golang
diff --git a/‎data/osv/GO-2025-4114.json‎
Lines changed: 93 additions & 0 deletions b/‎data/osv/GO-2025-4114.json‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎data/osv/GO-2025-4115.json‎
Lines changed: 70 additions & 0 deletions b/‎data/osv/GO-2025-4115.json‎
Lines changed: 70 additions & 0 deletions
diff --git a/‎data/osv/GO-2025-4117.json‎
Lines changed: 69 additions & 0 deletions b/‎data/osv/GO-2025-4117.json‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎data/osv/GO-2025-4118.json‎
Lines changed: 64 additions & 0 deletions b/‎data/osv/GO-2025-4118.json‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎data/osv/GO-2025-4119.json‎
Lines changed: 51 additions & 0 deletions b/‎data/osv/GO-2025-4119.json‎
Lines changed: 51 additions & 0 deletions
@@ -0,0 +1,93 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-4114",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2025-64513",
+    "GHSA-mhjq-8c7m-3f7p"
+  ],
+  "summary": "Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus",
+  "details": "Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/milvus-io/milvus before v2.4.24, from v2.5.0 before v2.5.21, from v2.6.0 before v2.6.5.",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/milvus-io/milvus",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.10.3-0.20251107071934-6102f001a971"
+            },
+            {
+              "introduced": "0.10.4"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "0"
+              },
+              {
+                "fixed": "2.4.24"
+              },
+              {
+                "introduced": "2.5.0"
+              },
+              {
+                "fixed": "2.5.21"
+              },
+              {
+                "introduced": "2.6.0"
+              },
+              {
+                "fixed": "2.6.5"
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64513"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/milvus-io/milvus/commit/6102f001a971c8c8055a4a4cae704442d5cab793"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/milvus-io/milvus/pull/45379"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/milvus-io/milvus/pull/45383"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/milvus-io/milvus/pull/45391"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-4114",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,70 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-4115",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2025-64507",
+    "GHSA-56mx-8g9f-5crf"
+  ],
+  "summary": "Incus vulnerable to local privilege escalation through custom storage volumes in github.com/lxc/incus",
+  "details": "Incus vulnerable to local privilege escalation through custom storage volumes in github.com/lxc/incus",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/lxc/incus",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/lxc/incus/v6",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "6.1.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64507"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/lxc/incus/pull/2642"
+    },
+    {
+      "type": "REPORT",
+      "url": "https://github.com/lxc/incus/issues/2641"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-4115",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,69 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-4117",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2025-64523",
+    "GHSA-6cqf-cfhv-659g"
+  ],
+  "summary": "File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser",
+  "details": "File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/filebrowser/filebrowser",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/filebrowser/filebrowser/v2",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.45.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-6cqf-cfhv-659g"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64523"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/filebrowser/filebrowser/commit/291223b3cefe1e50fae8f73d70464b1dc25351a4"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-4117",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-4118",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-6jqf-mv7m-3q7p"
+  ],
+  "summary": "File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser",
+  "details": "File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/filebrowser/filebrowser",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/filebrowser/filebrowser/v2",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.45.2"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-6jqf-mv7m-3q7p"
+    },
+    {
+      "type": "WEB",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-4118",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,51 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-4119",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-7wq2-32h4-9hc9"
+  ],
+  "summary": "AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql",
+  "details": "AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/aws/aws-advanced-go-wrapper/awssql",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-7wq2-32h4-9hc9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aws/aws-advanced-go-wrapper/commit/7b405f95fe71db644cd8336ba5fa28b41e89d03e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aws/aws-advanced-go-wrapper/pull/270"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-4119",
+    "review_status": "UNREVIEWED"
+  }
+}