:
-      - fixed: v0.31.1
+      - fixed: 0.31.1
 description: |
     Due to support of Gzip compression in request bodies, as well
     as a lack of limiting response body sizes, a malicious server
diff --git a/reports/GO-2020-0038.yaml b/reports/GO-2020-0038.yaml
index 2657b5b..1261f53 100644
--- a/reports/GO-2020-0038.yaml
+++ b/reports/GO-2020-0038.yaml
@@ -9,7 +9,7 @@
       - Resume
       - Server
     versions:
-      - fixed: v1.5.2
+      - fixed: 1.5.2
 description: |
     Due to improper verification of packets, unencrypted packets containing
     application data are accepted after the initial handshake. This allows
diff --git a/reports/GO-2020-0039.yaml b/reports/GO-2020-0039.yaml
index 493a4a5..cdb508d 100644
--- a/reports/GO-2020-0039.yaml
+++ b/reports/GO-2020-0039.yaml
@@ -9,7 +9,7 @@
       - Macaron.ServeHTTP
       - Router.ServeHTTP
     versions:
-      - fixed: v1.3.7
+      - fixed: 1.3.7
 description: |
     Due to improper request santization, a specifically crafted URL
     can cause the static file handler to redirect to an attacker chosen
diff --git a/reports/GO-2020-0041.yaml b/reports/GO-2020-0041.yaml
index 8c63c94..69fb93f 100644
--- a/reports/GO-2020-0041.yaml
+++ b/reports/GO-2020-0041.yaml
@@ -14,7 +14,7 @@
       - TzArchive.Flush
       - TzArchive.Open
     versions:
-      - fixed: v1.0.1
+      - fixed: 1.0.1
   - module: github.com/unknwon/cae
     package: github.com/unknwon/cae/zip
     symbols:
@@ -30,7 +30,7 @@
       - ZipArchive.ExtractTo
       - ZipArchive.Flush
     versions:
-      - fixed: v1.0.1
+      - fixed: 1.0.1
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2020-0042.yaml b/reports/GO-2020-0042.yaml
index a2a2acb..38063a3 100644
--- a/reports/GO-2020-0042.yaml
+++ b/reports/GO-2020-0042.yaml
@@ -4,7 +4,7 @@
     symbols:
       - Extract
     versions:
-      - fixed: v0.1.0
+      - fixed: 0.1.0
 description: |
     Due to improper path santization, RPMs containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2020-0043.yaml b/reports/GO-2020-0043.yaml
index b27eb18..bed8969 100644
--- a/reports/GO-2020-0043.yaml
+++ b/reports/GO-2020-0043.yaml
@@ -6,7 +6,7 @@
       - Server.serveHTTP
       - assertConfigsCompatible
     versions:
-      - fixed: v0.10.13
+      - fixed: 0.10.13
 description: |
     Due to improper TLS verification when serving traffic for multiple
     SNIs, an attacker may bypass TLS client authentication by indicating
diff --git a/reports/GO-2020-0045.yaml b/reports/GO-2020-0045.yaml
index 2103cb6..68958a8 100644
--- a/reports/GO-2020-0045.yaml
+++ b/reports/GO-2020-0045.yaml
@@ -6,7 +6,7 @@
       - Context.Render
       - Context.RenderFromString
     versions:
-      - fixed: v0.3.0
+      - fixed: 0.3.0
 description: |
     CSRF tokens are generated using math/rand, which is not a cryptographically secure
     rander number generation, making predicting their values relatively trivial and
diff --git a/reports/GO-2020-0046.yaml b/reports/GO-2020-0046.yaml
index 1e98f38..846f45e 100644
--- a/reports/GO-2020-0046.yaml
+++ b/reports/GO-2020-0046.yaml
@@ -3,7 +3,7 @@
     symbols:
       - ValidationContext.validateSignature
     versions:
-      - fixed: v1.1.0
+      - fixed: 1.1.0
   - module: github.com/russellhaering/gosaml2
     symbols:
       - SAMLServiceProvider.validateAssertionSignatures
@@ -11,7 +11,7 @@
       - SAMLServiceProvider.RetrieveAssertionInfo
       - SAMLServiceProvider.ValidateEncodedResponse
     versions:
-      - fixed: v0.6.0
+      - fixed: 0.6.0
 description: |
     Due to a nil pointer dereference, a malformed XML Digital Signature
     can cause a panic during validation. If user supplied signatures are
diff --git a/reports/GO-2020-0048.yaml b/reports/GO-2020-0048.yaml
index 6bbcfb6..eda959e 100644
--- a/reports/GO-2020-0048.yaml
+++ b/reports/GO-2020-0048.yaml
@@ -3,7 +3,7 @@
     symbols:
       - LoadURL
     versions:
-      - fixed: v1.3.1
+      - fixed: 1.3.1
 description: |
     LoadURL does not check the Content-Type of loaded resources,
     which can cause a panic due to nil pointer deference if the loaded
diff --git a/reports/GO-2020-0049.yaml b/reports/GO-2020-0049.yaml
index 33c0eb7..6bd6c71 100644
--- a/reports/GO-2020-0049.yaml
+++ b/reports/GO-2020-0049.yaml
@@ -6,7 +6,7 @@
     derived_symbols:
       - CSRFHandler.ServeHTTP
     versions:
-      - fixed: v1.1.1
+      - fixed: 1.1.1
 description: |
     Due to improper validation of caller input, validation is silently disabled
     if the provided expected token is malformed, causing any user supplied token
diff --git a/reports/GO-2020-0050.yaml b/reports/GO-2020-0050.yaml
index af36911..888a561 100644
--- a/reports/GO-2020-0050.yaml
+++ b/reports/GO-2020-0050.yaml
@@ -3,7 +3,7 @@
     symbols:
       - ValidationContext.findSignature
     versions:
-      - fixed: v1.1.0
+      - fixed: 1.1.0
 description: |
     Due to the behavior of encoding/xml, a crafted XML document may cause
     XML Digital Signature validation to be entirely bypassed, causing an
diff --git a/reports/GO-2021-0051.yaml b/reports/GO-2021-0051.yaml
index b48ccf7..77acc6c 100644
--- a/reports/GO-2021-0051.yaml
+++ b/reports/GO-2021-0051.yaml
@@ -3,7 +3,7 @@
     symbols:
       - common.static
     versions:
-      - fixed: v4.1.18-0.20201215153152-4422e3b66b9f
+      - fixed: 4.1.18-0.20201215153152-4422e3b66b9f
 description: |
     Due to improper sanitization of user input on Windows, the static file handler
     allows for directory traversal, allowing an attacker to read files outside of
diff --git a/reports/GO-2021-0052.yaml b/reports/GO-2021-0052.yaml
index 4901289..20b62f1 100644
--- a/reports/GO-2021-0052.yaml
+++ b/reports/GO-2021-0052.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Context.ClientIP
     versions:
-      - fixed: v1.6.3-0.20210406033725-bfc8ca285eb4
+      - fixed: 1.6.3-0.20210406033725-bfc8ca285eb4
 description: |
     Due to improper HTTP header santization, a malicious user can spoof their
     source IP address by setting the X-Forwarded-For header. This may allow
diff --git a/reports/GO-2021-0053.yaml b/reports/GO-2021-0053.yaml
index b8ae5b7..b424d26 100644
--- a/reports/GO-2021-0053.yaml
+++ b/reports/GO-2021-0053.yaml
@@ -1,7 +1,7 @@
 packages:
   - module: github.com/gogo/protobuf
     versions:
-      - fixed: v1.3.2
+      - fixed: 1.3.2
 description: |
     Due to improper bounds checking, maliciously crafted input to generated
     Unmarshal methods can cause an out-of-bounds panic. If parsing messages
diff --git a/reports/GO-2021-0054.yaml b/reports/GO-2021-0054.yaml
index bb5a8fd..f1e8771 100644
--- a/reports/GO-2021-0054.yaml
+++ b/reports/GO-2021-0054.yaml
@@ -5,7 +5,7 @@
     derived_symbols:
       - Result.ForEach
     versions:
-      - fixed: v1.6.6
+      - fixed: 1.6.6
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may
diff --git a/reports/GO-2021-0056.yaml b/reports/GO-2021-0056.yaml
index 8cc1989..b9f93e4 100644
--- a/reports/GO-2021-0056.yaml
+++ b/reports/GO-2021-0056.yaml
@@ -4,7 +4,7 @@
     symbols:
       - provider.HandlePOST
     versions:
-      - fixed: v0.0.0-20201214082111-324b1c886b40
+      - fixed: 0.0.0-20201214082111-324b1c886b40
 description: |
     Due to the behavior of encoding/xml, a crafted XML document may cause
     XML Digital Signature validation to be entirely bypassed, causing an
diff --git a/reports/GO-2021-0057.yaml b/reports/GO-2021-0057.yaml
index 5b29316..4d0ae64 100644
--- a/reports/GO-2021-0057.yaml
+++ b/reports/GO-2021-0057.yaml
@@ -24,7 +24,7 @@
       - ObjectEach
       - Set
     versions:
-      - fixed: v1.1.1
+      - fixed: 1.1.1
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may
diff --git a/reports/GO-2021-0058.yaml b/reports/GO-2021-0058.yaml
index 64a18d5..30912a4 100644
--- a/reports/GO-2021-0058.yaml
+++ b/reports/GO-2021-0058.yaml
@@ -10,15 +10,15 @@
       - ServiceProvider.ParseResponse
       - ServiceProvider.ValidateLogoutResponseRequest
     versions:
-      - fixed: v0.4.3
+      - fixed: 0.4.3
   - module: github.com/crewjam/saml
     package: github.com/crewjam/saml/samlidp
     versions:
-      - fixed: v0.4.3
+      - fixed: 0.4.3
   - module: github.com/crewjam/saml
     package: github.com/crewjam/saml/samlsp
     versions:
-      - fixed: v0.4.3
+      - fixed: 0.4.3
 description: |
     Due to the behavior of encoding/xml, a crafted XML document may cause
     XML Digital Signature validation to be entirely bypassed, causing an
diff --git a/reports/GO-2021-0059.yaml b/reports/GO-2021-0059.yaml
index 01c0f50..5ed5225 100644
--- a/reports/GO-2021-0059.yaml
+++ b/reports/GO-2021-0059.yaml
@@ -3,7 +3,7 @@
     symbols:
       - sqaush
     versions:
-      - fixed: v1.6.4
+      - fixed: 1.6.4
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may
diff --git a/reports/GO-2021-0060.yaml b/reports/GO-2021-0060.yaml
index f09b5bb..2d61ee7 100644
--- a/reports/GO-2021-0060.yaml
+++ b/reports/GO-2021-0060.yaml
@@ -8,7 +8,7 @@
       - SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
       - SAMLServiceProvider.ValidateEncodedResponse
     versions:
-      - fixed: v0.6.0
+      - fixed: 0.6.0
 description: |
     Due to the behavior of encoding/xml, a crafted XML document may cause
     XML Digital Signature validation to be entirely bypassed, causing an
diff --git a/reports/GO-2021-0061.yaml b/reports/GO-2021-0061.yaml
index 7391528..b113adc 100644
--- a/reports/GO-2021-0061.yaml
+++ b/reports/GO-2021-0061.yaml
@@ -7,7 +7,7 @@
       - Unmarshal
       - UnmarshalStrict
     versions:
-      - fixed: v2.2.3
+      - fixed: 2.2.3
   - module: github.com/go-yaml/yaml
     symbols:
       - decoder.unmarshal
diff --git a/reports/GO-2021-0063.yaml b/reports/GO-2021-0063.yaml
index d39b7f0..618b6a1 100644
--- a/reports/GO-2021-0063.yaml
+++ b/reports/GO-2021-0063.yaml
@@ -6,7 +6,7 @@
     derived_symbols:
       - PrivateLightServerAPI.Benchmark
     versions:
-      - fixed: v1.9.25
+      - fixed: 1.9.25
 description: |
     Due to a nil pointer dereference, a malicously crafted RPC message
     can cause a panic. If handling RPC messages from untrusted clients,
diff --git a/reports/GO-2021-0064.yaml b/reports/GO-2021-0064.yaml
index a3c01fb..094502a 100644
--- a/reports/GO-2021-0064.yaml
+++ b/reports/GO-2021-0064.yaml
@@ -4,13 +4,13 @@
     symbols:
       - requestInfo.toCurl
     versions:
-      - fixed: v0.20.0-alpha.2
+      - fixed: 0.20.0-alpha.2
   - module: k8s.io/kubernetes
     package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
     symbols:
       - requestInfo.toCurl
     versions:
-      - fixed: v1.20.0-alpha.2
+      - fixed: 1.20.0-alpha.2
 description: |
     Authorization tokens may be inappropriately logged if the verbosity
     level is set to a debug level.
diff --git a/reports/GO-2021-0065.yaml b/reports/GO-2021-0065.yaml
index 34e20ba..d587e0b 100644
--- a/reports/GO-2021-0065.yaml
+++ b/reports/GO-2021-0065.yaml
@@ -4,13 +4,13 @@
     symbols:
       - debuggingRoundTripper.RoundTrip
     versions:
-      - fixed: v0.17.0
+      - fixed: 0.17.0
   - module: k8s.io/kubernetes
     package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
     symbols:
       - debuggingRoundTripper.RoundTrip
     versions:
-      - fixed: v1.16.0-beta.1
+      - fixed: 1.16.0-beta.1
 description: |
     Authorization tokens may be inappropriately logged if the verbosity
     level is set to a debug level.
diff --git a/reports/GO-2021-0066.yaml b/reports/GO-2021-0066.yaml
index e8a84d3..2dd8805 100644
--- a/reports/GO-2021-0066.yaml
+++ b/reports/GO-2021-0066.yaml
@@ -5,7 +5,7 @@
       - readDockerConfigFileFromBytes
       - readDockerConfigJSONFileFromBytes
     versions:
-      - fixed: v1.20.0-alpha.1
+      - fixed: 1.20.0-alpha.1
 description: |
     Attempting to read a malformed .dockercfg may cause secrets to be
     inappropriately logged.
diff --git a/reports/GO-2021-0067.yaml b/reports/GO-2021-0067.yaml
index 82eaf03..3fd7d9a 100644
--- a/reports/GO-2021-0067.yaml
+++ b/reports/GO-2021-0067.yaml
@@ -4,8 +4,8 @@
     symbols:
       - toValidName
     versions:
-      - introduced: go1.16
-        fixed: go1.16.1
+      - introduced: 1.16.0
+        fixed: 1.16.1
 description: |
     Using Reader.Open on an archive containing a file with a path
     prefixed by "../" will cause a panic due to a stack overflow.
diff --git a/reports/GO-2021-0068.yaml b/reports/GO-2021-0068.yaml
index e0632c7..822af93 100644
--- a/reports/GO-2021-0068.yaml
+++ b/reports/GO-2021-0068.yaml
@@ -3,9 +3,9 @@
   - module: std
     package: cmd/go
     versions:
-      - fixed: go1.14.14
-      - introduced: go1.15.0
-        fixed: go1.15.7
+      - fixed: 1.14.14
+      - introduced: 1.15.0
+        fixed: 1.15.7
 description: |
     The go command may execute arbitrary code at build time when using cgo on Windows.
     This can be triggered by running go get on a malicious module, or any other time
diff --git a/reports/GO-2021-0069.yaml b/reports/GO-2021-0069.yaml
index dc8453f..2998cd1 100644
--- a/reports/GO-2021-0069.yaml
+++ b/reports/GO-2021-0069.yaml
@@ -4,10 +4,10 @@
     symbols:
       - nat.divRecursiveStep
     versions:
-      - introduced: go1.14
-        fixed: go1.14.12
-      - introduced: go1.15
-        fixed: go1.15.5
+      - introduced: 1.14.0
+        fixed: 1.14.12
+      - introduced: 1.15.0
+        fixed: 1.15.5
 description: |
     A number of math/big.Int methods can panic when provided large inputs due
     to a flawed division method.
diff --git a/reports/GO-2021-0070.yaml b/reports/GO-2021-0070.yaml
index 097face..0b5c5c1 100644
--- a/reports/GO-2021-0070.yaml
+++ b/reports/GO-2021-0070.yaml
@@ -6,7 +6,7 @@
     derived_symbols:
       - GetExecUserPath
     versions:
-      - fixed: v0.1.0
+      - fixed: 0.1.0
 description: |
     GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
     improperly interpret numeric UIDs as usernames. If the method is used without
diff --git a/reports/GO-2021-0071.yaml b/reports/GO-2021-0071.yaml
index 0fc3c1d..621201c 100644
--- a/reports/GO-2021-0071.yaml
+++ b/reports/GO-2021-0071.yaml
@@ -4,7 +4,7 @@
     symbols:
       - IdmapSet.doUidshiftIntoContainer
     versions:
-      - fixed: v0.0.0-20151004155856-19c6961cc101
+      - fixed: 0.0.0-20151004155856-19c6961cc101
 description: |
     A race between chown and chmod operations during a container
     filesystem shift may allow a user who can modify the filesystem to
diff --git a/reports/GO-2021-0072.yaml b/reports/GO-2021-0072.yaml
index e7f2af1..eb0f8fe 100644
--- a/reports/GO-2021-0072.yaml
+++ b/reports/GO-2021-0072.yaml
@@ -9,7 +9,7 @@
       - imageManifestHandler.GetImageManifest
       - imageManifestHandler.PutImageManifest
     versions:
-      - fixed: v2.7.0-rc.0+incompatible
+      - fixed: 2.7.0-rc.0+incompatible
   - module: github.com/docker/distribution
     package: github.com/docker/distribution/registry/storage
     symbols:
@@ -26,7 +26,7 @@
       - registry.Enumerate
       - registry.Repositories
     versions:
-      - fixed: v2.7.0-rc.0+incompatible
+      - fixed: 2.7.0-rc.0+incompatible
 description: |
     Various storage methods do not impose limits on how much content is accepted
     from user requests, allowing a malicious user to force the caller to allocate
diff --git a/reports/GO-2021-0073.yaml b/reports/GO-2021-0073.yaml
index 09ac192..4ae6b36 100644
--- a/reports/GO-2021-0073.yaml
+++ b/reports/GO-2021-0073.yaml
@@ -4,7 +4,7 @@
     symbols:
       - sshGetLFSExeAndArgs
     versions:
-      - fixed: v2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
+      - fixed: 2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
 description: |
     Arbitrary command execution can be triggered by improperly
     sanitized SSH URLs in LFS configuration files. This can be
diff --git a/reports/GO-2021-0075.yaml b/reports/GO-2021-0075.yaml
index 6748c70..03fe9da 100644
--- a/reports/GO-2021-0075.yaml
+++ b/reports/GO-2021-0075.yaml
@@ -4,7 +4,7 @@
     symbols:
       - protocolManager.handleMsg
     versions:
-      - fixed: v1.8.11
+      - fixed: 1.8.11
 description: |
     Due to improper argument validation in RPC messages, a maliciously crafted
     message can cause a panic, leading to denial of service.
diff --git a/reports/GO-2021-0076.yaml b/reports/GO-2021-0076.yaml
index b20eba7..744146f 100644
--- a/reports/GO-2021-0076.yaml
+++ b/reports/GO-2021-0076.yaml
@@ -3,7 +3,7 @@
     symbols:
       - partialArray.add
     versions:
-      - fixed: v0.5.2
+      - fixed: 0.5.2
 description: |
     A malicious JSON patch can cause a panic due to an out-of-bounds
     write attempt. This can be used as a denial of service vector if
diff --git a/reports/GO-2021-0077.yaml b/reports/GO-2021-0077.yaml
index d4e8a71..4c578d7 100644
--- a/reports/GO-2021-0077.yaml
+++ b/reports/GO-2021-0077.yaml
@@ -4,7 +4,7 @@
     symbols:
       - authStore.AuthInfoFromTLS
     versions:
-      - fixed: v0.5.0-alpha.5.0.20190108173120-83c051b701d3
+      - fixed: 0.5.0-alpha.5.0.20190108173120-83c051b701d3
 description: |
     A user can use a valid client certificate that contains a CommonName that matches a
     valid RBAC username to authenticate themselves as that user, despite lacking the
diff --git a/reports/GO-2021-0078.yaml b/reports/GO-2021-0078.yaml
index dd230b9..e8d8544 100644
--- a/reports/GO-2021-0078.yaml
+++ b/reports/GO-2021-0078.yaml
@@ -5,7 +5,7 @@
       - inBodyIM
       - inFramesetIM
     versions:
-      - fixed: v0.0.0-20180816102801-aaf60122140d
+      - fixed: 0.0.0-20180816102801-aaf60122140d
 description: |
     The HTML parser does not properly handle "in frameset" insertion mode, and can be made
     to panic when operating on malformed HTML that contains <template> tags. If operating
diff --git a/reports/GO-2021-0079.yaml b/reports/GO-2021-0079.yaml
index d7d290b..bddd543 100644
--- a/reports/GO-2021-0079.yaml
+++ b/reports/GO-2021-0079.yaml
@@ -4,7 +4,7 @@
     symbols:
       - Network.checkTopicRegister
     versions:
-      - fixed: v1.0.4-0.20180831054840-1ac3c8ac4f2b
+      - fixed: 1.0.4-0.20180831054840-1ac3c8ac4f2b
 description: |
     A malformed query can cause an out-of-bounds panic due to improper
     validation of arguments. If processing queries from untrusted
diff --git a/reports/GO-2021-0081.yaml b/reports/GO-2021-0081.yaml
index c902cbd..33c9e234 100644
--- a/reports/GO-2021-0081.yaml
+++ b/reports/GO-2021-0081.yaml
@@ -4,7 +4,7 @@
     symbols:
       - dockerClient.getBearerToken
     versions:
-      - fixed: v2.0.2-0.20190802080134-634605d06e73+incompatible
+      - fixed: 2.0.2-0.20190802080134-634605d06e73+incompatible
 description: |
     The HTTP client used to connect to the container registry authorization
     service explicitly disables TLS verification, allowing an attacker that
diff --git a/reports/GO-2021-0082.yaml b/reports/GO-2021-0082.yaml
index af31db5..97b4a2e 100644
--- a/reports/GO-2021-0082.yaml
+++ b/reports/GO-2021-0082.yaml
@@ -2,7 +2,7 @@
   - module: github.com/facebook/fbthrift
     package: github.com/facebook/fbthrift/thrift/lib/go/thrift
     versions:
-      - fixed: v0.31.1-0.20200311080807-483ed864d69f
+      - fixed: 0.31.1-0.20200311080807-483ed864d69f
 description: |
     Thirft Servers preallocate memory for the declared size of messages before
     checking the actual size of the message. This allows a malicious user to
diff --git a/reports/GO-2021-0083.yaml b/reports/GO-2021-0083.yaml
index e4a40ee..7f227b5 100644
--- a/reports/GO-2021-0083.yaml
+++ b/reports/GO-2021-0083.yaml
@@ -4,7 +4,7 @@
     symbols:
       - Adaptor.newTLSConfig
     versions:
-      - fixed: v1.12.1-0.20190521122906-c1aa4f867846
+      - fixed: 1.12.1-0.20190521122906-c1aa4f867846
 description: |
     TLS certificate verification is skipped when connecting to a MQTT server.
     This allows an attacker who can MITM the connection to read, or forge,
diff --git a/reports/GO-2021-0084.yaml b/reports/GO-2021-0084.yaml
index 57c039a..b10d145 100644
--- a/reports/GO-2021-0084.yaml
+++ b/reports/GO-2021-0084.yaml
@@ -5,7 +5,7 @@
       - FileProvider.SessionRead
       - FileProvider.SessionRegenerate
     versions:
-      - fixed: v1.12.2-0.20200613154013-bac2b31afecc
+      - fixed: 1.12.2-0.20200613154013-bac2b31afecc
 description: |
     Session data is stored using permissive permissions, allowing local users
     with filesystem access to read arbitrary data.
diff --git a/reports/GO-2021-0085.yaml b/reports/GO-2021-0085.yaml
index c8c4405..02d0264 100644
--- a/reports/GO-2021-0085.yaml
+++ b/reports/GO-2021-0085.yaml
@@ -2,11 +2,11 @@
   - module: github.com/opencontainers/runc
     package: github.com/opencontainers/runc/libcontainer
     versions:
-      - fixed: v1.0.0-rc8.0.20190930145003-cad42f6e0932
+      - fixed: 1.0.0-rc8.0.20190930145003-cad42f6e0932
   - module: github.com/opencontainers/selinux
     package: github.com/opencontainers/selinux/go-selinux
     versions:
-      - fixed: v1.3.1-0.20190929122143-5215b1806f52
+      - fixed: 1.3.1-0.20190929122143-5215b1806f52
 description: |
     AppArmor restrictions may be bypassed due to improper validation of mount
     targets, allowing a malicious image to mount volumes over e.g. /proc.
diff --git a/reports/GO-2021-0086.yaml b/reports/GO-2021-0086.yaml
index c7b07a4..f8bc6cf 100644
--- a/reports/GO-2021-0086.yaml
+++ b/reports/GO-2021-0086.yaml
@@ -4,7 +4,7 @@
     symbols:
       - Provider.Render
     versions:
-      - fixed: v1.76.3-0.20191119114751-a4384210d4d0
+      - fixed: 1.76.3-0.20191119114751-a4384210d4d0
 description: |
     HTML content in markdown is not santized during rendering, possibly allowing
     XSS if used to render untrusted user input.
diff --git a/reports/GO-2021-0087.yaml b/reports/GO-2021-0087.yaml
index 1672e00..2411ba0 100644
--- a/reports/GO-2021-0087.yaml
+++ b/reports/GO-2021-0087.yaml
@@ -4,7 +4,7 @@
     symbols:
       - mountToRootfs
     versions:
-      - fixed: v1.0.0-rc9.0.20200122160610-2fc03cc11c77
+      - fixed: 1.0.0-rc9.0.20200122160610-2fc03cc11c77
 description: |
     A race while mounting volumes allows a possible symlink-exchange
     attack, allowing a user whom can start multiple containers with
diff --git a/reports/GO-2021-0088.yaml b/reports/GO-2021-0088.yaml
index ce1532c..fdf57a3 100644
--- a/reports/GO-2021-0088.yaml
+++ b/reports/GO-2021-0088.yaml
@@ -4,7 +4,7 @@
     symbols:
       - Skip
     versions:
-      - fixed: v0.31.1-0.20190225164308-c461c1bd1a3e
+      - fixed: 0.31.1-0.20190225164308-c461c1bd1a3e
 description: |
     Skip ignores unknown fields, rather than failing. A malicious user can craft small
     messages with unknown fields which can take significant resources to parse. If a
diff --git a/reports/GO-2021-0089.yaml b/reports/GO-2021-0089.yaml
index 4c63182..635fb42 100644
--- a/reports/GO-2021-0089.yaml
+++ b/reports/GO-2021-0089.yaml
@@ -3,7 +3,7 @@
     symbols:
       - findKeyStart
     versions:
-      - fixed: v0.0.0-20200321185410-91ac96899e49
+      - fixed: 0.0.0-20200321185410-91ac96899e49
 description: |
     Parsing malformed JSON which contain opening brackets, but not closing brackets,
     leads to an infinite loop. If operating on untrusted user input this can be
diff --git a/reports/GO-2021-0090.yaml b/reports/GO-2021-0090.yaml
index 35a316b..675fb13 100644
--- a/reports/GO-2021-0090.yaml
+++ b/reports/GO-2021-0090.yaml
@@ -6,8 +6,8 @@
     derived_symbols:
       - MakeCommit
     versions:
-      - introduced: v0.33.0
-        fixed: v0.34.0-dev1.0.20200702134149-480b995a3172
+      - introduced: 0.33.0
+        fixed: 0.34.0-dev1.0.20200702134149-480b995a3172
 description: |
     Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping
     these signatures, they cause failure during verification. A malicious proposer can use this to force
diff --git a/reports/GO-2021-0091.yaml b/reports/GO-2021-0091.yaml
index afc277e..035c47f 100644
--- a/reports/GO-2021-0091.yaml
+++ b/reports/GO-2021-0091.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Ctx.Attachment
     versions:
-      - fixed: v1.12.6-0.20200710202935-a8ad5454363f
+      - fixed: 1.12.6-0.20200710202935-a8ad5454363f
 description: |
     Due to improper input validation when uploading a file, a malicious user may
     force the server to return arbitrary HTTP headers when the uploaded
diff --git a/reports/GO-2021-0092.yaml b/reports/GO-2021-0092.yaml
index 3e58153..ffc427e 100644
--- a/reports/GO-2021-0092.yaml
+++ b/reports/GO-2021-0092.yaml
@@ -6,7 +6,7 @@
       - Fosite.NewAccessRequest
       - Fosite.NewRevocationRequest
     versions:
-      - fixed: v0.31.0
+      - fixed: 0.31.0
 description: |
     Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
     replayed.
diff --git a/reports/GO-2021-0094.yaml b/reports/GO-2021-0094.yaml
index 85ed58d..4b24f56 100644
--- a/reports/GO-2021-0094.yaml
+++ b/reports/GO-2021-0094.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Unpack
     versions:
-      - fixed: v0.5.0
+      - fixed: 0.5.0
 description: |
     Protections against directory traversal during archive extraction can be
     bypassed by chaining multiple symbolic links within the archive. This allows
diff --git a/reports/GO-2021-0095.yaml b/reports/GO-2021-0095.yaml
index 74a07c9..3d2357c 100644
--- a/reports/GO-2021-0095.yaml
+++ b/reports/GO-2021-0095.yaml
@@ -4,7 +4,7 @@
     symbols:
       - CreateWrapKey
     versions:
-      - fixed: v0.3.0
+      - fixed: 0.3.0
 description: |
     Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
     is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
diff --git a/reports/GO-2021-0096.yaml b/reports/GO-2021-0096.yaml
index 18cbc2f..eff1bd5 100644
--- a/reports/GO-2021-0096.yaml
+++ b/reports/GO-2021-0096.yaml
@@ -1,7 +1,7 @@
 packages:
   - module: github.com/proglottis/gpgme
     versions:
-      - fixed: v0.1.1
+      - fixed: 0.1.1
 description: |
     Due to improper setting of finalizers, memory passed to C may be freed before it is used,
     leading to crashes due to memory corruption or possible code execution.
diff --git a/reports/GO-2021-0097.yaml b/reports/GO-2021-0097.yaml
index 8a05206..7972c81 100644
--- a/reports/GO-2021-0097.yaml
+++ b/reports/GO-2021-0097.yaml
@@ -6,7 +6,7 @@
       - readTextWithDescrFrame
       - readAtomData
     versions:
-      - fixed: v0.0.0-20201120070457-d52dcb253c63
+      - fixed: 0.0.0-20201120070457-d52dcb253c63
 description: |
     Due to improper bounds checking, a number of methods can trigger a panic due to attempted
     out-of-bounds reads. If the package is used to parse user supplied input, this may be
diff --git a/reports/GO-2021-0098.yaml b/reports/GO-2021-0098.yaml
index b353d71..ed43b18 100644
--- a/reports/GO-2021-0098.yaml
+++ b/reports/GO-2021-0098.yaml
@@ -4,26 +4,26 @@
     symbols:
       - PipeCommand
     versions:
-      - fixed: v1.5.1-0.20210113180018-fc664697ed2c
+      - fixed: 1.5.1-0.20210113180018-fc664697ed2c
   - module: github.com/git-lfs/git-lfs
     package: github.com/git-lfs/git-lfs/creds
     symbols:
       - AskPassCredentialHelper.getFromProgram
       - commandCredentialHelper.Approve
     versions:
-      - fixed: v1.5.1-0.20210113180018-fc664697ed2c
+      - fixed: 1.5.1-0.20210113180018-fc664697ed2c
   - module: github.com/git-lfs/git-lfs
     package: github.com/git-lfs/git-lfs/lfs
     symbols:
       - pipeExtensions
     versions:
-      - fixed: v1.5.1-0.20210113180018-fc664697ed2c
+      - fixed: 1.5.1-0.20210113180018-fc664697ed2c
   - module: github.com/git-lfs/git-lfs
     package: github.com/git-lfs/git-lfs/lfshttp
     symbols:
       - sshAuthClient.Resolve
     versions:
-      - fixed: v1.5.1-0.20210113180018-fc664697ed2c
+      - fixed: 1.5.1-0.20210113180018-fc664697ed2c
 description: |
     Due to the standard library behavior of exec.LookPath on Windows a number of methods may
     result in arbitrary code execution when cloning or operating on untrusted Git repositories.
diff --git a/reports/GO-2021-0099.yaml b/reports/GO-2021-0099.yaml
index fe3896c..ebf71a3 100644
--- a/reports/GO-2021-0099.yaml
+++ b/reports/GO-2021-0099.yaml
@@ -6,7 +6,7 @@
     derived_symbols:
       - fileWriter.Commit
     versions:
-      - fixed: v0.9.0
+      - fixed: 0.9.0
 description: |
     Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore
     content store may result in directory traversal during archive extraction, allowing a
diff --git a/reports/GO-2021-0100.yaml b/reports/GO-2021-0100.yaml
index f7fbe59..22b4d2f 100644
--- a/reports/GO-2021-0100.yaml
+++ b/reports/GO-2021-0100.yaml
@@ -18,7 +18,7 @@
       - UntarPath
       - UntarUncompressed
     versions:
-      - fixed: v1.28.1
+      - fixed: 1.28.1
 description: |
     Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream
     on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker
diff --git a/reports/GO-2021-0101.yaml b/reports/GO-2021-0101.yaml
index 22799e5..ffb1cdf 100644
--- a/reports/GO-2021-0101.yaml
+++ b/reports/GO-2021-0101.yaml
@@ -51,8 +51,8 @@
       - TStandardClient.Recv
       - tApplicationException.Read
     versions:
-      - introduced: v0.0.0-20151001171628-53dd39833a08
-      - fixed: v0.13.0
+      - introduced: 0.0.0-20151001171628-53dd39833a08
+      - fixed: 0.13.0
 description: |
     Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If
     this package is used to parse untrusted input, this may be used as a vector for a denial of
diff --git a/reports/GO-2021-0102.yaml b/reports/GO-2021-0102.yaml
index a239896..766b53e 100644
--- a/reports/GO-2021-0102.yaml
+++ b/reports/GO-2021-0102.yaml
@@ -4,13 +4,13 @@
     symbols:
       - AesGCM.Decrypt
     versions:
-      - fixed: v0.0.0-20191101214924-b1b5c44e050f
+      - fixed: 0.0.0-20191101214924-b1b5c44e050f
   - module: github.com/cloudfoundry/gorouter
     package: github.com/cloudfoundry/gorouter/common/secure
     symbols:
       - AesGCM.Decrypt
     versions:
-      - fixed: v0.0.0-20191101214924-b1b5c44e050f
+      - fixed: 0.0.0-20191101214924-b1b5c44e050f
 description: |
     Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect
     nonce size. If this package is used to decrypt user supplied messages without checking the size of
diff --git a/reports/GO-2021-0103.yaml b/reports/GO-2021-0103.yaml
index d10c2e3..e18889d 100644
--- a/reports/GO-2021-0103.yaml
+++ b/reports/GO-2021-0103.yaml
@@ -10,8 +10,8 @@
       - Int.SDiv
       - Int.SMod
     versions:
-      - introduced: v0.1.0
-      - fixed: v1.1.1
+      - introduced: 0.1.0
+      - fixed: 1.1.1
 description: |
     Due to improper bounds checking, certain mathmatical operations can cause a panic via an
     out of bounds read. If this package is used to process untrusted user inputs, this may be used
diff --git a/reports/GO-2021-0104.yaml b/reports/GO-2021-0104.yaml
index d6bb98f..bd67f26 100644
--- a/reports/GO-2021-0104.yaml
+++ b/reports/GO-2021-0104.yaml
@@ -12,7 +12,7 @@
       - operations.Done
       - operations.Enqueue
     versions:
-      - fixed: v3.0.15
+      - fixed: 3.0.15
 description: |
     Due to improper error handling, DTLS connections were not killed when certificate verification
     failed, causing users who did not check the connection state to continue to use the connection.
diff --git a/reports/GO-2021-0105.yaml b/reports/GO-2021-0105.yaml
index 1e77b8f..110bd71 100644
--- a/reports/GO-2021-0105.yaml
+++ b/reports/GO-2021-0105.yaml
@@ -4,8 +4,8 @@
     symbols:
       - StateDB.createObject
     versions:
-      - introduced: v1.9.4
-      - fixed: v1.9.20
+      - introduced: 1.9.4
+      - fixed: 1.9.20
 description: |
     Due to an incorrect state calculation, a specific set of transactions could cause a consensus disagreement,
     causing users of this package to reject a canonical chain.
diff --git a/reports/GO-2021-0106.yaml b/reports/GO-2021-0106.yaml
index 1f0158f..f14050b 100644
--- a/reports/GO-2021-0106.yaml
+++ b/reports/GO-2021-0106.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Extractor.outputPath
     versions:
-      - fixed: v0.0.0-20201201191210-20a61371de5b
+      - fixed: 0.0.0-20201201191210-20a61371de5b
 description: |
     Due to improper path santization, archives containing relative file
     paths can cause files to be written (or overwritten) outside of the
diff --git a/reports/GO-2021-0107.yaml b/reports/GO-2021-0107.yaml
index f0f8117..3967ffc 100644
--- a/reports/GO-2021-0107.yaml
+++ b/reports/GO-2021-0107.yaml
@@ -5,7 +5,7 @@
     derived_symbols:
       - Server.Socket
     versions:
-      - fixed: v1.5.2
+      - fixed: 1.5.2
 description: |
     Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a
     nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or
diff --git a/reports/GO-2021-0108.yaml b/reports/GO-2021-0108.yaml
index 3986867..379cf56 100644
--- a/reports/GO-2021-0108.yaml
+++ b/reports/GO-2021-0108.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Ctx.Attachment
     versions:
-      - fixed: v1.12.6
+      - fixed: 1.12.6
 description: |
     Due to improper input sanitization, a maliciously constructed filename could cause a file
     download to use an attacker controlled filename, as well as injecting additional headers
diff --git a/reports/GO-2021-0109.yaml b/reports/GO-2021-0109.yaml
index 1c9a570..979ff78 100644
--- a/reports/GO-2021-0109.yaml
+++ b/reports/GO-2021-0109.yaml
@@ -3,7 +3,7 @@
     symbols:
       - TokenRevocationHandler.RevokeToken
     versions:
-      - fixed: v0.34.0
+      - fixed: 0.34.0
 description: |
     Due to improper error handling, an error with the underlying token storage may cause a user
     to believe a token has been successfully revoked when it is in fact still valid. An attackers
diff --git a/reports/GO-2021-0110.yaml b/reports/GO-2021-0110.yaml
index ea85c9a..ce3243a 100644
--- a/reports/GO-2021-0110.yaml
+++ b/reports/GO-2021-0110.yaml
@@ -6,7 +6,7 @@
       - Fosite.NewAccessRequest
       - Fosite.NewRevocationRequest
     versions:
-      - fixed: v0.31.0
+      - fixed: 0.31.0
 description: |
     Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
     replayed.
diff --git a/reports/GO-2021-0111.yaml b/reports/GO-2021-0111.yaml
index a020b41..20a59f1 100644
--- a/reports/GO-2021-0111.yaml
+++ b/reports/GO-2021-0111.yaml
@@ -41,7 +41,7 @@
       - valueWriter.WriteUndefined
       - valueWriter.WriteValueBytes
     versions:
-      - fixed: v1.5.1
+      - fixed: 1.5.1
 description: |
     Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
     Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
diff --git a/reports/GO-2021-0112.yaml b/reports/GO-2021-0112.yaml
index 1304f6a..6518365 100644
--- a/reports/GO-2021-0112.yaml
+++ b/reports/GO-2021-0112.yaml
@@ -80,7 +80,7 @@
       - DocumentBuilder.AppendValue
       - DocumentBuilder.StartDocument
     versions:
-      - fixed: v1.5.1
+      - fixed: 1.5.1
 description: |
     Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
     Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
diff --git a/reports/GO-2021-0113.yaml b/reports/GO-2021-0113.yaml
index b4bef0b..b85af7b 100644
--- a/reports/GO-2021-0113.yaml
+++ b/reports/GO-2021-0113.yaml
@@ -8,7 +8,7 @@
       - MustParse
       - ParseAcceptLanguage
     versions:
-      - fixed: v0.3.7
+      - fixed: 0.3.7
 description: |
     Due to improper index calculation, an incorrectly formatted language tag can cause Parse
     to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
diff --git a/reports/GO-2021-0140.yaml b/reports/GO-2021-0140.yaml
index 0c31df1..b4dacdf 100644
--- a/reports/GO-2021-0140.yaml
+++ b/reports/GO-2021-0140.yaml
@@ -4,9 +4,9 @@
     symbols:
       - Certificate.Verify
     versions:
-      - fixed: go1.13.13
-      - introduced: go1.14.0
-        fixed: go1.14.5
+      - fixed: 1.13.13
+      - introduced: 1.14.0
+        fixed: 1.14.5
 description: |
     X509 Certificate verification does not validate KeyUsages EKU
     requirements on Windows if VerifyOptions.Roots is nil.
diff --git a/reports/GO-2021-0141.yaml b/reports/GO-2021-0141.yaml
index b4829bd..58d7c96 100644
--- a/reports/GO-2021-0141.yaml
+++ b/reports/GO-2021-0141.yaml
@@ -4,9 +4,9 @@
     symbols:
       - expectContinueReader.Read
     versions:
-      - fixed: go1.13.13
-      - introduced: go1.14.0
-        fixed: go1.14.5
+      - fixed: 1.13.13
+      - introduced: 1.14.0
+        fixed: 1.14.5
 description: |
     A Go HTTP server which reads from the request body while
     simultaneously writing a response can panic when clients
diff --git a/reports/GO-2021-0143.yaml b/reports/GO-2021-0143.yaml
index 12875ac..8bc9319 100644
--- a/reports/GO-2021-0143.yaml
+++ b/reports/GO-2021-0143.yaml
@@ -4,17 +4,17 @@
     symbols:
       - response.Write
     versions:
-      - fixed: go1.14.8
-      - introduced: go1.15.0
-        fixed: go1.15.1
+      - fixed: 1.14.8
+      - introduced: 1.15.0
+        fixed: 1.15.1
   - module: std
     package: net/http/fcgi
     symbols:
       - response.Write
     versions:
-      - fixed: go1.14.8
-      - introduced: go1.15.0
-        fixed: go1.15.1
+      - fixed: 1.14.8
+      - introduced: 1.15.0
+        fixed: 1.15.1
 description: |
     When a Handler does not explicitly set the Content-Type header,
     the net/http/cgi and net/http/fcgi packages default to "text/html",
diff --git a/reports/GO-2021-0157.yaml b/reports/GO-2021-0157.yaml
index db2c748..505a354 100644
--- a/reports/GO-2021-0157.yaml
+++ b/reports/GO-2021-0157.yaml
@@ -5,7 +5,7 @@
       - CanonicalMIMEHeaderKey
       - canonicalMIMEHeaderKey
     versions:
-      - fixed: go1.4.3
+      - fixed: 1.4.3
 description: |
     The MIME header parser treated spaces and hyphens
     as equivalent, which can permit HTTP request smuggling.
diff --git a/reports/GO-2021-0159.yaml b/reports/GO-2021-0159.yaml
index 2885668..52e8f5b 100644
--- a/reports/GO-2021-0159.yaml
+++ b/reports/GO-2021-0159.yaml
@@ -12,7 +12,7 @@
       - transferWriter.shouldSendContentLength
       - validHeaderFieldByte
     versions:
-      - fixed: go1.4.3
+      - fixed: 1.4.3
 description: |
     HTTP headers were not properly parsed, which allows remote attackers to
     conduct HTTP request smuggling attacks via a request that contains
diff --git a/reports/GO-2021-0160.yaml b/reports/GO-2021-0160.yaml
index 8037b5d..874f06e 100644
--- a/reports/GO-2021-0160.yaml
+++ b/reports/GO-2021-0160.yaml
@@ -5,8 +5,8 @@
       - nat.expNNMontgomery
       - nat.montgomery
     versions:
-      - introduced: go1.5
-        fixed: go1.5.3
+      - introduced: 1.5.0
+        fixed: 1.5.3
 description: |
     Int.Exp Montgomery mishandled carry propagation and produced an incorrect
     output, which makes it easier for attackers to obtain private RSA keys via
diff --git a/reports/GO-2021-0163.yaml b/reports/GO-2021-0163.yaml
index cbbf883..37e90c3 100644
--- a/reports/GO-2021-0163.yaml
+++ b/reports/GO-2021-0163.yaml
@@ -4,9 +4,9 @@
     symbols:
       - LoadLibrary
     versions:
-      - fixed: go1.5.4
-      - introduced: go1.6.0
-        fixed: go1.6.1
+      - fixed: 1.5.4
+      - introduced: 1.6.0
+        fixed: 1.6.1
 description: |
     Untrusted search path vulnerability on Windows related to LoadLibrary allows
     local users to gain privileges via a malicious DLL in the current working
diff --git a/reports/GO-2021-0172.yaml b/reports/GO-2021-0172.yaml
index f2538ba..b70a1a8 100644
--- a/reports/GO-2021-0172.yaml
+++ b/reports/GO-2021-0172.yaml
@@ -4,9 +4,9 @@
     symbols:
       - Reader.readForm
     versions:
-      - fixed: go1.6.4
-      - introduced: go1.7.0
-        fixed: go1.7.4
+      - fixed: 1.6.4
+      - introduced: 1.7.0
+        fixed: 1.7.4
 description: |
     When parsing large multipart/form-data, an attacker can
     cause a HTTP server to open a large number of file
diff --git a/reports/GO-2021-0178.yaml b/reports/GO-2021-0178.yaml
index b373d72..577641c 100644
--- a/reports/GO-2021-0178.yaml
+++ b/reports/GO-2021-0178.yaml
@@ -4,10 +4,10 @@
     symbols:
       - plainAuth.Start
     versions:
-      - introduced: go1.1
-        fixed: go1.8.4
-      - introduced: go1.9.0
-        fixed: go1.9.1
+      - introduced: 1.1.0
+        fixed: 1.8.4
+      - introduced: 1.9.0
+        fixed: 1.9.1
 description: |
     SMTP clients using net/smtp can use the PLAIN authentication scheme on
     network connections not secured with TLS, exposing passwords to
diff --git a/reports/GO-2021-0223.yaml b/reports/GO-2021-0223.yaml
index 903ee5d..3634ea5 100644
--- a/reports/GO-2021-0223.yaml
+++ b/reports/GO-2021-0223.yaml
@@ -4,9 +4,9 @@
     symbols:
       - Certificate.systemVerify
     versions:
-      - fixed: go1.13.13
-      - introduced: go1.14.0
-        fixed: go1.14.5
+      - fixed: 1.13.13
+      - introduced: 1.14.0
+        fixed: 1.14.5
 description: |
     On Windows, if VerifyOptions.Roots is nil, Certificate.Verify
     does not check the EKU requirements specified in VerifyOptions.KeyUsages.
diff --git a/reports/GO-2021-0224.yaml b/reports/GO-2021-0224.yaml
index 8e5bd21..0c057ad 100644
--- a/reports/GO-2021-0224.yaml
+++ b/reports/GO-2021-0224.yaml
@@ -4,9 +4,9 @@
     symbols:
       - expectContinueReader.Read
     versions:
-      - fixed: go1.13.13
-      - introduced: go1.14.0
-        fixed: go1.14.5
+      - fixed: 1.13.13
+      - introduced: 1.14.0
+        fixed: 1.14.5
 description: |
     HTTP servers where the Handler concurrently reads the request
     body and writes a response can encounter a data race and crash.
diff --git a/reports/GO-2021-0225.yaml b/reports/GO-2021-0225.yaml
index e52414b..b97ffb1 100644
--- a/reports/GO-2021-0225.yaml
+++ b/reports/GO-2021-0225.yaml
@@ -4,9 +4,9 @@
     symbols:
       - ReadUvarint
     versions:
-      - fixed: go1.13.15
-      - introduced: go1.14.0
-        fixed: go1.14.7
+      - fixed: 1.13.15
+      - introduced: 1.14.0
+        fixed: 1.14.7
 description: |
     Certain invalid inputs to ReadUvarint or ReadVarint could cause those
     functions to read an unlimited number of bytes from the ByteReader argument
diff --git a/reports/GO-2021-0226.yaml b/reports/GO-2021-0226.yaml
index dd0f4d7..1d20f61 100644
--- a/reports/GO-2021-0226.yaml
+++ b/reports/GO-2021-0226.yaml
@@ -6,9 +6,9 @@
       - response.WriteHeader
       - response.writeCGIHeader
     versions:
-      - fixed: go1.14.8
-      - introduced: go1.15.0
-        fixed: go1.15.1
+      - fixed: 1.14.8
+      - introduced: 1.15.0
+        fixed: 1.15.1
   - module: std
     package: net/http/fcgi
     symbols:
@@ -16,9 +16,9 @@
       - response.WriteHeader
       - response.writeCGIHeader
     versions:
-      - fixed: go1.14.8
-      - introduced: go1.15.0
-        fixed: go1.15.1
+      - fixed: 1.14.8
+      - introduced: 1.15.0
+        fixed: 1.15.1
 description: |
     When a Handler does not explicitly set the Content-Type header, the the
     package would default to “text/html”, which could cause a Cross-Site Scripting
diff --git a/reports/GO-2021-0227.yaml b/reports/GO-2021-0227.yaml
index 80e3d7d..4ed89e1 100644
--- a/reports/GO-2021-0227.yaml
+++ b/reports/GO-2021-0227.yaml
@@ -4,7 +4,7 @@
     symbols:
       - connection.serverAuthenticate
     versions:
-      - fixed: v0.0.0-20201216223049-8b5274cf687f
+      - fixed: 0.0.0-20201216223049-8b5274cf687f
 description: |
     Clients can cause a panic in SSH servers. An attacker can craft
     an authentication request message for the “gssapi-with-mic” method
diff --git a/reports/GO-2021-0228.yaml b/reports/GO-2021-0228.yaml
index 4a73ff0..849cdb0 100644
--- a/reports/GO-2021-0228.yaml
+++ b/reports/GO-2021-0228.yaml
@@ -20,7 +20,7 @@
       - ZipArchive.Flush
       - ZipArchive.Open
     versions:
-      - fixed: v1.0.1
+      - fixed: 1.0.1
 description: |
     The ExtractTo function doesn't securely escape file paths in zip archives
     which include leading or non-leading "..". This allows an attacker to add or
diff --git a/reports/GO-2021-0234.yaml b/reports/GO-2021-0234.yaml
index 63702f8..95c3b6d 100644
--- a/reports/GO-2021-0234.yaml
+++ b/reports/GO-2021-0234.yaml
@@ -4,9 +4,9 @@
     symbols:
       - Decoder.Token
     versions:
-      - fixed: go1.15.9
-      - introduced: go1.16.0
-        fixed: go1.16.1
+      - fixed: 1.15.9
+      - introduced: 1.16.0
+        fixed: 1.16.1
 description: |
     The Decode, DecodeElement, and Skip methods of an xml.Decoder
     provided by xml.NewTokenDecoder may enter an infinite loop when
diff --git a/reports/GO-2021-0235.yaml b/reports/GO-2021-0235.yaml
index 6795732..14bc074 100644
--- a/reports/GO-2021-0235.yaml
+++ b/reports/GO-2021-0235.yaml
@@ -4,9 +4,9 @@
     symbols:
       - p224Contract
     versions:
-      - fixed: go1.14.14
-      - introduced: go1.15.0
-        fixed: go1.15.7
+      - fixed: 1.14.14
+      - introduced: 1.15.0
+        fixed: 1.15.7
 description: |
     The P224() Curve implementation can in rare circumstances generate
     incorrect outputs, including returning invalid points from
diff --git a/reports/GO-2021-0237.yaml b/reports/GO-2021-0237.yaml
index 62fa6a3..f73d1fb 100644
--- a/reports/GO-2021-0237.yaml
+++ b/reports/GO-2021-0237.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Route.execute
     versions:
-      - fixed: v1.1.1
+      - fixed: 1.1.1
 description: |
     Attackers may be able to craft phishing links and other open
     redirects by exploiting PowerMux's trailing slash redirection
diff --git a/reports/GO-2021-0238.yaml b/reports/GO-2021-0238.yaml
index eb9f768..df27303 100644
--- a/reports/GO-2021-0238.yaml
+++ b/reports/GO-2021-0238.yaml
@@ -4,7 +4,7 @@
     symbols:
       - inHeadIM
     versions:
-      - fixed: v0.0.0-20210520170846-37e1c6afe023
+      - fixed: 0.0.0-20210520170846-37e1c6afe023
 description: |
     An attacker can craft an input to ParseFragment that causes it
     to enter an infinite loop and never return.
diff --git a/reports/GO-2021-0239.yaml b/reports/GO-2021-0239.yaml
index 320a42c..e1a807c 100644
--- a/reports/GO-2021-0239.yaml
+++ b/reports/GO-2021-0239.yaml
@@ -8,9 +8,9 @@
       - Resolver.LookupNS
       - Resolver.LookupSRV
     versions:
-      - fixed: go1.15.13
-      - introduced: go1.16.0
-        fixed: go1.16.5
+      - fixed: 1.15.13
+      - introduced: 1.16.0
+        fixed: 1.16.5
 description: |
     The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr
     functions and their respective methods on the Resolver type may
diff --git a/reports/GO-2021-0240.yaml b/reports/GO-2021-0240.yaml
index 064868b..0a523b7 100644
--- a/reports/GO-2021-0240.yaml
+++ b/reports/GO-2021-0240.yaml
@@ -4,9 +4,9 @@
     symbols:
       - Reader.init
     versions:
-      - fixed: go1.15.13
-      - introduced: go1.16.0
-        fixed: go1.16.5
+      - fixed: 1.15.13
+      - introduced: 1.16.0
+        fixed: 1.16.5
 description: |
     NewReader and OpenReader can cause a panic or an unrecoverable
     fatal error when reading an archive that claims to contain a large
diff --git a/reports/GO-2021-0241.yaml b/reports/GO-2021-0241.yaml
index 77cd891..ef7cc23 100644
--- a/reports/GO-2021-0241.yaml
+++ b/reports/GO-2021-0241.yaml
@@ -4,9 +4,9 @@
     symbols:
       - ReverseProxy.ServeHTTP
     versions:
-      - fixed: go1.15.13
-      - introduced: go1.16.0
-        fixed: go1.16.5
+      - fixed: 1.15.13
+      - introduced: 1.16.0
+        fixed: 1.16.5
 description: |
     ReverseProxy can be made to forward certain hop-by-hop headers,
     including Connection. If the target of the ReverseProxy is
diff --git a/reports/GO-2021-0242.yaml b/reports/GO-2021-0242.yaml
index 87209c7..8bbf809 100644
--- a/reports/GO-2021-0242.yaml
+++ b/reports/GO-2021-0242.yaml
@@ -4,9 +4,9 @@
     symbols:
       - Rat.SetString
     versions:
-      - fixed: go1.15.13
-      - introduced: go1.16.0
-        fixed: go1.16.5
+      - fixed: 1.15.13
+      - introduced: 1.16.0
+        fixed: 1.16.5
 description: |
     Rat.SetString and Rat.UnmarshalText may cause a panic or an
     unrecoverable fatal error if passed inputs with very large
diff --git a/reports/GO-2021-0243.yaml b/reports/GO-2021-0243.yaml
index 066187a..6281fc8 100644
--- a/reports/GO-2021-0243.yaml
+++ b/reports/GO-2021-0243.yaml
@@ -4,9 +4,9 @@
     symbols:
       - rsaKeyAgreement.generateClientKeyExchange
     versions:
-      - fixed: go1.15.14
-      - introduced: go1.16.0
-        fixed: go1.16.6
+      - fixed: 1.15.14
+      - introduced: 1.16.0
+        fixed: 1.16.6
 description: |
     crypto/tls clients can panic when provided a certificate of the
     wrong type for the negotiated parameters. net/http clients
diff --git a/reports/GO-2021-0245.yaml b/reports/GO-2021-0245.yaml
index 16af7fa..a629c68 100644
--- a/reports/GO-2021-0245.yaml
+++ b/reports/GO-2021-0245.yaml
@@ -4,9 +4,9 @@
     symbols:
       - ReverseProxy.ServeHTTP
     versions:
-      - fixed: go1.15.15
-      - introduced: go1.16.0
-        fixed: go1.16.7
+      - fixed: 1.15.15
+      - introduced: 1.16.0
+        fixed: 1.16.7
 description: |
     ReverseProxy can panic after encountering a problem copying
     a proxied response body.
diff --git a/reports/GO-2021-0258.yaml b/reports/GO-2021-0258.yaml
index f27fad8..12af083 100644
--- a/reports/GO-2021-0258.yaml
+++ b/reports/GO-2021-0258.yaml
@@ -3,7 +3,7 @@
     symbols:
       - Manager.onUpdateRecords
     versions:
-      - fixed: v0.15.6
+      - fixed: 0.15.6
 description: |
     Pomerium is an open source identity-aware access proxy. Changes to the OIDC
     claims of a user after initial login are not reflected in policy evaluation
diff --git a/reports/GO-2021-0263.yaml b/reports/GO-2021-0263.yaml
index 68458db..1ba9861 100644
--- a/reports/GO-2021-0263.yaml
+++ b/reports/GO-2021-0263.yaml
@@ -4,9 +4,9 @@
     symbols:
       - NewFile
     versions:
-      - fixed: go1.16.10
-      - introduced: go1.17.0
-        fixed: go1.17.3
+      - fixed: 1.16.10
+      - introduced: 1.17.0
+        fixed: 1.17.3
 description: |
     Calling File.ImportedSymbols on a loaded file which contains an invalid
     dynamic symbol table command can cause a panic, in particular if the encoded
diff --git a/reports/GO-2021-0264.yaml b/reports/GO-2021-0264.yaml
index f24a159..d3d95fb 100644
--- a/reports/GO-2021-0264.yaml
+++ b/reports/GO-2021-0264.yaml
@@ -5,9 +5,9 @@
       - split
       - Reader.Open
     versions:
-      - fixed: go1.16.10
-      - introduced: go1.17.0
-        fixed: go1.17.3
+      - fixed: 1.16.10
+      - introduced: 1.17.0
+        fixed: 1.17.3
 description: |
     Previously, opening a zip with (*Reader).Open could result in a panic if the
     zip contained a file whose name was exclusively made up of slash characters or
diff --git a/reports/GO-2021-0265.yaml b/reports/GO-2021-0265.yaml
index 96fe2a4..596c150 100644
--- a/reports/GO-2021-0265.yaml
+++ b/reports/GO-2021-0265.yaml
@@ -3,7 +3,7 @@
     symbols:
       - match.Match
     versions:
-      - fixed: v1.9.3
+      - fixed: 1.9.3
 description: |
     GJSON allowed a ReDoS (regular expression denial of service) attack.
 published: 2022-01-14T17:30:24Z
diff --git a/reports/GO-2021-0321.yaml b/reports/GO-2021-0321.yaml
index cb0e0f2..95f1c3a 100644
--- a/reports/GO-2021-0321.yaml
+++ b/reports/GO-2021-0321.yaml
@@ -4,8 +4,8 @@
     symbols:
       - Dialer.config
     versions:
-      - introduced: v0.18.0
-        fixed: v0.21.1
+      - introduced: 0.18.0
+        fixed: 0.21.1
 description: |
     An attacker capable of spoofing DNS TXT records can redirect a
     WebSocket connection request to a server under their control without
diff --git a/reports/GO-2021-0356.yaml b/reports/GO-2021-0356.yaml
index 5ef2a11..9c9d9fd 100644
--- a/reports/GO-2021-0356.yaml
+++ b/reports/GO-2021-0356.yaml
@@ -6,7 +6,7 @@
     derived_symbols:
       - ServerConfig.AddHostKey
     versions:
-      - fixed: v0.0.0-20220314234659-1baeb1ce4c0b
+      - fixed: 0.0.0-20220314234659-1baeb1ce4c0b
 description: |
     Attackers can cause a crash in SSH servers when the server has been
     configured by passing a Signer to ServerConfig.AddHostKey such that
diff --git a/reports/GO-2021-0412.yaml b/reports/GO-2021-0412.yaml
index 08c248b..43a81b7 100644
--- a/reports/GO-2021-0412.yaml
+++ b/reports/GO-2021-0412.yaml
@@ -4,7 +4,7 @@
     symbols:
       - cryptManifestList
     versions:
-      - fixed: v1.1.4
+      - fixed: 1.1.4
 description: |
     The imgcrypt library provides API exensions for containerd to
     support encrypted container images and implements the ctd-decoder