diff --git a/data/excluded/GO-2024-2890.yaml b/data/excluded/GO-2024-2890.yaml new file mode 100644 index 00000000..8e573e74 --- /dev/null +++ b/data/excluded/GO-2024-2890.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2890 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-23326 diff --git a/data/excluded/GO-2024-2892.yaml b/data/excluded/GO-2024-2892.yaml new file mode 100644 index 00000000..d6dc7a7d --- /dev/null +++ b/data/excluded/GO-2024-2892.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2892 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-32974 diff --git a/data/excluded/GO-2024-2893.yaml b/data/excluded/GO-2024-2893.yaml new file mode 100644 index 00000000..1e2722cc --- /dev/null +++ b/data/excluded/GO-2024-2893.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2893 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-32975 diff --git a/data/excluded/GO-2024-2894.yaml b/data/excluded/GO-2024-2894.yaml new file mode 100644 index 00000000..8575fe8e --- /dev/null +++ b/data/excluded/GO-2024-2894.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2894 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-32976 diff --git a/data/excluded/GO-2024-2895.yaml b/data/excluded/GO-2024-2895.yaml new file mode 100644 index 00000000..fc6715d2 --- /dev/null +++ b/data/excluded/GO-2024-2895.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2895 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-34362 diff --git a/data/excluded/GO-2024-2896.yaml b/data/excluded/GO-2024-2896.yaml new file mode 100644 index 00000000..4dea2887 --- /dev/null +++ b/data/excluded/GO-2024-2896.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2896 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-34363 diff --git a/data/excluded/GO-2024-2897.yaml b/data/excluded/GO-2024-2897.yaml new file mode 100644 index 00000000..52958dda --- /dev/null +++ b/data/excluded/GO-2024-2897.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2897 +excluded: NOT_GO_CODE +modules: + - module: github.com/envoyproxy/envoy +cves: + - CVE-2024-34364 diff --git a/data/excluded/GO-2024-2925.yaml b/data/excluded/GO-2024-2925.yaml new file mode 100644 index 00000000..06202322 --- /dev/null +++ b/data/excluded/GO-2024-2925.yaml @@ -0,0 +1,6 @@ +id: GO-2024-2925 +excluded: NOT_GO_CODE +modules: + - module: github.com/apache/airflow +cves: + - CVE-2024-25142 diff --git a/data/osv/GO-2024-2922.json b/data/osv/GO-2024-2922.json new file mode 100644 index 00000000..413bf503 --- /dev/null +++ b/data/osv/GO-2024-2922.json @@ -0,0 +1,84 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-2922", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-37307", + "GHSA-wh78-7948-358j" + ], + "summary": "Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium", + "details": "Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium", + "affected": [ + { + "package": { + "name": "github.com/cilium/cilium", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "1.13.0" + }, + { + "fixed": "1.13.17" + }, + { + "introduced": "1.14.0" + }, + { + "fixed": "1.14.12" + }, + { + "introduced": "1.15.0" + }, + { + "fixed": "1.15.6" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37307" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b" + }, + { + "type": "FIX", + "url": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-2922", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-2923.json b/data/osv/GO-2024-2923.json new file mode 100644 index 00000000..fa1a8f8c --- /dev/null +++ b/data/osv/GO-2024-2923.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-2923", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-85rg-8m6h-825p" + ], + "summary": "Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt", + "details": "Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt", + "affected": [ + { + "package": { + "name": "github.com/k8sgpt-ai/k8sgpt", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.33" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p" + }, + { + "type": "WEB", + "url": "https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-2923", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2024-2922.yaml b/data/reports/GO-2024-2922.yaml new file mode 100644 index 00000000..979d1337 --- /dev/null +++ b/data/reports/GO-2024-2922.yaml @@ -0,0 +1,29 @@ +id: GO-2024-2922 +modules: + - module: github.com/cilium/cilium + versions: + - introduced: 1.13.0 + fixed: 1.13.17 + - introduced: 1.14.0 + fixed: 1.14.12 + - introduced: 1.15.0 + fixed: 1.15.6 + vulnerable_at: 1.15.5 +summary: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium +cves: + - CVE-2024-37307 +ghsas: + - GHSA-wh78-7948-358j +references: + - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-37307 + - fix: https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407 + - fix: https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a + - fix: https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741 + - fix: https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653 + - fix: https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b + - fix: https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61 +source: + id: GHSA-wh78-7948-358j + created: 2024-06-14T13:47:58.347002-04:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2923.yaml b/data/reports/GO-2024-2923.yaml new file mode 100644 index 00000000..c0823445 --- /dev/null +++ b/data/reports/GO-2024-2923.yaml @@ -0,0 +1,16 @@ +id: GO-2024-2923 +modules: + - module: github.com/k8sgpt-ai/k8sgpt + versions: + - fixed: 0.3.33 + vulnerable_at: 0.3.32 +summary: Vulnerabilities with the k8sGPT in github.com/k8sgpt-ai/k8sgpt +ghsas: + - GHSA-85rg-8m6h-825p +references: + - advisory: https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p + - web: https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33 +source: + id: GHSA-85rg-8m6h-825p + created: 2024-06-14T13:47:55.972779-04:00 +review_status: UNREVIEWED