This page is a work in progress.
The Go vulnerability database is a curated database of public Go security vulnerabilities, maintained by the Go Security team.
The Go vulnerability database is rooted at https://vuln.go.dev
and provides data as JSON. We recommend using client.Client to read data from the Go vulnerability database.
Do not rely on the contents of the x/vulndb repository. The YAML files in that repository are maintained using an internal format that is subject to change without warning.
The endpoints in the table below are supported. For each path:
$base
is the path portion of a Go vulnerability database URL (https://vuln.go.dev
).$module
is a module path$vuln
is a Go vulnerabilitiy ID (for example, GO-2021-1234
)Note that these paths and format are provisional and likely to change until an approved proposal.