diff --git a/cmd/osv-scanner/fix/__snapshots__/command_test.snap b/cmd/osv-scanner/fix/__snapshots__/command_test.snap
index e02c8a406c7..6127259a26d 100755
--- a/cmd/osv-scanner/fix/__snapshots__/command_test.snap
+++ b/cmd/osv-scanner/fix/__snapshots__/command_test.snap
@@ -5259,14 +5259,14 @@ unsupported strategy "force" - must be one of: in-place, relax, override
---
[TestCommand/fix_non-interactive_in-place_package-lock.json - 1]
-Found 14 vulnerabilities matching the filter
-Can fix 7/14 matching vulnerabilities by changing 5 dependencies
+Found 15 vulnerabilities matching the filter
+Can fix 8/15 matching vulnerabilities by changing 5 dependencies
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
+UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.13
UPGRADED-PACKAGE: ajv,6.12.6,6.14.0
-UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.12
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
-FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
+FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
REMAINING-VULNS: 7
UNFIXABLE-VULNS: 7
@@ -5378,9 +5378,9 @@ UNFIXABLE-VULNS: 7
}
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -6298,9 +6298,9 @@ UNFIXABLE-VULNS: 7
}
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -7101,6 +7101,15 @@ UNFIXABLE-VULNS: 7
],
"unactionable": true
},
+ {
+ "id": "GHSA-f886-m6hf-6m8v",
+ "packages": [
+ {
+ "name": "brace-expansion",
+ "version": "1.1.11"
+ }
+ ]
+ },
{
"id": "GHSA-fjxv-7rqg-78g4",
"packages": [
@@ -7183,19 +7192,28 @@ UNFIXABLE-VULNS: 7
{
"packageUpdates": [
{
- "name": "ajv",
- "versionFrom": "6.12.6",
- "versionTo": "6.14.0",
+ "name": "brace-expansion",
+ "versionFrom": "1.1.11",
+ "versionTo": "1.1.13",
"transitive": true
}
],
"fixed": [
{
- "id": "GHSA-2g4f-4pwh-qvx6",
+ "id": "GHSA-f886-m6hf-6m8v",
"packages": [
{
- "name": "ajv",
- "version": "6.12.6"
+ "name": "brace-expansion",
+ "version": "1.1.11"
+ }
+ ]
+ },
+ {
+ "id": "GHSA-v6h2-p8h4-qcjw",
+ "packages": [
+ {
+ "name": "brace-expansion",
+ "version": "1.1.11"
}
]
}
@@ -7204,19 +7222,19 @@ UNFIXABLE-VULNS: 7
{
"packageUpdates": [
{
- "name": "brace-expansion",
- "versionFrom": "1.1.11",
- "versionTo": "1.1.12",
+ "name": "ajv",
+ "versionFrom": "6.12.6",
+ "versionTo": "6.14.0",
"transitive": true
}
],
"fixed": [
{
- "id": "GHSA-v6h2-p8h4-qcjw",
+ "id": "GHSA-2g4f-4pwh-qvx6",
"packages": [
{
- "name": "brace-expansion",
- "version": "1.1.11"
+ "name": "ajv",
+ "version": "6.12.6"
}
]
}
@@ -7375,9 +7393,9 @@ UNFIXABLE-VULNS: 7
}
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -8295,9 +8313,9 @@ UNFIXABLE-VULNS: 7
}
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -9012,6 +9030,16 @@ UNFIXABLE-VULNS: 7
}
]
},
+ {
+ "id": "GHSA-6fmv-xxpf-w3cw",
+ "packages": [
+ {
+ "name": "org.codehaus.plexus:plexus-utils",
+ "version": "3.0"
+ }
+ ],
+ "unactionable": true
+ },
{
"id": "GHSA-78wr-2p64-hpwj",
"packages": [
@@ -9468,15 +9496,15 @@ UNFIXABLE-VULNS: 7
---
[TestCommand/fix_non-interactive_override_pom.xml - 1]
-Found 12 vulnerabilities matching the filter
-Can fix 12/12 matching vulnerabilities by overriding 4 dependencies
+Found 13 vulnerabilities matching the filter
+Can fix 12/13 matching vulnerabilities by overriding 4 dependencies
OVERRIDE-PACKAGE: org.apache.httpcomponents:httpclient,4.5.13
OVERRIDE-PACKAGE: org.codehaus.plexus:plexus-utils,3.0.24
OVERRIDE-PACKAGE: commons-io:commons-io,2.14.0
OVERRIDE-PACKAGE: org.jsoup:jsoup,1.15.3
FIXED-VULN-IDS: GHSA-2x83-r56g-cv47,GHSA-78wr-2p64-hpwj,GHSA-7r82-7xv7-xcpj,GHSA-8vhq-qq4p-grq3,GHSA-cfh5-3ghh-wfjx,GHSA-fmj5-wv96-r2ch,GHSA-g6ph-x5wf-g337,GHSA-gp7f-rwcx-9369,GHSA-gw85-4gmf-m7rh,GHSA-gwrp-pvrq-jmwv,GHSA-jcwr-x25h-x5fh,GHSA-m72m-mhq2-9p6c
-REMAINING-VULNS: 0
-UNFIXABLE-VULNS: 0
+REMAINING-VULNS: 1
+UNFIXABLE-VULNS: 1
---
@@ -9565,14 +9593,14 @@ UNFIXABLE-VULNS: 4
---
[TestCommand/fix_non_interactive_in_place_package_lock_json_with_native_data_source - 1]
-Found 14 vulnerabilities matching the filter
-Can fix 7/14 matching vulnerabilities by changing 5 dependencies
+Found 15 vulnerabilities matching the filter
+Can fix 8/15 matching vulnerabilities by changing 5 dependencies
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
+UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.13
UPGRADED-PACKAGE: ajv,6.12.6,6.14.0
-UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.12
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
-FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
+FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
REMAINING-VULNS: 7
UNFIXABLE-VULNS: 7
@@ -9684,9 +9712,9 @@ UNFIXABLE-VULNS: 7
}
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -10604,9 +10632,9 @@ UNFIXABLE-VULNS: 7
}
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -11307,13 +11335,13 @@ UNFIXABLE-VULNS: 7
---
[TestCommand/fix_non_interactive_override_pom_xml_with_native_data_source - 1]
-Found 12 vulnerabilities matching the filter
-Can fix 12/12 matching vulnerabilities by overriding 4 dependencies
+Found 13 vulnerabilities matching the filter
+Can fix 13/13 matching vulnerabilities by overriding 4 dependencies
OVERRIDE-PACKAGE: org.apache.httpcomponents:httpclient,4.5.13
-OVERRIDE-PACKAGE: org.codehaus.plexus:plexus-utils,3.0.24
+OVERRIDE-PACKAGE: org.codehaus.plexus:plexus-utils,4.0.3
OVERRIDE-PACKAGE: commons-io:commons-io,2.14.0
OVERRIDE-PACKAGE: org.jsoup:jsoup,1.15.3
-FIXED-VULN-IDS: GHSA-2x83-r56g-cv47,GHSA-78wr-2p64-hpwj,GHSA-7r82-7xv7-xcpj,GHSA-8vhq-qq4p-grq3,GHSA-cfh5-3ghh-wfjx,GHSA-fmj5-wv96-r2ch,GHSA-g6ph-x5wf-g337,GHSA-gp7f-rwcx-9369,GHSA-gw85-4gmf-m7rh,GHSA-gwrp-pvrq-jmwv,GHSA-jcwr-x25h-x5fh,GHSA-m72m-mhq2-9p6c
+FIXED-VULN-IDS: GHSA-2x83-r56g-cv47,GHSA-6fmv-xxpf-w3cw,GHSA-78wr-2p64-hpwj,GHSA-7r82-7xv7-xcpj,GHSA-8vhq-qq4p-grq3,GHSA-cfh5-3ghh-wfjx,GHSA-fmj5-wv96-r2ch,GHSA-g6ph-x5wf-g337,GHSA-gp7f-rwcx-9369,GHSA-gw85-4gmf-m7rh,GHSA-gwrp-pvrq-jmwv,GHSA-jcwr-x25h-x5fh,GHSA-m72m-mhq2-9p6c
REMAINING-VULNS: 0
UNFIXABLE-VULNS: 0
@@ -11364,7 +11392,7 @@ UNFIXABLE-VULNS: 0
org.codehaus.plexus
plexus-utils
- 3.0.24
+ 4.0.3
@@ -11381,14 +11409,14 @@ manifest or lockfile is required
---
[TestCommand_OfflineDatabase/fix_non_interactive_in_place_package_lock_json_with_offline_vulns - 1]
-Found 14 vulnerabilities matching the filter
-Can fix 7/14 matching vulnerabilities by changing 5 dependencies
+Found 15 vulnerabilities matching the filter
+Can fix 8/15 matching vulnerabilities by changing 5 dependencies
UPGRADED-PACKAGE: minimatch,3.1.2,3.1.5
+UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.13
UPGRADED-PACKAGE: ajv,6.12.6,6.14.0
-UPGRADED-PACKAGE: brace-expansion,1.1.11,1.1.12
UPGRADED-PACKAGE: concat-stream,1.5.0,1.6.1
UPGRADED-PACKAGE: hosted-git-info,2.1.4,2.8.9
-FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
+FIXED-VULN-IDS: GHSA-23c5-xmqv-rm74,GHSA-2g4f-4pwh-qvx6,GHSA-3ppc-4f35-3m26,GHSA-43f8-2h32-f4cj,GHSA-7r86-cg39-jmmj,GHSA-f886-m6hf-6m8v,GHSA-g74r-ffvr-5q9f,GHSA-v6h2-p8h4-qcjw
REMAINING-VULNS: 7
UNFIXABLE-VULNS: 7
@@ -11500,9 +11528,9 @@ UNFIXABLE-VULNS: 7
}
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dependencies": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
@@ -12420,9 +12448,9 @@ UNFIXABLE-VULNS: 7
}
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"requires": {
"concat-map": "0.0.1",
"balanced-match": "^1.0.0"
diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
index 3344e27af57..4bec2c2df28 100755
--- a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
+++ b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
@@ -440,8 +440,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image):
-Total 22 packages affected by 46 known vulnerabilities (2 Critical, 15 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem.
-24 vulnerabilities can be fixed.
+Total 22 packages affected by 50 known vulnerabilities (3 Critical, 16 High, 26 Medium, 3 Low, 2 Unknown) from 1 ecosystem.
+25 vulnerabilities can be fixed.
Ubuntu:22.04
@@ -453,7 +453,7 @@ Ubuntu:22.04
| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu |
| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu |
| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu |
-| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu |
+| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 5 | libc-bin, libc6 | # 4 Layer | ubuntu |
| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu |
| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu |
| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu |
@@ -462,13 +462,13 @@ Ubuntu:22.04
| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu |
| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu |
| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu |
-| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu |
+| ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu |
| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu |
| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu |
| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu |
| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu |
-| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu |
+| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 3 | libsystemd0... (2) | # 4 Layer | ubuntu |
| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu |
| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu |
| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu |
@@ -489,8 +489,8 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image):
-Total 22 packages affected by 46 known vulnerabilities (2 Critical, 15 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem.
-24 vulnerabilities can be fixed.
+Total 22 packages affected by 50 known vulnerabilities (3 Critical, 16 High, 26 Medium, 3 Low, 2 Unknown) from 1 ecosystem.
+25 vulnerabilities can be fixed.
Ubuntu:22.04
@@ -502,7 +502,7 @@ Ubuntu:22.04
| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu |
| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu |
| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu |
-| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu |
+| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 5 | libc-bin, libc6 | # 4 Layer | ubuntu |
| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu |
| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu |
| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu |
@@ -511,13 +511,13 @@ Ubuntu:22.04
| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu |
| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu |
| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu |
-| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu |
+| ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu |
| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu |
| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu |
| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu |
| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu |
-| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu |
+| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 3 | libsystemd0... (2) | # 4 Layer | ubuntu |
| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu |
| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu |
| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu |
@@ -557,8 +557,8 @@ Scanning local image tarball "./testdata/test-ubuntu-with-packages.tar"
Container Scanning Result (Ubuntu 22.04.5 LTS) (Based on "ubuntu" image):
-Total 22 packages affected by 46 known vulnerabilities (2 Critical, 15 High, 24 Medium, 3 Low, 2 Unknown) from 1 ecosystem.
-24 vulnerabilities can be fixed.
+Total 22 packages affected by 50 known vulnerabilities (3 Critical, 16 High, 26 Medium, 3 Low, 2 Unknown) from 1 ecosystem.
+25 vulnerabilities can be fixed.
Ubuntu:22.04
@@ -570,7 +570,7 @@ Ubuntu:22.04
| coreutils | 8.32-4.1ubuntu1.2 | No fix available | 2 | coreutils | # 4 Layer | ubuntu |
| dpkg | 1.21.1ubuntu2.3 | Partial fixes Available | 2 | dpkg | # 4 Layer | ubuntu |
| gcc-12 | 12.3.0-1ubuntu1~22.04 | Partial fixes Available | 2 | gcc-12-base... (3) | # 4 Layer | ubuntu |
-| glibc | 2.35-0ubuntu3.8 | Fix Available | 3 | libc-bin, libc6 | # 4 Layer | ubuntu |
+| glibc | 2.35-0ubuntu3.8 | Partial fixes Available | 5 | libc-bin, libc6 | # 4 Layer | ubuntu |
| gnupg2 | 2.2.27-3ubuntu2.1 | Partial fixes Available | 5 | gpgv | # 4 Layer | ubuntu |
| gnutls28 | 3.7.3-4ubuntu1.5 | Fix Available | 3 | libgnutls30 | # 4 Layer | ubuntu |
| krb5 | 1.19.2-2ubuntu0.4 | Fix Available | 2 | libgssapi-krb5-2... (4) | # 4 Layer | ubuntu |
@@ -579,13 +579,13 @@ Ubuntu:22.04
| libtasn1-6 | 4.18.0-4build1 | Fix Available | 2 | libtasn1-6 | # 4 Layer | ubuntu |
| libzstd | 1.4.8+dfsg-3build1 | No fix available | 1 | libzstd1 | # 4 Layer | ubuntu |
| lz4 | 1.9.3-2build2 | No fix available | 1 | liblz4-1 | # 4 Layer | ubuntu |
-| ncurses | 6.3-2ubuntu0.1 | No fix available | 2 | libncurses6... (5) | # 4 Layer | ubuntu |
+| ncurses | 6.3-2ubuntu0.1 | No fix available | 3 | libncurses6... (5) | # 4 Layer | ubuntu |
| openssl | 3.0.2-0ubuntu1.18 | Partial fixes Available | 5 | libssl3 | # 4 Layer | ubuntu |
| pam | 1.4.0-11ubuntu2.5 | Partial fixes Available | 3 | libpam-modules... (4) | # 4 Layer | ubuntu |
| pcre2 | 10.39-3ubuntu0.1 | No fix available | 1 | libpcre2-8-0 | # 4 Layer | ubuntu |
| perl | 5.34.0-3ubuntu1.3 | Partial fixes Available | 3 | perl-base | # 4 Layer | ubuntu |
| shadow | 1:4.8.1-2ubuntu2.2 | No fix available | 2 | login, passwd | # 4 Layer | ubuntu |
-| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 2 | libsystemd0... (2) | # 4 Layer | ubuntu |
+| systemd | 249.11-0ubuntu3.12 | Partial fixes Available | 3 | libsystemd0... (2) | # 4 Layer | ubuntu |
| tar | 1.34+dfsg-1ubuntu0.1.22.04.2 | No fix available | 1 | tar | # 4 Layer | ubuntu |
| util-linux | 2.37.2-4ubuntu3.4 | Fix Available | 1 | libblkid1... (6) | # 4 Layer | ubuntu |
| zlib | 1:1.2.11.dfsg-2ubuntu9.2 | No fix available | 1 | zlib1g | # 4 Layer | ubuntu |
@@ -606,8 +606,8 @@ Scanning local image tarball "./testdata/test-java-full.tar"
Container Scanning Result (Alpine Linux v3.21) (Based on "eclipse-temurin" image):
-Total 25 packages affected by 74 known vulnerabilities (3 Critical, 30 High, 36 Medium, 4 Low, 1 Unknown) from 2 ecosystems.
-74 vulnerabilities can be fixed.
+Total 25 packages affected by 78 known vulnerabilities (3 Critical, 33 High, 37 Medium, 4 Low, 1 Unknown) from 2 ecosystems.
+78 vulnerabilities can be fixed.
Maven
@@ -622,8 +622,8 @@ Maven
| commons-beanutils:commons-beanutils | 1.9.4 | Fix Available | 1 | # 12 Layer | -- |
| dnsjava:dnsjava | 3.4.0 | Fix Available | 1 | # 12 Layer | -- |
| io.netty:netty-codec | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- |
-| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 3 | # 12 Layer | -- |
-| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- |
+| io.netty:netty-codec-http | 4.1.100.Final | Fix Available | 4 | # 12 Layer | -- |
+| io.netty:netty-codec-http2 | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- |
| io.netty:netty-codec-smtp | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- |
| io.netty:netty-common | 4.1.100.Final | Fix Available | 2 | # 12 Layer | -- |
| io.netty:netty-handler | 4.1.100.Final | Fix Available | 1 | # 12 Layer | -- |
@@ -643,7 +643,7 @@ Alpine:v3.21
| expat | 2.6.4-r0 | Fix Available | 7 | libexpat | # 5 Layer | eclipse-temurin |
| gnupg | 2.4.7-r0 | Fix Available | 2 | gnupg... (11) | # 5 Layer | eclipse-temurin |
| gnutls | 3.8.8-r0 | Fix Available | 7 | gnutls | # 5 Layer | eclipse-temurin |
-| libpng | 1.6.44-r0 | Fix Available | 8 | libpng | # 5 Layer | eclipse-temurin |
+| libpng | 1.6.44-r0 | Fix Available | 10 | libpng | # 5 Layer | eclipse-temurin |
| libtasn1 | 4.19.0-r2 | Fix Available | 2 | libtasn1 | # 5 Layer | eclipse-temurin |
| musl | 1.2.5-r8 | Fix Available | 1 | musl, musl-utils | # 0 Layer | alpine |
| openssl | 3.3.2-r4 | Fix Available | 15 | libcrypto3, libssl3... (3) | # 0 Layer | alpine |
@@ -736,8 +736,8 @@ Scanning local image tarball "./testdata/test-python-full.tar"
Container Scanning Result (Debian GNU/Linux 10 (buster)) (Based on "python" image):
-Total 21 packages affected by 53 known vulnerabilities (1 Critical, 18 High, 16 Medium, 3 Low, 15 Unknown) from 2 ecosystems.
-53 vulnerabilities can be fixed.
+Total 21 packages affected by 54 known vulnerabilities (1 Critical, 18 High, 17 Medium, 3 Low, 15 Unknown) from 2 ecosystems.
+54 vulnerabilities can be fixed.
PyPI
@@ -788,7 +788,7 @@ PyPI
+----------+-------------------+---------------+------------+------------------+---------------+
| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | INTRODUCED LAYER | IN BASE IMAGE |
+----------+-------------------+---------------+------------+------------------+---------------+
-| requests | 2.20.0 | Fix Available | 3 | # 17 Layer | -- |
+| requests | 2.20.0 | Fix Available | 4 | # 17 Layer | -- |
+----------+-------------------+---------------+------------+------------------+---------------+
+------------------------------------------------------------------------------------------------+
| Source:artifact:/usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA |
@@ -1376,11 +1376,12 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
"index": 17
}
},
- "groups": 3,
+ "groups": 4,
"vulnerabilities": [
"PYSEC-2023-74",
"GHSA-9hjg-9r4m-mvj7",
"GHSA-9wx4-h78v-vm56",
+ "GHSA-gc5v-m9x4-r6x2",
"GHSA-j8r2-6x86-q33q"
]
}
@@ -3163,7 +3164,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 4,
+ "groups": 6,
"vulnerabilities": [
"USN-8005-1",
"USN-7259-1",
@@ -3175,7 +3176,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"UBUNTU-CVE-2025-4802",
"UBUNTU-CVE-2025-8058",
"UBUNTU-CVE-2026-0861",
- "UBUNTU-CVE-2026-0915"
+ "UBUNTU-CVE-2026-0915",
+ "UBUNTU-CVE-2026-4437",
+ "UBUNTU-CVE-2026-4438"
]
},
{
@@ -3188,7 +3191,7 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 4,
+ "groups": 6,
"vulnerabilities": [
"USN-8005-1",
"USN-7259-1",
@@ -3200,7 +3203,9 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"UBUNTU-CVE-2025-4802",
"UBUNTU-CVE-2025-8058",
"UBUNTU-CVE-2026-0861",
- "UBUNTU-CVE-2026-0915"
+ "UBUNTU-CVE-2026-0915",
+ "UBUNTU-CVE-2026-4437",
+ "UBUNTU-CVE-2026-4438"
]
},
{
@@ -3407,10 +3412,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -3423,10 +3429,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -3603,11 +3610,13 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"USN-7559-1",
+ "USN-8119-1",
"UBUNTU-CVE-2023-7008",
- "UBUNTU-CVE-2025-4598"
+ "UBUNTU-CVE-2025-4598",
+ "UBUNTU-CVE-2026-29111"
]
},
{
@@ -3639,10 +3648,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -3655,11 +3665,13 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"USN-7559-1",
+ "USN-8119-1",
"UBUNTU-CVE-2023-7008",
- "UBUNTU-CVE-2025-4598"
+ "UBUNTU-CVE-2025-4598",
+ "UBUNTU-CVE-2026-29111"
]
},
{
@@ -3733,10 +3745,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -3749,10 +3762,11 @@ Scanning local image tarball "./testdata/test-node_modules-npm-full.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -4124,7 +4138,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 4,
+ "groups": 6,
"vulnerabilities": [
"USN-8005-1",
"USN-7259-1",
@@ -4136,7 +4150,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"UBUNTU-CVE-2025-4802",
"UBUNTU-CVE-2025-8058",
"UBUNTU-CVE-2026-0861",
- "UBUNTU-CVE-2026-0915"
+ "UBUNTU-CVE-2026-0915",
+ "UBUNTU-CVE-2026-4437",
+ "UBUNTU-CVE-2026-4438"
]
},
{
@@ -4149,7 +4165,7 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 4,
+ "groups": 6,
"vulnerabilities": [
"USN-8005-1",
"USN-7259-1",
@@ -4161,7 +4177,9 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"UBUNTU-CVE-2025-4802",
"UBUNTU-CVE-2025-8058",
"UBUNTU-CVE-2026-0861",
- "UBUNTU-CVE-2026-0915"
+ "UBUNTU-CVE-2026-0915",
+ "UBUNTU-CVE-2026-4437",
+ "UBUNTU-CVE-2026-4438"
]
},
{
@@ -4368,10 +4386,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -4384,10 +4403,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -4564,11 +4584,13 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"USN-7559-1",
+ "USN-8119-1",
"UBUNTU-CVE-2023-7008",
- "UBUNTU-CVE-2025-4598"
+ "UBUNTU-CVE-2025-4598",
+ "UBUNTU-CVE-2026-29111"
]
},
{
@@ -4600,10 +4622,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -4616,11 +4639,13 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"USN-7559-1",
+ "USN-8119-1",
"UBUNTU-CVE-2023-7008",
- "UBUNTU-CVE-2025-4598"
+ "UBUNTU-CVE-2025-4598",
+ "UBUNTU-CVE-2026-29111"
]
},
{
@@ -4694,10 +4719,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
@@ -4710,10 +4736,11 @@ Scanning local image tarball "./testdata/test-ubuntu.tar"
"index": 4
}
},
- "groups": 2,
+ "groups": 3,
"vulnerabilities": [
"UBUNTU-CVE-2023-50495",
- "UBUNTU-CVE-2025-6141"
+ "UBUNTU-CVE-2025-6141",
+ "UBUNTU-CVE-2025-69720"
]
},
{
diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml
index 393ec521747..4cc32b5c489 100644
--- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml
+++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml
@@ -2356,7 +2356,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 11752
+ content_length: 12676
body: |
{
"results": [
@@ -2408,7 +2408,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -2496,6 +2496,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -2544,6 +2552,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -2589,7 +2605,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -2840,6 +2856,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -2852,6 +2872,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -2985,7 +3009,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2025-15467",
- "modified": "2026-03-05T18:42:43.606385Z"
+ "modified": "2026-03-24T11:36:59.316987Z"
},
{
"id": "UBUNTU-CVE-2025-27587",
@@ -3033,7 +3057,7 @@ interactions:
},
{
"id": "USN-7980-1",
- "modified": "2026-03-02T11:56:15.392710Z"
+ "modified": "2026-03-24T10:49:52.542218Z"
}
]
},
@@ -3045,7 +3069,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -3057,15 +3081,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -3102,6 +3134,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -3111,15 +3147,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -3173,6 +3217,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -3185,6 +3233,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -3262,7 +3314,7 @@ interactions:
}
headers:
Content-Length:
- - "11752"
+ - "12676"
Content-Type:
- application/json
status: 200 OK
@@ -3997,7 +4049,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 11752
+ content_length: 12676
body: |
{
"results": [
@@ -4049,7 +4101,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -4137,6 +4189,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -4185,6 +4245,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -4230,7 +4298,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -4481,6 +4549,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4493,6 +4565,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4626,7 +4702,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2025-15467",
- "modified": "2026-03-05T18:42:43.606385Z"
+ "modified": "2026-03-24T11:36:59.316987Z"
},
{
"id": "UBUNTU-CVE-2025-27587",
@@ -4674,7 +4750,7 @@ interactions:
},
{
"id": "USN-7980-1",
- "modified": "2026-03-02T11:56:15.392710Z"
+ "modified": "2026-03-24T10:49:52.542218Z"
}
]
},
@@ -4686,7 +4762,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -4698,15 +4774,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -4743,6 +4827,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4752,15 +4840,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -4814,6 +4910,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4826,6 +4926,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4903,7 +5007,7 @@ interactions:
}
headers:
Content-Length:
- - "11752"
+ - "12676"
Content-Type:
- application/json
status: 200 OK
@@ -5652,7 +5756,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 16940
+ content_length: 17864
body: |
{
"results": [
@@ -5705,7 +5809,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -5949,7 +6053,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -5965,7 +6069,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -6005,7 +6109,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -6013,7 +6117,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -6021,7 +6125,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -6029,7 +6133,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -6041,7 +6145,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -6133,6 +6237,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -6181,6 +6293,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -6226,7 +6346,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -6477,6 +6597,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6489,6 +6613,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6622,7 +6750,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2025-15467",
- "modified": "2026-03-05T18:42:43.606385Z"
+ "modified": "2026-03-24T11:36:59.316987Z"
},
{
"id": "UBUNTU-CVE-2025-27587",
@@ -6670,7 +6798,7 @@ interactions:
},
{
"id": "USN-7980-1",
- "modified": "2026-03-02T11:56:15.392710Z"
+ "modified": "2026-03-24T10:49:52.542218Z"
}
]
},
@@ -6682,7 +6810,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -6694,15 +6822,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -6739,6 +6875,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6748,15 +6888,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -6810,6 +6958,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6822,6 +6974,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6899,7 +7055,7 @@ interactions:
}
headers:
Content-Length:
- - "16940"
+ - "17864"
Content-Type:
- application/json
status: 200 OK
@@ -8355,7 +8511,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 10207
+ content_length: 10491
body: |
{
"results": [
@@ -8398,7 +8554,7 @@ interactions:
"vulns": [
{
"id": "GHSA-72hv-8253-57qq",
- "modified": "2026-03-04T15:06:51.908001Z"
+ "modified": "2026-03-27T14:31:27.217055Z"
},
{
"id": "GHSA-h46c-h94j-95f3",
@@ -8669,6 +8825,10 @@ interactions:
{
"id": "GHSA-fghv-69vj-qj49",
"modified": "2026-02-04T03:04:04.888405Z"
+ },
+ {
+ "id": "GHSA-pwqr-wmgm-9rr8",
+ "modified": "2026-03-27T01:59:24.542420Z"
}
]
},
@@ -8677,6 +8837,10 @@ interactions:
{
"id": "GHSA-prj3-ccx8-p6x4",
"modified": "2026-02-04T02:26:22.855609Z"
+ },
+ {
+ "id": "GHSA-w9fj-cfpg-grvv",
+ "modified": "2026-03-27T08:14:20.080133Z"
}
]
},
@@ -8875,6 +9039,14 @@ interactions:
{
"id": "ALPINE-CVE-2026-25646",
"modified": "2026-02-24T12:00:36.302208Z"
+ },
+ {
+ "id": "ALPINE-CVE-2026-33416",
+ "modified": "2026-03-27T09:31:22.645949Z"
+ },
+ {
+ "id": "ALPINE-CVE-2026-33636",
+ "modified": "2026-03-27T09:31:27.847412Z"
}
]
},
@@ -9203,7 +9375,7 @@ interactions:
}
headers:
Content-Length:
- - "10207"
+ - "10491"
Content-Type:
- application/json
status: 200 OK
@@ -11112,7 +11284,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 6240
+ content_length: 6310
body: |
{
"results": [
@@ -11520,6 +11692,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -11673,7 +11849,7 @@ interactions:
}
headers:
Content-Length:
- - "6240"
+ - "6310"
Content-Type:
- application/json
status: 200 OK
@@ -11992,7 +12168,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -12008,7 +12184,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -12048,7 +12224,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -12056,7 +12232,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -12064,7 +12240,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -12072,7 +12248,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -12084,7 +12260,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -12124,7 +12300,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -12140,7 +12316,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -12180,7 +12356,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -12188,7 +12364,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -12196,7 +12372,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -12204,7 +12380,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -12216,7 +12392,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -12256,7 +12432,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -12272,7 +12448,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -12312,7 +12488,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -12320,7 +12496,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -12328,7 +12504,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -12336,7 +12512,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -12348,7 +12524,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -12388,7 +12564,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -12404,7 +12580,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -12444,7 +12620,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -12452,7 +12628,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -12460,7 +12636,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -12468,7 +12644,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -12480,7 +12656,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -12520,7 +12696,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -12536,7 +12712,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -12576,7 +12752,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -12584,7 +12760,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -12592,7 +12768,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -12600,7 +12776,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -12612,7 +12788,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -12652,7 +12828,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -12668,7 +12844,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -12708,7 +12884,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -12716,7 +12892,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -12724,7 +12900,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -12732,7 +12908,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -12744,7 +12920,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml
index fe2f31e6ecd..1dd99f67c0b 100644
--- a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml
+++ b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml
@@ -800,7 +800,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 6240
+ content_length: 6310
body: |
{
"results": [
@@ -1208,6 +1208,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -1361,7 +1365,7 @@ interactions:
}
headers:
Content-Length:
- - "6240"
+ - "6310"
Content-Type:
- application/json
status: 200 OK
@@ -2133,7 +2137,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -2149,7 +2153,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -2189,7 +2193,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -2197,7 +2201,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -2205,7 +2209,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -2213,7 +2217,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -2225,7 +2229,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -3842,7 +3846,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 11752
+ content_length: 12676
body: |
{
"results": [
@@ -3894,7 +3898,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -3982,6 +3986,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -4030,6 +4042,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -4075,7 +4095,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -4326,6 +4346,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4338,6 +4362,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4471,7 +4499,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2025-15467",
- "modified": "2026-03-05T18:42:43.606385Z"
+ "modified": "2026-03-24T11:36:59.316987Z"
},
{
"id": "UBUNTU-CVE-2025-27587",
@@ -4519,7 +4547,7 @@ interactions:
},
{
"id": "USN-7980-1",
- "modified": "2026-03-02T11:56:15.392710Z"
+ "modified": "2026-03-24T10:49:52.542218Z"
}
]
},
@@ -4531,7 +4559,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -4543,15 +4571,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -4588,6 +4624,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4597,15 +4637,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -4659,6 +4707,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4671,6 +4723,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -4748,7 +4804,7 @@ interactions:
}
headers:
Content-Length:
- - "11752"
+ - "12676"
Content-Type:
- application/json
status: 200 OK
@@ -5497,7 +5553,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 16940
+ content_length: 17864
body: |
{
"results": [
@@ -5550,7 +5606,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -5794,7 +5850,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -5810,7 +5866,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -5850,7 +5906,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -5858,7 +5914,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -5866,7 +5922,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -5874,7 +5930,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -5886,7 +5942,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -5978,6 +6034,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -6026,6 +6090,14 @@ interactions:
"id": "UBUNTU-CVE-2026-0915",
"modified": "2026-02-23T00:02:27.504192Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-4437",
+ "modified": "2026-03-27T17:20:33.935546Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2026-4438",
+ "modified": "2026-03-27T17:19:55.037376Z"
+ },
{
"id": "USN-7259-1",
"modified": "2026-02-10T04:46:30Z"
@@ -6071,7 +6143,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -6322,6 +6394,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6334,6 +6410,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6467,7 +6547,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2025-15467",
- "modified": "2026-03-05T18:42:43.606385Z"
+ "modified": "2026-03-24T11:36:59.316987Z"
},
{
"id": "UBUNTU-CVE-2025-27587",
@@ -6515,7 +6595,7 @@ interactions:
},
{
"id": "USN-7980-1",
- "modified": "2026-03-02T11:56:15.392710Z"
+ "modified": "2026-03-24T10:49:52.542218Z"
}
]
},
@@ -6527,7 +6607,7 @@ interactions:
},
{
"id": "UBUNTU-CVE-2023-4039",
- "modified": "2026-03-14T09:09:23.235151Z"
+ "modified": "2026-03-25T18:58:20.704967Z"
},
{
"id": "USN-7700-1",
@@ -6539,15 +6619,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -6584,6 +6672,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6593,15 +6685,23 @@ interactions:
"vulns": [
{
"id": "UBUNTU-CVE-2023-7008",
- "modified": "2025-10-09T04:59:16Z"
+ "modified": "2026-03-24T11:23:24.595253Z"
},
{
"id": "UBUNTU-CVE-2025-4598",
"modified": "2026-02-04T02:49:04.264249Z"
},
+ {
+ "id": "UBUNTU-CVE-2026-29111",
+ "modified": "2026-03-25T19:48:50.349178Z"
+ },
{
"id": "USN-7559-1",
"modified": "2026-02-10T04:48:59Z"
+ },
+ {
+ "id": "USN-8119-1",
+ "modified": "2026-03-25T18:23:48.312643Z"
}
]
},
@@ -6655,6 +6755,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6667,6 +6771,10 @@ interactions:
{
"id": "UBUNTU-CVE-2025-6141",
"modified": "2026-01-20T18:35:03.980742Z"
+ },
+ {
+ "id": "UBUNTU-CVE-2025-69720",
+ "modified": "2026-03-25T19:45:28.675527Z"
}
]
},
@@ -6744,7 +6852,7 @@ interactions:
}
headers:
Content-Length:
- - "16940"
+ - "17864"
Content-Type:
- application/json
status: 200 OK
diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap
index 0e79debe66f..f6bd5bd9b4e 100755
--- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap
+++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap
@@ -1616,8 +1616,8 @@ Scanned /testdata/locks-requirements/requirements.txt file and found 3
Scanned /testdata/locks-requirements/the_requirements_for_test.txt file and found 1 package
Scanned /testdata/locks-requirements/unresolvable-requirements.txt file and found 3 packages
-Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20 Medium, 4 Low, 1 Unknown) from 1 ecosystem.
-50 vulnerabilities can be fixed.
+Total 12 packages affected by 52 known vulnerabilities (5 Critical, 20 High, 22 Medium, 4 Low, 1 Unknown) from 1 ecosystem.
+52 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+------------+---------+---------------+-----------------------------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
@@ -1641,6 +1641,7 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20
| https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements-transitive.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements-transitive.txt |
+| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements-transitive.txt |
| https://osv.dev/PYSEC-2021-439 | 7.3 | PyPI | django | 2.2.24 | 2.2.25 | testdata/locks-requirements/requirements.prod.txt |
| https://osv.dev/GHSA-v6rh-hp5x-86rv | | | | | | |
| https://osv.dev/PYSEC-2022-1 | 8.7 | PyPI | django | 2.2.24 | 2.2.26 | testdata/locks-requirements/requirements.prod.txt |
@@ -1678,6 +1679,7 @@ Total 12 packages affected by 50 known vulnerabilities (5 Critical, 20 High, 20
| https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt |
+| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/PYSEC-2023-62 | 8.7 | PyPI | flask | 1.0.0 | 2.2.5 | testdata/locks-requirements/unresolvable-requirements.txt |
| https://osv.dev/GHSA-m2qf-hxjv-5gpq | | | | | | |
| https://osv.dev/GHSA-68rp-wp8r-4726 | 2.3 | PyPI | flask | 1.0.0 | 3.1.3 | testdata/locks-requirements/unresolvable-requirements.txt |
@@ -3444,13 +3446,13 @@ Scanned /testdata/artifact/javareach_test.jar file and found 21 package
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
failed to download package err jar not found: https://repo1.maven.org/maven2/com/example/hello-tester/1.0-SNAPSHOT/hello-tester-1.0-SNAPSHOT.jar
-Total 4 packages affected by 55 known vulnerabilities (18 Critical, 30 High, 5 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
+Total 4 packages affected by 55 known vulnerabilities (18 Critical, 29 High, 6 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
55 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
+-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+
-| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar |
+| https://osv.dev/GHSA-72hv-8253-57qq | 6.9 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar |
@@ -3527,14 +3529,14 @@ Scanning dir ./testdata/artifact/javareach_test.jar
Scanned /testdata/artifact/javareach_test.jar file and found 21 packages
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
-Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 Medium, 3 Low, 0 Unknown) from 1 ecosystem.
+Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem.
60 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
+-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+
| https://osv.dev/GHSA-c28r-hw5m-5gv3 | 7.9 | Maven | com.amazonaws:aws-java-sdk-s3 | 1.11.327 | 1.12.261 | testdata/artifact/javareach_test.jar |
-| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar |
+| https://osv.dev/GHSA-72hv-8253-57qq | 6.9 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar |
@@ -3607,14 +3609,14 @@ Scanning dir ./testdata/artifact/javareach_test.jar
Scanned /testdata/artifact/javareach_test.jar file and found 21 packages
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
-Total 8 packages affected by 61 known vulnerabilities (18 Critical, 32 High, 8 Medium, 3 Low, 0 Unknown) from 1 ecosystem.
+Total 8 packages affected by 61 known vulnerabilities (18 Critical, 31 High, 9 Medium, 3 Low, 0 Unknown) from 1 ecosystem.
60 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
+-------------------------------------+------+-----------+---------------------------------------------+------------------+---------------+--------------------------------------+
| https://osv.dev/GHSA-c28r-hw5m-5gv3 | 7.9 | Maven | com.amazonaws:aws-java-sdk-s3 | 1.11.327 | 1.12.261 | testdata/artifact/javareach_test.jar |
-| https://osv.dev/GHSA-72hv-8253-57qq | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar |
+| https://osv.dev/GHSA-72hv-8253-57qq | 6.9 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.18.6 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-h46c-h94j-95f3 | 8.7 | Maven | com.fasterxml.jackson.core:jackson-core | 2.14.0 | 2.15.0 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-288c-cq4h-88gq | 7.5 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.6.7.4 | testdata/artifact/javareach_test.jar |
| https://osv.dev/GHSA-4gq5-ch57-c2mg | 9.8 | Maven | com.fasterxml.jackson.core:jackson-databind | 2.6.7.1 | 2.7.9.5 | testdata/artifact/javareach_test.jar |
@@ -5743,8 +5745,8 @@ No package sources found, --help for usage information.
Scanning dir ./testdata/locks-requirements/requirements.txt
Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages
-Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Medium, 1 Low, 0 Unknown) from 1 ecosystem.
-12 vulnerabilities can be fixed.
+Total 3 packages affected by 13 known vulnerabilities (1 Critical, 4 High, 7 Medium, 1 Low, 0 Unknown) from 1 ecosystem.
+13 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
@@ -5764,6 +5766,7 @@ Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Med
| https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt |
+| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt |
+-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
---
@@ -5841,8 +5844,8 @@ Total 3 packages affected by 9 known vulnerabilities (0 Critical, 3 High, 4 Medi
Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
-Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
-22 vulnerabilities can be fixed.
+Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
+23 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
@@ -5862,6 +5865,7 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me
| https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt |
+| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/PYSEC-2024-60 | 7.5 | PyPI | idna | 2.7.0 | 3.7 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/GHSA-jjg7-2v4v-x38h | | | | | | |
| https://osv.dev/PYSEC-2020-148 | 6.9 | PyPI | urllib3 | 1.24.3 | 1.25.9 | testdata/locks-requirements/requirements.txt |
@@ -5888,8 +5892,8 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me
Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
-Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
-22 vulnerabilities can be fixed.
+Total 5 packages affected by 23 known vulnerabilities (1 Critical, 9 High, 11 Medium, 1 Low, 1 Unknown) from 1 ecosystem.
+23 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
@@ -5909,6 +5913,7 @@ Total 5 packages affected by 22 known vulnerabilities (1 Critical, 9 High, 10 Me
| https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt |
+| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/PYSEC-2024-60 | 7.5 | PyPI | idna | 2.7 | 3.7 | testdata/locks-requirements/requirements.txt |
| https://osv.dev/GHSA-jjg7-2v4v-x38h | | | | | | |
| https://osv.dev/PYSEC-2020-148 | 6.9 | PyPI | urllib3 | 1.24.3 | 1.25.9 | testdata/locks-requirements/requirements.txt |
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml
index 8a33739c19a..c635709b98d 100644
--- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml
+++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml
@@ -366,7 +366,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -382,7 +382,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -422,7 +422,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -430,7 +430,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -438,7 +438,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -446,7 +446,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -458,7 +458,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -580,7 +580,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -596,7 +596,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -636,7 +636,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -644,7 +644,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -652,7 +652,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -660,7 +660,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -672,7 +672,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -744,7 +744,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -760,7 +760,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -800,7 +800,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -808,7 +808,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -816,7 +816,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -824,7 +824,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -836,7 +836,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -951,7 +951,7 @@ interactions:
},
{
"id": "GO-2025-3447",
- "modified": "2026-02-04T04:23:04.020664Z"
+ "modified": "2026-03-24T23:48:06.694170Z"
},
{
"id": "GO-2025-3563",
@@ -967,7 +967,7 @@ interactions:
},
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -1007,7 +1007,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -1015,7 +1015,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -1023,7 +1023,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -1031,7 +1031,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -1043,7 +1043,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -4273,19 +4273,19 @@ interactions:
},
{
"id": "DEBIAN-CVE-2026-0989",
- "modified": "2026-01-16T11:05:07.928323Z"
+ "modified": "2026-03-27T10:02:52.786818Z"
},
{
"id": "DEBIAN-CVE-2026-0990",
- "modified": "2026-01-16T11:05:23.527352Z"
+ "modified": "2026-03-27T10:02:55.759355Z"
},
{
"id": "DEBIAN-CVE-2026-0992",
- "modified": "2026-01-16T11:05:10.515041Z"
+ "modified": "2026-03-27T10:02:35.574410Z"
},
{
"id": "DEBIAN-CVE-2026-1757",
- "modified": "2026-02-03T11:16:44.779248Z"
+ "modified": "2026-03-27T10:02:04.914884Z"
},
{
"id": "DLA-3012-1",
@@ -5219,7 +5219,7 @@ interactions:
"vulns": [
{
"id": "GO-2025-3849",
- "modified": "2026-02-04T02:26:50.866679Z"
+ "modified": "2026-03-24T23:55:13.286144Z"
},
{
"id": "GO-2025-3956",
@@ -5259,7 +5259,7 @@ interactions:
},
{
"id": "GO-2025-4014",
- "modified": "2026-03-23T10:29:12.189807Z"
+ "modified": "2026-03-26T10:44:32.545618Z"
},
{
"id": "GO-2025-4015",
@@ -5267,7 +5267,7 @@ interactions:
},
{
"id": "GO-2025-4155",
- "modified": "2026-03-23T10:29:12.451671Z"
+ "modified": "2026-03-27T10:29:15.565192Z"
},
{
"id": "GO-2025-4175",
@@ -5275,7 +5275,7 @@ interactions:
},
{
"id": "GO-2026-4337",
- "modified": "2026-03-20T10:43:57.595965Z"
+ "modified": "2026-03-27T10:29:16.043827Z"
},
{
"id": "GO-2026-4340",
@@ -5283,7 +5283,7 @@ interactions:
},
{
"id": "GO-2026-4341",
- "modified": "2026-03-23T10:29:12.350209Z"
+ "modified": "2026-03-27T10:29:15.274038Z"
},
{
"id": "GO-2026-4342",
@@ -5291,7 +5291,7 @@ interactions:
},
{
"id": "GO-2026-4601",
- "modified": "2026-03-10T10:43:54.660319Z"
+ "modified": "2026-03-27T10:40:38.504585Z"
},
{
"id": "GO-2026-4602",
@@ -5311,7 +5311,7 @@ interactions:
},
{
"id": "GO-2026-4339",
- "modified": "2026-02-04T04:20:19.626029Z"
+ "modified": "2026-03-27T10:40:21.183038Z"
},
{
"id": "GO-2026-4433",
@@ -6914,7 +6914,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 4809
+ content_length: 4949
body: |
{
"results": [
@@ -7005,6 +7005,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -7169,6 +7173,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -7244,7 +7252,7 @@ interactions:
}
headers:
Content-Length:
- - "4809"
+ - "4949"
Content-Type:
- application/json
status: 200 OK
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml
index 163c05b99db..d90b8f0c1d6 100644
--- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml
+++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CallAnalysis.yaml
@@ -44,7 +44,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 798
+ content_length: 861
body: |
{
"results": [
@@ -105,6 +105,10 @@ interactions:
{
"id": "GO-2024-2937",
"modified": "2026-02-04T03:54:25.251608Z"
+ },
+ {
+ "id": "GO-2026-4815",
+ "modified": "2026-03-25T18:34:45.670459Z"
}
]
}
@@ -112,7 +116,7 @@ interactions:
}
headers:
Content-Length:
- - "798"
+ - "861"
Content-Type:
- application/json
status: 200 OK
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml
index a418d5e6e02..666f6677ae2 100644
--- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml
+++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml
@@ -132,7 +132,7 @@ interactions:
},
{
"id": "OSV-2024-340",
- "modified": "2026-03-23T14:27:12.230861Z"
+ "modified": "2026-03-27T14:27:38.304835Z"
},
{
"id": "PYSEC-2023-233",
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml
index 487902f1177..2f1bc64c027 100644
--- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml
+++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Config_UnusedIgnores.yaml
@@ -2081,19 +2081,19 @@ interactions:
},
{
"id": "DEBIAN-CVE-2026-0989",
- "modified": "2026-01-16T11:05:07.928323Z"
+ "modified": "2026-03-27T10:02:52.786818Z"
},
{
"id": "DEBIAN-CVE-2026-0990",
- "modified": "2026-01-16T11:05:23.527352Z"
+ "modified": "2026-03-27T10:02:55.759355Z"
},
{
"id": "DEBIAN-CVE-2026-0992",
- "modified": "2026-01-16T11:05:10.515041Z"
+ "modified": "2026-03-27T10:02:35.574410Z"
},
{
"id": "DEBIAN-CVE-2026-1757",
- "modified": "2026-02-03T11:16:44.779248Z"
+ "modified": "2026-03-27T10:02:04.914884Z"
},
{
"id": "DLA-3012-1",
@@ -4638,19 +4638,19 @@ interactions:
},
{
"id": "DEBIAN-CVE-2026-0989",
- "modified": "2026-01-16T11:05:07.928323Z"
+ "modified": "2026-03-27T10:02:52.786818Z"
},
{
"id": "DEBIAN-CVE-2026-0990",
- "modified": "2026-01-16T11:05:23.527352Z"
+ "modified": "2026-03-27T10:02:55.759355Z"
},
{
"id": "DEBIAN-CVE-2026-0992",
- "modified": "2026-01-16T11:05:10.515041Z"
+ "modified": "2026-03-27T10:02:35.574410Z"
},
{
"id": "DEBIAN-CVE-2026-1757",
- "modified": "2026-02-03T11:16:44.779248Z"
+ "modified": "2026-03-27T10:02:04.914884Z"
},
{
"id": "DLA-3012-1",
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml
index 8137a140483..fda350a8067 100644
--- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml
+++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_JavareachArchive.yaml
@@ -191,7 +191,7 @@ interactions:
"vulns": [
{
"id": "GHSA-72hv-8253-57qq",
- "modified": "2026-03-04T15:06:51.908001Z"
+ "modified": "2026-03-27T14:31:27.217055Z"
},
{
"id": "GHSA-h46c-h94j-95f3",
@@ -663,7 +663,7 @@ interactions:
"vulns": [
{
"id": "GHSA-72hv-8253-57qq",
- "modified": "2026-03-04T15:06:51.908001Z"
+ "modified": "2026-03-27T14:31:27.217055Z"
},
{
"id": "GHSA-h46c-h94j-95f3",
@@ -1135,7 +1135,7 @@ interactions:
"vulns": [
{
"id": "GHSA-72hv-8253-57qq",
- "modified": "2026-03-04T15:06:51.908001Z"
+ "modified": "2026-03-27T14:31:27.217055Z"
},
{
"id": "GHSA-h46c-h94j-95f3",
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml
index feb703f160c..a217969876c 100644
--- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml
+++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml
@@ -1389,7 +1389,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 1081
+ content_length: 1151
body: |
{
"results": [
@@ -1455,6 +1455,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -1469,7 +1473,7 @@ interactions:
}
headers:
Content-Length:
- - "1081"
+ - "1151"
Content-Type:
- application/json
status: 200 OK
@@ -1745,7 +1749,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 2083
+ content_length: 2153
body: |
{
"results": [
@@ -1830,6 +1834,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -1897,7 +1905,7 @@ interactions:
}
headers:
Content-Length:
- - "2083"
+ - "2153"
Content-Type:
- application/json
status: 200 OK
@@ -2016,7 +2024,7 @@ interactions:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
- content_length: 2083
+ content_length: 2153
body: |
{
"results": [
@@ -2101,6 +2109,10 @@ interactions:
"id": "GHSA-9wx4-h78v-vm56",
"modified": "2026-02-04T02:43:42.271895Z"
},
+ {
+ "id": "GHSA-gc5v-m9x4-r6x2",
+ "modified": "2026-03-26T06:29:19.982144Z"
+ },
{
"id": "GHSA-j8r2-6x86-q33q",
"modified": "2026-02-04T03:34:13.807518Z"
@@ -2168,7 +2180,7 @@ interactions:
}
headers:
Content-Length:
- - "2083"
+ - "2153"
Content-Type:
- application/json
status: 200 OK