Adding detection events for cluster-api-aws-controller (#21342)

octo-sts[bot] · web-flow · commit c1ac744a4901 · 2025-08-04T14:18:45.000Z
* Adding Advisory GHSA-hj57-j5cw-2mwp for cluster-api-aws-controller * Adding Advisory GHSA-hcg3-q754-cr77 for cluster-api-aws-controller * Adding Advisory GHSA-qxp5-gwg8-xv66 for cluster-api-aws-controller * Adding Advisory GHSA-vvgc-356p-c3xw for cluster-api-aws-controller * Adding Advisory GHSA-6v2p-p543-phr9 for cluster-api-aws-controller --------- Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
diff --git a/cluster-api-aws-controller.advisories.yaml b/cluster-api-aws-controller.advisories.yaml
@@ -0,0 +1,95 @@
+schema-version: 2.0.2
+
+package:
+  name: cluster-api-aws-controller
+
+advisories:
+  - id: CGA-46wx-h8gm-9f9h
+    aliases:
+      - CVE-2022-1706
+      - GHSA-hj57-j5cw-2mwp
+    events:
+      - timestamp: 2025-08-04T14:14:39Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: cluster-api-aws-controller
+            componentID: 33b9a75a76b6b6ed
+            componentName: github.com/coreos/ignition
+            componentVersion: v0.35.0
+            componentType: go-module
+            componentLocation: /usr/bin/cluster-api-aws-controller
+            scanner: grype
+
+  - id: CGA-8c53-425r-xjx7
+    aliases:
+      - CVE-2025-22872
+      - GHSA-vvgc-356p-c3xw
+    events:
+      - timestamp: 2025-08-04T14:14:41Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: cluster-api-aws-controller
+            componentID: ed7eb90cf1445862
+            componentName: golang.org/x/net
+            componentVersion: v0.33.0
+            componentType: go-module
+            componentLocation: /usr/bin/cluster-api-aws-controller
+            scanner: grype
+
+  - id: CGA-h7xj-3pr5-qmp2
+    aliases:
+      - CVE-2025-22869
+      - GHSA-hcg3-q754-cr77
+    events:
+      - timestamp: 2025-08-04T14:14:39Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: cluster-api-aws-controller
+            componentID: e789f80eaf646161
+            componentName: golang.org/x/crypto
+            componentVersion: v0.31.0
+            componentType: go-module
+            componentLocation: /usr/bin/cluster-api-aws-controller
+            scanner: grype
+
+  - id: CGA-vcwr-7247-m88r
+    aliases:
+      - CVE-2025-22868
+      - GHSA-6v2p-p543-phr9
+    events:
+      - timestamp: 2025-08-04T14:14:42Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: cluster-api-aws-controller
+            componentID: 4d385c10eed16e92
+            componentName: golang.org/x/oauth2
+            componentVersion: v0.24.0
+            componentType: go-module
+            componentLocation: /usr/bin/cluster-api-aws-controller
+            scanner: grype
+
+  - id: CGA-x439-jp8g-jh4q
+    aliases:
+      - CVE-2025-22870
+      - GHSA-qxp5-gwg8-xv66
+    events:
+      - timestamp: 2025-08-04T14:14:40Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: cluster-api-aws-controller
+            componentID: ed7eb90cf1445862
+            componentName: golang.org/x/net
+            componentVersion: v0.33.0
+            componentType: go-module
+            componentLocation: /usr/bin/cluster-api-aws-controller
+            scanner: grype
