{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dn"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dn."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /storage/settings."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /storage/settings."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 34.8% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 34.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 34.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-qppj-fm5r-hxr3", "name": "golang.org/x/net: GHSA-qppj-fm5r-hxr3", "shortDescription": {"text": "golang.org/x/net: GHSA-qppj-fm5r-hxr3"}, "fullDescription": {"text": "HTTP/2 Stream Cancellation Attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vvgj-x9jq-8cj9", "name": "github.com/quic-go/quic-go: GHSA-vvgj-x9jq-8cj9", "shortDescription": {"text": "github.com/quic-go/quic-go: GHSA-vvgj-x9jq-8cj9"}, "fullDescription": {"text": "quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC089", "name": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended ", "shortDescription": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "fullDescription": {"text": "Bind to `127.0.0.1:PORT` and front with a reverse proxy."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `peter-evans/dockerhub-description@v4` is 1 major version(s) behind (latest v5.0.0)", "shortDescription": {"text": "GitHub Action `peter-evans/dockerhub-description@v4` is 1 major version(s) behind (latest v5.0.0)"}, "fullDescription": {"text": "`uses: peter-evans/dockerhub-description@v4` is 1 major version(s) behind the latest published release v5.0.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 52 more): Same pattern found in 52 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4403", "name": "stdlib: GO-2026-4403", "shortDescription": {"text": "stdlib: GO-2026-4403"}, "fullDescription": {"text": "Improper access to parent directory of root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3956", "name": "stdlib: GO-2025-3956", "shortDescription": {"text": "stdlib: GO-2025-3956"}, "fullDescription": {"text": "Unexpected paths returned from LookPath in os/exec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3849", "name": "stdlib: GO-2025-3849", "shortDescription": {"text": "stdlib: GO-2025-3849"}, "fullDescription": {"text": "Incorrect results returned from Rows.Scan in database/sql"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3751", "name": "stdlib: GO-2025-3751", "shortDescription": {"text": "stdlib: GO-2025-3751"}, "fullDescription": {"text": "Sensitive headers not cleared on cross-origin redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3750", "name": "stdlib: GO-2025-3750", "shortDescription": {"text": "stdlib: GO-2025-3750"}, "fullDescription": {"text": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3563", "name": "stdlib: GO-2025-3563", "shortDescription": {"text": "stdlib: GO-2025-3563"}, "fullDescription": {"text": "Request smuggling due to acceptance of invalid chunked data in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3503", "name": "stdlib: GO-2025-3503", "shortDescription": {"text": "stdlib: GO-2025-3503"}, "fullDescription": {"text": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3447", "name": "stdlib: GO-2025-3447", "shortDescription": {"text": "stdlib: GO-2025-3447"}, "fullDescription": {"text": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3420", "name": "stdlib: GO-2025-3420", "shortDescription": {"text": "stdlib: GO-2025-3420"}, "fullDescription": {"text": "Sensitive headers incorrectly sent after cross-domain redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3373", "name": "stdlib: GO-2025-3373", "shortDescription": {"text": "stdlib: GO-2025-3373"}, "fullDescription": {"text": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3107", "name": "stdlib: GO-2024-3107", "shortDescription": {"text": "stdlib: GO-2024-3107"}, "fullDescription": {"text": "Stack exhaustion in Parse in go/build/constraint"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3106", "name": "stdlib: GO-2024-3106", "shortDescription": {"text": "stdlib: GO-2024-3106"}, "fullDescription": {"text": "Stack exhaustion in Decoder.Decode in encoding/gob"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3105", "name": "stdlib: GO-2024-3105", "shortDescription": {"text": "stdlib: GO-2024-3105"}, "fullDescription": {"text": "Stack exhaustion in all Parse functions in go/parser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2963", "name": "stdlib: GO-2024-2963", "shortDescription": {"text": "stdlib: GO-2024-2963"}, "fullDescription": {"text": "Denial of service due to improper 100-continue handling in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2888", "name": "stdlib: GO-2024-2888", "shortDescription": {"text": "stdlib: GO-2024-2888"}, "fullDescription": {"text": "Mishandling of corrupt central directory record in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2887", "name": "stdlib: GO-2024-2887", "shortDescription": {"text": "stdlib: GO-2024-2887"}, "fullDescription": {"text": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2687", "name": "stdlib: GO-2024-2687", "shortDescription": {"text": "stdlib: GO-2024-2687"}, "fullDescription": {"text": "HTTP/2 CONTINUATION flood in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2610", "name": "stdlib: GO-2024-2610", "shortDescription": {"text": "stdlib: GO-2024-2610"}, "fullDescription": {"text": "Errors returned from JSON marshaling may break template escaping in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2609", "name": "stdlib: GO-2024-2609", "shortDescription": {"text": "stdlib: GO-2024-2609"}, "fullDescription": {"text": "Comments in display names are incorrectly handled in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2600", "name": "stdlib: GO-2024-2600", "shortDescription": {"text": "stdlib: GO-2024-2600"}, "fullDescription": {"text": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2599", "name": "stdlib: GO-2024-2599", "shortDescription": {"text": "stdlib: GO-2024-2599"}, "fullDescription": {"text": "Memory exhaustion in multipart form parsing in net/textproto and net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2598", "name": "stdlib: GO-2024-2598", "shortDescription": {"text": "stdlib: GO-2024-2598"}, "fullDescription": {"text": "Verify panics on certificates with an unknown public key algorithm in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2611", "name": "google.golang.org/protobuf: GO-2024-2611", "shortDescription": {"text": "google.golang.org/protobuf: GO-2024-2611"}, "fullDescription": {"text": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5024", "name": "golang.org/x/sys: GO-2026-5024", "shortDescription": {"text": "golang.org/x/sys: GO-2026-5024"}, "fullDescription": {"text": "Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5030", "name": "golang.org/x/net: GO-2026-5030", "shortDescription": {"text": "golang.org/x/net: GO-2026-5030"}, "fullDescription": {"text": "Invoking duplicate attributes can cause XSS in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5029", "name": "golang.org/x/net: GO-2026-5029", "shortDescription": {"text": "golang.org/x/net: GO-2026-5029"}, "fullDescription": {"text": "Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5028", "name": "golang.org/x/net: GO-2026-5028", "shortDescription": {"text": "golang.org/x/net: GO-2026-5028"}, "fullDescription": {"text": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5027", "name": "golang.org/x/net: GO-2026-5027", "shortDescription": {"text": "golang.org/x/net: GO-2026-5027"}, "fullDescription": {"text": "Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5026", "name": "golang.org/x/net: GO-2026-5026", "shortDescription": {"text": "golang.org/x/net: GO-2026-5026"}, "fullDescription": {"text": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5025", "name": "golang.org/x/net: GO-2026-5025", "shortDescription": {"text": "golang.org/x/net: GO-2026-5025"}, "fullDescription": {"text": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4441", "name": "golang.org/x/net: GO-2026-4441", "shortDescription": {"text": "golang.org/x/net: GO-2026-4441"}, "fullDescription": {"text": "Infinite parsing loop in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4440", "name": "golang.org/x/net: GO-2026-4440", "shortDescription": {"text": "golang.org/x/net: GO-2026-4440"}, "fullDescription": {"text": "Quadratic parsing complexity in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3595", "name": "golang.org/x/net: GO-2025-3595", "shortDescription": {"text": "golang.org/x/net: GO-2025-3595"}, "fullDescription": {"text": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3333", "name": "golang.org/x/net: GO-2024-3333", "shortDescription": {"text": "golang.org/x/net: GO-2024-3333"}, "fullDescription": {"text": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2023-2102", "name": "golang.org/x/net: GO-2023-2102", "shortDescription": {"text": "golang.org/x/net: GO-2023-2102"}, "fullDescription": {"text": "HTTP/2 rapid reset can cause excessive work in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2023-1988", "name": "golang.org/x/net: GO-2023-1988", "shortDescription": {"text": "golang.org/x/net: GO-2023-1988"}, "fullDescription": {"text": "Improper rendering of text nodes in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5033", "name": "golang.org/x/crypto: GO-2026-5033", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5033"}, "fullDescription": {"text": "Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5023", "name": "golang.org/x/crypto: GO-2026-5023", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5023"}, "fullDescription": {"text": "Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5021", "name": "golang.org/x/crypto: GO-2026-5021", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5021"}, "fullDescription": {"text": "Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5020", "name": "golang.org/x/crypto: GO-2026-5020", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5020"}, "fullDescription": {"text": "Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5019", "name": "golang.org/x/crypto: GO-2026-5019", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5019"}, "fullDescription": {"text": "Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5018", "name": "golang.org/x/crypto: GO-2026-5018", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5018"}, "fullDescription": {"text": "Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5017", "name": "golang.org/x/crypto: GO-2026-5017", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5017"}, "fullDescription": {"text": "Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5016", "name": "golang.org/x/crypto: GO-2026-5016", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5016"}, "fullDescription": {"text": "Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5015", "name": "golang.org/x/crypto: GO-2026-5015", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5015"}, "fullDescription": {"text": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5014", "name": "golang.org/x/crypto: GO-2026-5014", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5014"}, "fullDescription": {"text": "Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5013", "name": "golang.org/x/crypto: GO-2026-5013", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5013"}, "fullDescription": {"text": "Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5006", "name": "golang.org/x/crypto: GO-2026-5006", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5006"}, "fullDescription": {"text": "Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5005", "name": "golang.org/x/crypto: GO-2026-5005", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5005"}, "fullDescription": {"text": "Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4135", "name": "golang.org/x/crypto: GO-2025-4135", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4135"}, "fullDescription": {"text": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4134", "name": "golang.org/x/crypto: GO-2025-4134", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4134"}, "fullDescription": {"text": "Unbounded memory consumption in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4116", "name": "golang.org/x/crypto: GO-2025-4116", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4116"}, "fullDescription": {"text": "Potential denial of service in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3487", "name": "golang.org/x/crypto: GO-2025-3487", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-3487"}, "fullDescription": {"text": "Potential denial of service in golang.org/x/crypto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4479", "name": "github.com/pion/dtls/v2: GO-2026-4479", "shortDescription": {"text": "github.com/pion/dtls/v2: GO-2026-4479"}, "fullDescription": {"text": "Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3749", "name": "stdlib: GO-2025-3749", "shortDescription": {"text": "stdlib: GO-2025-3749"}, "fullDescription": {"text": "Usage of ExtKeyUsageAny disables policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC088", "name": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM r", "shortDescription": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "fullDescription": {"text": "Remove the option. If self-signed certs are required, pin via RootCAs."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `peter-evans/dockerhub-description` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `peter-evans/dockerhub-description` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: peter-evans/dockerhub-description@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `lscr.io/linuxserver/jellyfin:latest` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `lscr.io/linuxserver/jellyfin:latest` not pinned by digest"}, "fullDescription": {"text": "`FROM lscr.io/linuxserver/jellyfin:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "go.mod replaces `(` \u2014 points to a LOCAL path", "shortDescription": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "fullDescription": {"text": "`replace ( => ./internal/anacrolix-torrent` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-p77j-4mvh-x3m3", "name": "google.golang.org/grpc: GHSA-p77j-4mvh-x3m3", "shortDescription": {"text": "google.golang.org/grpc: GHSA-p77j-4mvh-x3m3"}, "fullDescription": {"text": "gRPC-Go has an authorization bypass via missing leading slash in :path"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v778-237x-gjrc", "name": "golang.org/x/crypto: GHSA-v778-237x-gjrc", "shortDescription": {"text": "golang.org/x/crypto: GHSA-v778-237x-gjrc"}, "fullDescription": {"text": "Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.APP_PRIVATE_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.APP_PRIVATE_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.APP_PRIVATE_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1223"}, "properties": {"repository": "MrRobotoGit/gostream", "repoUrl": "https://github.com/MrRobotoGit/gostream", "branch": "main"}, "results": [{"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123414, "scanner": "repobility-journey-contract", "fingerprint": "7f0e9881e95de64462933c228bbf2679391bef5fb8dcf0bf419d86e4c0487642", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/config", "correlation_key": "fp|7f0e9881e95de64462933c228bbf2679391bef5fb8dcf0bf419d86e4c0487642", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1578}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123413, "scanner": "repobility-journey-contract", "fingerprint": "2544ff233c191fba4ccf9c4ddd4de80413cbf310e9c0ba0644d3600a6012c92f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/config", "correlation_key": "fp|2544ff233c191fba4ccf9c4ddd4de80413cbf310e9c0ba0644d3600a6012c92f", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1555}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123412, "scanner": "repobility-journey-contract", "fingerprint": "ec460ec28cf2a43b2619570967fefb91436d8693245451be6606ab4810390b68", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/config", "correlation_key": "fp|ec460ec28cf2a43b2619570967fefb91436d8693245451be6606ab4810390b68", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1511}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123411, "scanner": "repobility-journey-contract", "fingerprint": "1e1b843852e3704e752c299fffce1b6c4cbcfd83230f10ac7c578fb82a367d1a", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/config", "correlation_key": "fp|1e1b843852e3704e752c299fffce1b6c4cbcfd83230f10ac7c578fb82a367d1a", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1327}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123410, "scanner": "repobility-journey-contract", "fingerprint": "d9110f301bfbd22a5926dc7cf4ee9ad470cb47d0a9c2c72ece1df3fdac0af326", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/config", "correlation_key": "fp|d9110f301bfbd22a5926dc7cf4ee9ad470cb47d0a9c2c72ece1df3fdac0af326", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1223}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123409, "scanner": "repobility-journey-contract", "fingerprint": "c7ff0033554dcd3fd4d1b4ebfd99bad3ba3697d5888e071bb6095a59de174683", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/config", "correlation_key": "fp|c7ff0033554dcd3fd4d1b4ebfd99bad3ba3697d5888e071bb6095a59de174683", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1059}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123408, "scanner": "repobility-journey-contract", "fingerprint": "6a93548625f7d913060c69cb6ec7da4fae4a6e85fbd772b1c25d302ed1786eb5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/restart", "correlation_key": "fp|6a93548625f7d913060c69cb6ec7da4fae4a6e85fbd772b1c25d302ed1786eb5", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "settings.html"}, "region": {"startLine": 1054}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123407, "scanner": "repobility-journey-contract", "fingerprint": "abe8274632f9be0c0d0480d0342a836a118d04ba021d133b4cef61658c75e840", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/restart", "correlation_key": "fp|abe8274632f9be0c0d0480d0342a836a118d04ba021d133b4cef61658c75e840", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 304}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123406, "scanner": "repobility-journey-contract", "fingerprint": "f329a30ab3e96ae5e24b3d6c8d0b7dfc58da96b856063f552b3aee79b575f47a", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/kill-stream/{param}", "correlation_key": "fp|f329a30ab3e96ae5e24b3d6c8d0b7dfc58da96b856063f552b3aee79b575f47a", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 295}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123405, "scanner": "repobility-journey-contract", "fingerprint": "66cf3a5a38e16d723d8eb59e6bb3623914f46b3437c08dfe02f21966bf67d7f5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scheduler/{param}/stop", "correlation_key": "fp|66cf3a5a38e16d723d8eb59e6bb3623914f46b3437c08dfe02f21966bf67d7f5", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 288}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123404, "scanner": "repobility-journey-contract", "fingerprint": "8f34e670ecdcc07af459ccdddb4c59348eb2b944e28fb4aa35df41dba9a79907", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scheduler/{param}/run", "correlation_key": "fp|8f34e670ecdcc07af459ccdddb4c59348eb2b944e28fb4aa35df41dba9a79907", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 280}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123403, "scanner": "repobility-journey-contract", "fingerprint": "7ed151fdcbcdbe443f43c5c66e9ab08b9725ef779dc2a1c054cd21f4abb5ce87", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/logs", "correlation_key": "fp|7ed151fdcbcdbe443f43c5c66e9ab08b9725ef779dc2a1c054cd21f4abb5ce87", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 264}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123402, "scanner": "repobility-journey-contract", "fingerprint": "d0c76cfd5f169dea6b3deb5d03da3134659a024ad92410310b6a283b6177c04c", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scheduler/status", "correlation_key": "fp|d0c76cfd5f169dea6b3deb5d03da3134659a024ad92410310b6a283b6177c04c", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 237}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 123401, "scanner": "repobility-journey-contract", "fingerprint": "6d9cd0fc894f64e91ee480ae764359cd6f0dbde84d54a8207fa890b82684b389", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/speed-history", "correlation_key": "fp|6d9cd0fc894f64e91ee480ae764359cd6f0dbde84d54a8207fa890b82684b389", "backend_endpoint_count": 46}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/dashboard.html"}, "region": {"startLine": 170}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dn."}, "properties": {"repobilityId": 123399, "scanner": "repobility-access-control", "fingerprint": "9ebf0eb46dcfd0a970dc78e5b86526f362f4bc87c765b7b538ea710815a0ad64", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/dn", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|71|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/metainfo/magnet.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /Range."}, "properties": {"repobilityId": 123398, "scanner": "repobility-access-control", "fingerprint": "4c1798b39cd04ba0708dc7fae0b101320590d42020ed783467d57d010f26fe68", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/Range", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|168|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/webseed/client.go"}, "region": {"startLine": 168}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /p."}, "properties": {"repobilityId": 123397, "scanner": "repobility-access-control", "fingerprint": "4a47f7edf4b0aa80bc601f20044eb24bd3c7f3ac6ce258abf8e9d1baf80b6db7", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/p", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|146|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/monitor/dashboard/handler.go"}, "region": {"startLine": 146}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /storage/settings."}, "properties": {"repobilityId": 123396, "scanner": "repobility-access-control", "fingerprint": "dcaeeb38e5e30e258c4bf8011ddcf660a556d5b491986f0a51d8a204c0607e5e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/storage/settings", "method": "POST", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|40|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/web/api/route.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /storage/settings."}, "properties": {"repobilityId": 123395, "scanner": "repobility-access-control", "fingerprint": "461f6ccc9f99bf7bd04ac08cd81469cc687875fafaee67484b7dcb421d38a583", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/storage/settings", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|39|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/web/api/route.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /settings."}, "properties": {"repobilityId": 123394, "scanner": "repobility-access-control", "fingerprint": "c1b080acc0ae575f7aa38373f3dcdfe7ded4d8c7546a5381af83662d3c0f7c3a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/settings", "method": "POST", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|19|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/web/api/route.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /Settings."}, "properties": {"repobilityId": 123393, "scanner": "repobility-access-control", "fingerprint": "b96ab6ef358ae4de0719b8fdec91a1222d18d60cca4cad66313fedb5e5057577", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/Settings", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|124|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/settings/settings.go"}, "region": {"startLine": 124}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /Settings."}, "properties": {"repobilityId": 123392, "scanner": "repobility-access-control", "fingerprint": "c70403b96aa748a526143e1b3e24f72603068ac86be992ee67f0c33c55aed4d9", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/Settings", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|117|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/settings/settings.go"}, "region": {"startLine": 117}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /Settings."}, "properties": {"repobilityId": 123391, "scanner": "repobility-access-control", "fingerprint": "9ee07fa119a60e276c598449d6ed7c539e3442adcab6b8e141d132c4860f6555", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/Settings", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|192|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/settings/btsets.go"}, "region": {"startLine": 192}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 34.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 123390, "scanner": "repobility-access-control", "fingerprint": "404a1a29be2b19e6b527a4e62b3d03731b6205356096bd501ceb7341a9c68a94", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 46, "correlation_key": "fp|404a1a29be2b19e6b527a4e62b3d03731b6205356096bd501ceb7341a9c68a94", "auth_visible_percent": 34.8}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 123389, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Gin"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-qppj-fm5r-hxr3", "level": "warning", "message": {"text": "golang.org/x/net: GHSA-qppj-fm5r-hxr3"}, "properties": {"repobilityId": 123327, "scanner": "osv-scanner", "fingerprint": "b62c119d0cb439e8a3d164bda6c63a4ead5f38975ebb19cddff75732c9df0808", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-apisix-2023-44487", "BIT-aspnet-core-2023-44487", "BIT-contour-2023-44487", "BIT-dotnet-2023-44487", "BIT-dotnet-sdk-2023-44487", "BIT-envoy-2023-44487", "BIT-golang-2023-44487", "BIT-jenkins-2023-44487", "BIT-kong-2023-44487", "BIT-nginx-2023-44487", "BIT-nginx-gateway-2023-44487", "BIT-node-2023-44487", "BIT-node-min-2023-44487", "BIT-solr-2023-44487", "BIT-tomcat-2023-44487", "BIT-varnish-2023-44487", "CVE-2023-44487"], "package": "golang.org/x/net", "rule_id": "GHSA-qppj-fm5r-hxr3", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2023-44487|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vvgj-x9jq-8cj9", "level": "warning", "message": {"text": "github.com/quic-go/quic-go: GHSA-vvgj-x9jq-8cj9"}, "properties": {"repobilityId": 123227, "scanner": "osv-scanner", "fingerprint": "06f68e97ce479ea893ec52a1255548f2890ee9a5f1f0462e9ba06c1cbce3645a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40898"], "package": "github.com/quic-go/quic-go", "rule_id": "GHSA-vvgj-x9jq-8cj9", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/quic-go/quic-go|CVE-2026-40898|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 123225, "scanner": "repobility-docker", "fingerprint": "39c4e1fd6b04ba1e2b5467101a5020bd167e659fc4ba9bc061a8b9b4be4294ac", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|39c4e1fd6b04ba1e2b5467101a5020bd167e659fc4ba9bc061a8b9b4be4294ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 123224, "scanner": "repobility-docker", "fingerprint": "9e6ab651768013738464c25d5d64a0c0d555bdd722368223a8c5de577dc87609", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 11 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 11, "correlation_key": "fp|9e6ab651768013738464c25d5d64a0c0d555bdd722368223a8c5de577dc87609", "dependency_install_line": 17}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 123222, "scanner": "repobility-docker", "fingerprint": "3504fdae339c4a477d704ff5b3ab6851f89e5b1ace1af85dd686d9bab4822272", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "alpine", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3504fdae339c4a477d704ff5b3ab6851f89e5b1ace1af85dd686d9bab4822272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 123221, "scanner": "repobility-docker", "fingerprint": "e5f623e54ed7db65dc9b926fdeea4aa82d80023915ba3ba7d21382c11027febe", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "lscr.io/linuxserver/plex:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5f623e54ed7db65dc9b926fdeea4aa82d80023915ba3ba7d21382c11027febe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.plex.tmpl"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 123220, "scanner": "repobility-docker", "fingerprint": "63c606449ca9bf448a1156200a32fafdb113a5711637ab702063bac3e5702c36", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "lscr.io/linuxserver/plex:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|63c606449ca9bf448a1156200a32fafdb113a5711637ab702063bac3e5702c36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.plex.tmpl"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 123219, "scanner": "repobility-docker", "fingerprint": "1a2f91d053a52a7f0530ba1c58037c9b8c888b96ce1b29ac6899aca53c9c7f58", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "lscr.io/linuxserver/jellyfin:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1a2f91d053a52a7f0530ba1c58037c9b8c888b96ce1b29ac6899aca53c9c7f58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.jellyfin.tmpl"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 123218, "scanner": "repobility-docker", "fingerprint": "e15ce54012b8fa0ca431913a2d55df24189b20e27e445f8d5efc92eb52200bbd", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "lscr.io/linuxserver/jellyfin:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e15ce54012b8fa0ca431913a2d55df24189b20e27e445f8d5efc92eb52200bbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.jellyfin.tmpl"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 123217, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 123216, "scanner": "repobility-docker", "fingerprint": "05df82cafeee68e4bd6d7f9d6b1d663188041857121be59d1c7e927e215ed025", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|05df82cafeee68e4bd6d7f9d6b1d663188041857121be59d1c7e927e215ed025"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC089", "level": "warning", "message": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "properties": {"repobilityId": 123213, "scanner": "repobility-threat-engine", "fingerprint": "5bb3ae134cf65472dc114d44b589df19ce0afe94f9c4912ee344586208be4fe3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".ListenPacket(opts.Network, \":0\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC089", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5bb3ae134cf65472dc114d44b589df19ce0afe94f9c4912ee344586208be4fe3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/tracker/udp/conn-client.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 123205, "scanner": "repobility-threat-engine", "fingerprint": "fed2b57c73acd336be43328a5da7196517d23e7b892cbead938da542470b72fc", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|internal/metadb/db.go|59|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/metadb/db.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 123204, "scanner": "repobility-threat-engine", "fingerprint": "48b57accb18a5d459b3aa3841c55113cd15c0d1756d755d62f0d088a88aa1f81", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|internal/metadb/caches.go|22|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/metadb/caches.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 123203, "scanner": "repobility-threat-engine", "fingerprint": "c196cf28e794392a41fe4077b3269f90cf9a66bd4c2948c424f0234f253997cf", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|51|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/storage/sqlite-piece-completion.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 123190, "scanner": "repobility-threat-engine", "fingerprint": "5a394c599423cf0b306a7312f7baa08ca752f70d4ac50ea2eb22ad05330d21bf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a394c599423cf0b306a7312f7baa08ca752f70d4ac50ea2eb22ad05330d21bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/internal/cmd/issue-906/main.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `peter-evans/dockerhub-description@v4` is 1 major version(s) behind (latest v5.0.0)"}, "properties": {"repobilityId": 123165, "scanner": "repobility-dependency-currency", "fingerprint": "ab51002c4bcb45e2ee0784a1ccdb4705e6207aeb91f5965a40aa5165cc668474", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "peter-evans/dockerhub-description", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v5.0.0", "correlation_key": "fp|ab51002c4bcb45e2ee0784a1ccdb4705e6207aeb91f5965a40aa5165cc668474", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-publish.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 123164, "scanner": "repobility-dependency-currency", "fingerprint": "1d4fc768105d6124c868c1fd0b8eecdc9e2e5beb04284cca72f40a4547f8f3be", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|1d4fc768105d6124c868c1fd0b8eecdc9e2e5beb04284cca72f40a4547f8f3be", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-publish.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 123415, "scanner": "repobility-web-presence", "fingerprint": "7a46b21398ff944779d9d786d458137f3843be82460f14e541fde29fc3853252", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|7a46b21398ff944779d9d786d458137f3843be82460f14e541fde29fc3853252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/catalog/torrentio/client.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 123400, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Gin"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 123168, "scanner": "repobility-threat-engine", "fingerprint": "025f083ea5e97e4c94670e579529ce779295ec6787cca88683ab34de3c80f5fb", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = strconv.Atoi(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|025f083ea5e97e4c94670e579529ce779295ec6787cca88683ab34de3c80f5fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/catalog/torrentio/client.go"}, "region": {"startLine": 180}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 123167, "scanner": "repobility-threat-engine", "fingerprint": "0540eb8946857239dc3451b9bc55139b53dc67da3762439457a3549c562da54b", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = me.getCurPeersAndDone(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0540eb8946857239dc3451b9bc55139b53dc67da3762439457a3549c562da54b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/tracker/server/server.go"}, "region": {"startLine": 82}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 123166, "scanner": "repobility-threat-engine", "fingerprint": "5c2a00f301a17c157af7d70557514a0e067f2e6ed455092550856d2fa5a12df0", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = tr.findFullHashBySuffix(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c2a00f301a17c157af7d70557514a0e067f2e6ed455092550856d2fa5a12df0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "autoremove.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123149, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6955f06ea8851b3fcb26eac16fd9993fabb60400c07248d8f056b3931abda7d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/config/config.go", "duplicate_line": 42, "correlation_key": "fp|6955f06ea8851b3fcb26eac16fd9993fabb60400c07248d8f056b3931abda7d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/syncer/quality/scorer.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123148, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e05e89b7df5ad1ca4c789362a405e95da43d806a7762f79fd628e8ba52150e52", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/syncer/engines/movie_go.go", "duplicate_line": 1, "correlation_key": "fp|e05e89b7df5ad1ca4c789362a405e95da43d806a7762f79fd628e8ba52150e52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/syncer/engines/watchlist_go.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123147, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ed347b7f3f9e3dacceb4ea7ed6a404e7517f59e6ecd2c094a27485c72cf6d4a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/anacrolix-torrent/iplist/iplist.go", "duplicate_line": 10, "correlation_key": "fp|5ed347b7f3f9e3dacceb4ea7ed6a404e7517f59e6ecd2c094a27485c72cf6d4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/web/blocker/iplist.go"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123146, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3f980d6525b5343999144c52d87496cca19657b6e54c93060a04f8869dc299f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/gostorm/torr/utils/torrent.go", "duplicate_line": 97, "correlation_key": "fp|c3f980d6525b5343999144c52d87496cca19657b6e54c93060a04f8869dc299f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/web/api/utils/link.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123145, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c096f72c57ecdae37e4a84c81d0d84fc86b347b268dc33fe7600024b38f35c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/gostorm/web/api/play.go", "duplicate_line": 36, "correlation_key": "fp|6c096f72c57ecdae37e4a84c81d0d84fc86b347b268dc33fe7600024b38f35c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/web/api/stream.go"}, "region": {"startLine": 181}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 123210, "scanner": "repobility-threat-engine", "fingerprint": "606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 123206, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 123202, "scanner": "repobility-threat-engine", "fingerprint": "f423aab12d90630d966c78475044f13aeefec01841f4616f9850b062f555b4eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f423aab12d90630d966c78475044f13aeefec01841f4616f9850b062f555b4eb", "aggregated_count": 9}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 123201, "scanner": "repobility-threat-engine", "fingerprint": "9756d0ef777d5b56f9cc8017dde7ac7f8631ce36d6e22c1f98d669ae0d8b5370", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9756d0ef777d5b56f9cc8017dde7ac7f8631ce36d6e22c1f98d669ae0d8b5370"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/socket.go"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 123200, "scanner": "repobility-threat-engine", "fingerprint": "3cab1b5dfb6a68a5a08c090efb224ba4a117587b9b32c934759aca07a9ff165f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3cab1b5dfb6a68a5a08c090efb224ba4a117587b9b32c934759aca07a9ff165f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/reader.go"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 123199, "scanner": "repobility-threat-engine", "fingerprint": "3ed6150dd8966cb2d4c98da3468baa56c72649427db315549fd8685cdc6b041c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ed6150dd8966cb2d4c98da3468baa56c72649427db315549fd8685cdc6b041c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/ratelimitreader.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 123198, "scanner": "repobility-threat-engine", "fingerprint": "69cb6d578ace0bc795e3af101e5a59ac176121a0ee63864645e84a0e3a495e8a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69cb6d578ace0bc795e3af101e5a59ac176121a0ee63864645e84a0e3a495e8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/vfs/metadata.go"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 123197, "scanner": "repobility-threat-engine", "fingerprint": "37db89ac919e2bd47a0eebfbdb71b136bab47cb81003ff58c602f087b95ca5c2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37db89ac919e2bd47a0eebfbdb71b136bab47cb81003ff58c602f087b95ca5c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gostorm/torr/utils/torrent.go"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 123196, "scanner": "repobility-threat-engine", "fingerprint": "94ef636dac977b6b679101a40b02081eab1fc1b827e4234ae6050949f95d0a72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94ef636dac977b6b679101a40b02081eab1fc1b827e4234ae6050949f95d0a72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/peer_protocol/handshake.go"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 123195, "scanner": "repobility-threat-engine", "fingerprint": "a9f7434b2f69947e6180a6b2a757bdbb37b931d7cae2cfec8a602169b850530a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a9f7434b2f69947e6180a6b2a757bdbb37b931d7cae2cfec8a602169b850530a", "aggregated_count": 11}}}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 123191, "scanner": "repobility-threat-engine", "fingerprint": "7d3cbbf2c29e4e1dde9a5df97501f882f3528c25d767ab708e33093e76d7a982", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d3cbbf2c29e4e1dde9a5df97501f882f3528c25d767ab708e33093e76d7a982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/internal/cmd/issue-906/main.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 123189, "scanner": "repobility-threat-engine", "fingerprint": "649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 123181, "scanner": "repobility-threat-engine", "fingerprint": "dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c"}}}, {"ruleId": "MINED033", "level": "none", "message": {"text": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 123177, "scanner": "repobility-threat-engine", "fingerprint": "f943231638a4b599d4998c0378bf64ab7b993424c24de8aad1fb711c825d941a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f943231638a4b599d4998c0378bf64ab7b993424c24de8aad1fb711c825d941a", "aggregated_count": 2}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 123173, "scanner": "repobility-threat-engine", "fingerprint": "3e5e73cdf13511c6e30876171e98d0585eb60408f241d8f091da8d026ea3fae1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3e5e73cdf13511c6e30876171e98d0585eb60408f241d8f091da8d026ea3fae1", "aggregated_count": 52}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 123172, "scanner": "repobility-threat-engine", "fingerprint": "80ec6218d340119ca2105e6207bcaded4a3a0c5913c250284f4840b33337623b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80ec6218d340119ca2105e6207bcaded4a3a0c5913c250284f4840b33337623b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/bep40.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 123171, "scanner": "repobility-threat-engine", "fingerprint": "7bb90b47e127f4fdf08e685ef9c0617ad5bba2e0ae0b1560b11a0b539b0045f7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bb90b47e127f4fdf08e685ef9c0617ad5bba2e0ae0b1560b11a0b539b0045f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/bencode/encode.go"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 123170, "scanner": "repobility-threat-engine", "fingerprint": "ebbb4c850c0070179bad10621af2a5927f221ea38bcfcc65d055aa7fcb693d5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebbb4c850c0070179bad10621af2a5927f221ea38bcfcc65d055aa7fcb693d5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/analysis/peer-upload-order.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 123169, "scanner": "repobility-threat-engine", "fingerprint": "d3c4a52965bfd7938e9c32437f6a92dc766f695b946629a89ddbe90ed93afa73", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d3c4a52965bfd7938e9c32437f6a92dc766f695b946629a89ddbe90ed93afa73"}}}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 123388, "scanner": "osv-scanner", "fingerprint": "e4c143deff15ef76760a82ca5063e15dd835e3d86a11da697946d777a69dc8a3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 123387, "scanner": "osv-scanner", "fingerprint": "4a3a1e4112b4bd2c406dd8a81cc5f91a9818cd7ecdb94af30dd8e241d298e2b7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 123386, "scanner": "osv-scanner", "fingerprint": "b295602f06a38285dd2bc2ec4dbdcf2815b31a0a0766a1b1651e6b2e702bc939", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 123385, "scanner": "osv-scanner", "fingerprint": "915a5b67edcf4c1e8e7fe053682be3157df085d88b8f11dfc60138425b94038e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 123384, "scanner": "osv-scanner", "fingerprint": "99ea20461011aa28a6a46b8cec7b8bf0c796b6207554f8f23fde685c7986c1b8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 123383, "scanner": "osv-scanner", "fingerprint": "fd69ef244093c583b236e994748f0a06e9f25a60013551f2c5fe0de51d6f4f77", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 123382, "scanner": "osv-scanner", "fingerprint": "460c598aeb0a14f8c211d323ffc940ac86eb535c5a9d6a8b699cb9c20a4e385d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 123381, "scanner": "osv-scanner", "fingerprint": "ac5bcdce5644b8fbc67509fabaab553d53634e65d6b639e0b42a49fe08110f57", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 123380, "scanner": "osv-scanner", "fingerprint": "60f54a6932bc9e5540823ada26f979eca7bc0de502bb3dce2fd487a59987ae89", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 123379, "scanner": "osv-scanner", "fingerprint": "bc2e779d8f6f19cd84340013008b0851c0a2c6d7376d849566532d295e498af6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 123378, "scanner": "osv-scanner", "fingerprint": "eae80e608979c4117d56435f70beca10a0cf2cf3938499af904475d78c895a48", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 123377, "scanner": "osv-scanner", "fingerprint": "3ed7a14d9c729019d02adc2974d001821a60452e966ff8be6d38877a77da3069", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 123376, "scanner": "osv-scanner", "fingerprint": "027fc01e1e812ef4b684a3e31498a20dfca51dd55390ec5132e66b466cde4715", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 123375, "scanner": "osv-scanner", "fingerprint": "407ab561330d222d769fb98e8838bbe3d3ab620ef6b6d900590ad85c9c738bd8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 123374, "scanner": "osv-scanner", "fingerprint": "6c8c2049b470160433f0ab20858a4e17c00ea99606c7679ead9e84f255c1b360", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 123373, "scanner": "osv-scanner", "fingerprint": "d949085912103dba82587862f7349181250ca8c61a764fc5e7e49703c55faa08", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 123372, "scanner": "osv-scanner", "fingerprint": "916b623a4df81e6f70d7b3364659b746b3fda143692f1e9d56aa4d02c46f42ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 123371, "scanner": "osv-scanner", "fingerprint": "90230123f9c149d3d87b98b00fd8614164c9c9a3677644b7b9ef574fd05f115a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 123370, "scanner": "osv-scanner", "fingerprint": "57a0c236e3b068d1a4de1caf02836d85803206f0c7db6108123c29cfff99708a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 123369, "scanner": "osv-scanner", "fingerprint": "b989a6fc474c62245c2288a7ace520fc6104bea6fa9166ad3e81206b17e81762", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4403", "level": "error", "message": {"text": "stdlib: GO-2026-4403"}, "properties": {"repobilityId": 123368, "scanner": "osv-scanner", "fingerprint": "a860a38d706c83a10afdba4e3aa28786e6a64e416d52ed78d17cafaa64eed040", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22873", "CVE-2025-22873"], "package": "stdlib", "rule_id": "GO-2026-4403", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22873|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 123367, "scanner": "osv-scanner", "fingerprint": "dd4bbded2ad6bfa67b73fbe0c8c9bcaa8f505930f165318272d91e1e439a263d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 123366, "scanner": "osv-scanner", "fingerprint": "f7f08e89c8381a0cf1d01e83af73e69285c93a25b99c40235764f04531e66598", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 123365, "scanner": "osv-scanner", "fingerprint": "2af90d834a4280e0b97e7714c39ad2e002192b94d715b17f49716f5b097e1560", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 123364, "scanner": "osv-scanner", "fingerprint": "868c78a4d6986110188e34da6c5753f9e2b00bacb566d21b74b45efe3eaf6a71", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 123363, "scanner": "osv-scanner", "fingerprint": "46e67b2e77169dadfea5412c2bd93a40051ae66abdd83149a38d53bb3091f054", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 123362, "scanner": "osv-scanner", "fingerprint": "77cf09f5e1a3a10db343d76974277bd2901b3158ee578f4a32b74b9d62609c49", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 123361, "scanner": "osv-scanner", "fingerprint": "4fca9f4dba3ff759673b896391c709961df6161385a95e2d023240a816a1b76f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 123360, "scanner": "osv-scanner", "fingerprint": "a516b978d758c604b9ff151e9615c501bd101abbcc5a898105d05de80f21857d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 123359, "scanner": "osv-scanner", "fingerprint": "69a0832151d1049d4d587266b4b99edfd3361a2cd58b74683053c82512da2d96", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 123358, "scanner": "osv-scanner", "fingerprint": "1ebf792943d5459f8a5790ea711cd4b713b3f3e7964dbf52787ffd80168092dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 123357, "scanner": "osv-scanner", "fingerprint": "da43d8509f264142919f0046a725de5a139f8f75a7ef87bc3c7d7c3f99b7319d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 123356, "scanner": "osv-scanner", "fingerprint": "60351ce46e43317236c209e5d5ffd2a827da133cb8ab405ed32c5b41fab4ec83", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 123355, "scanner": "osv-scanner", "fingerprint": "cd4f7f7599a8f532aae4a1998f92ced2dc71a063ce586590ac17b3290bbdf5d0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 123354, "scanner": "osv-scanner", "fingerprint": "a938a58b6b10ba2422e5a7fc61fa4c880e0fb9738d0e1875dd0ba6e7764f1beb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 123353, "scanner": "osv-scanner", "fingerprint": "5887e3651d0e52208538f04a1a06e8319d4a5cec41ebb7178b9c2a3156fcd1d8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 123352, "scanner": "osv-scanner", "fingerprint": "22525f750115eea17a6ce0fa77561623a96584d42199c047b9a273b0f4a0d80d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3956", "level": "error", "message": {"text": "stdlib: GO-2025-3956"}, "properties": {"repobilityId": 123351, "scanner": "osv-scanner", "fingerprint": "cfe25291ade7abed4fb4506e46a87ad104695d264eda5f84356674d30b3b4dc1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47906", "CVE-2025-47906"], "package": "stdlib", "rule_id": "GO-2025-3956", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47906|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3849", "level": "error", "message": {"text": "stdlib: GO-2025-3849"}, "properties": {"repobilityId": 123350, "scanner": "osv-scanner", "fingerprint": "1a856b052ae8da4ff655113db7e676c2d60ec15f5ff1d7d74f9b2600371fc429", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47907", "CVE-2025-47907"], "package": "stdlib", "rule_id": "GO-2025-3849", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47907|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3751", "level": "error", "message": {"text": "stdlib: GO-2025-3751"}, "properties": {"repobilityId": 123349, "scanner": "osv-scanner", "fingerprint": "6c29bb4e57e102d0012051eb6a4ea55122f8e5686151cba2962084d64d704da4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-4673", "CVE-2025-4673"], "package": "stdlib", "rule_id": "GO-2025-3751", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-4673|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3750", "level": "error", "message": {"text": "stdlib: GO-2025-3750"}, "properties": {"repobilityId": 123348, "scanner": "osv-scanner", "fingerprint": "8b7a16ae67d92b4f437067aacc2ee33a03efff5f0b893777e23cc9024eeebd96", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-0913", "CVE-2025-0913"], "package": "stdlib", "rule_id": "GO-2025-3750", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-0913|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3563", "level": "error", "message": {"text": "stdlib: GO-2025-3563"}, "properties": {"repobilityId": 123347, "scanner": "osv-scanner", "fingerprint": "63775c2a2b31c752fddb2eea5f0df476cde71e787fab91b2c762d2c86b086ab3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22871", "CVE-2025-22871", "GHSA-g9pc-8g42-g6vq"], "package": "stdlib", "rule_id": "GO-2025-3563", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22871|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3503", "level": "error", "message": {"text": "stdlib: GO-2025-3503"}, "properties": {"repobilityId": 123346, "scanner": "osv-scanner", "fingerprint": "d2486be7383ddf680f13b656eb80817ddf93c8c32dcaa5fa87c1a04b6255e33b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-22870", "GHSA-qxp5-gwg8-xv66"], "package": "stdlib", "rule_id": "GO-2025-3503", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22870|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3447", "level": "error", "message": {"text": "stdlib: GO-2025-3447"}, "properties": {"repobilityId": 123345, "scanner": "osv-scanner", "fingerprint": "316769c9bdac31be9f7a8623d9f86db04f9add7e4ae078192ae0a247f9f4de47", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22866", "CVE-2025-22866"], "package": "stdlib", "rule_id": "GO-2025-3447", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22866|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3420", "level": "error", "message": {"text": "stdlib: GO-2025-3420"}, "properties": {"repobilityId": 123344, "scanner": "osv-scanner", "fingerprint": "15a611721dbd1169e073bdbb408425d6704bfee6f22c6c1eca35f7b3e1221764", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-45336", "CVE-2024-45336"], "package": "stdlib", "rule_id": "GO-2025-3420", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-45336|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3373", "level": "error", "message": {"text": "stdlib: GO-2025-3373"}, "properties": {"repobilityId": 123343, "scanner": "osv-scanner", "fingerprint": "11c643de0a86d2b2984964220de332792dc45cced6a06b7cc67bb7c5238bce13", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-45341", "CVE-2024-45341"], "package": "stdlib", "rule_id": "GO-2025-3373", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-45341|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3107", "level": "error", "message": {"text": "stdlib: GO-2024-3107"}, "properties": {"repobilityId": 123342, "scanner": "osv-scanner", "fingerprint": "9b55d62b85840c3385cd1bbcd262ae7f2b71b7f392ea709faf96bc825eecc76e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34158", "CVE-2024-34158"], "package": "stdlib", "rule_id": "GO-2024-3107", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34158|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3106", "level": "error", "message": {"text": "stdlib: GO-2024-3106"}, "properties": {"repobilityId": 123341, "scanner": "osv-scanner", "fingerprint": "db3216137d7d2062ca570b87880fa6d2dbf89418e106946774f3404dafddf0ef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34156", "CVE-2024-34156"], "package": "stdlib", "rule_id": "GO-2024-3106", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34156|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3105", "level": "error", "message": {"text": "stdlib: GO-2024-3105"}, "properties": {"repobilityId": 123340, "scanner": "osv-scanner", "fingerprint": "94f673fadf29d5f95ac4f54fc15b6795ed491fd3b9c53982c8781bcf1b445db1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34155", "CVE-2024-34155"], "package": "stdlib", "rule_id": "GO-2024-3105", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34155|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2963", "level": "error", "message": {"text": "stdlib: GO-2024-2963"}, "properties": {"repobilityId": 123339, "scanner": "osv-scanner", "fingerprint": "3baba657da0c4b82dfa31b6cb3ca70956fdb7dc27d14196b9dd80fbcdb8c97de", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24791", "CVE-2024-24791"], "package": "stdlib", "rule_id": "GO-2024-2963", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24791|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2888", "level": "error", "message": {"text": "stdlib: GO-2024-2888"}, "properties": {"repobilityId": 123338, "scanner": "osv-scanner", "fingerprint": "7ee775a4160fe897bcf29b26574b672cf12192538e60163e34316ee616cc261d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24789", "CVE-2024-24789"], "package": "stdlib", "rule_id": "GO-2024-2888", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24789|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2887", "level": "error", "message": {"text": "stdlib: GO-2024-2887"}, "properties": {"repobilityId": 123337, "scanner": "osv-scanner", "fingerprint": "5a19060bdcb8f5226ef9d3bd043953cf32e268bfbfe1d4e5ff92d0c0e1b6765c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24790", "CVE-2024-24790"], "package": "stdlib", "rule_id": "GO-2024-2887", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24790|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2687", "level": "error", "message": {"text": "stdlib: GO-2024-2687"}, "properties": {"repobilityId": 123336, "scanner": "osv-scanner", "fingerprint": "e0b14a748704df7fba5dac0a645767c9ae1f038cc28d3b9a8059de866e3d5eeb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45288", "CVE-2023-45288", "GHSA-4v7x-pqxf-cx7m"], "package": "stdlib", "rule_id": "GO-2024-2687", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2023-45288|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2610", "level": "error", "message": {"text": "stdlib: GO-2024-2610"}, "properties": {"repobilityId": 123335, "scanner": "osv-scanner", "fingerprint": "708e26898e33071390a08b9b3495484e0c59ef56e90db31140e8cc1e151de351", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24785", "CVE-2024-24785"], "package": "stdlib", "rule_id": "GO-2024-2610", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24785|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2609", "level": "error", "message": {"text": "stdlib: GO-2024-2609"}, "properties": {"repobilityId": 123334, "scanner": "osv-scanner", "fingerprint": "0940fe0b5c4a431099370d1233c4368b2cb94f485a64c0e276f4a34a8e864011", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24784", "CVE-2024-24784"], "package": "stdlib", "rule_id": "GO-2024-2609", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24784|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2600", "level": "error", "message": {"text": "stdlib: GO-2024-2600"}, "properties": {"repobilityId": 123333, "scanner": "osv-scanner", "fingerprint": "5027a7de3964a26cb6aa617c39e58332da3b86af594559664083e69347435e58", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45289", "CVE-2023-45289"], "package": "stdlib", "rule_id": "GO-2024-2600", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2023-45289|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2599", "level": "error", "message": {"text": "stdlib: GO-2024-2599"}, "properties": {"repobilityId": 123332, "scanner": "osv-scanner", "fingerprint": "640cbe9982478eee7a0f3377507589c734dbc98f46b742fce511f883b9e696be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45290", "CVE-2023-45290"], "package": "stdlib", "rule_id": "GO-2024-2599", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2023-45290|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2598", "level": "error", "message": {"text": "stdlib: GO-2024-2598"}, "properties": {"repobilityId": 123331, "scanner": "osv-scanner", "fingerprint": "23257208511bac07753c57db95ec9fdc0ad8331775afaff93fc04d6e7ccbc340", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24783", "CVE-2024-24783"], "package": "stdlib", "rule_id": "GO-2024-2598", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24783|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2611", "level": "error", "message": {"text": "google.golang.org/protobuf: GO-2024-2611"}, "properties": {"repobilityId": 123330, "scanner": "osv-scanner", "fingerprint": "b2ec58c9b76132d57820cbe51d70c958c244d1094330dbc042bb20c4529d0793", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-24786", "GHSA-8r3f-844c-mc37"], "package": "google.golang.org/protobuf", "rule_id": "GO-2024-2611", "scanner": "osv-scanner", "correlation_key": "vuln|google.golang.org/protobuf|CVE-2024-24786|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8r3f-844c-mc37", "GO-2024-2611"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4b0ed72d7c20b3797d702d9cc099e428860a1e1b8209e8343ec793ce3e44eb7e", "b2ec58c9b76132d57820cbe51d70c958c244d1094330dbc042bb20c4529d0793"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5024", "level": "error", "message": {"text": "golang.org/x/sys: GO-2026-5024"}, "properties": {"repobilityId": 123328, "scanner": "osv-scanner", "fingerprint": "02af322f045fa5fe3927e2e32e9aef68af9578c99e289cd4c680876d73f8d010", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39824"], "package": "golang.org/x/sys", "rule_id": "GO-2026-5024", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/sys|CVE-2026-39824|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 123326, "scanner": "osv-scanner", "fingerprint": "c703a58c0a65c0b86229fa181cb7ba82f4b556a3bbc0cbb99f027dbcc276c001", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 123325, "scanner": "osv-scanner", "fingerprint": "d55fbf1559e60c5282a47a17f9f75bcc1d949677a691ccd935590c7b034725ed", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 123324, "scanner": "osv-scanner", "fingerprint": "bbc91b703d04a270cb25eebb38ac84687c8b1cae34404f4d26dcd00a176ded4c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 123323, "scanner": "osv-scanner", "fingerprint": "0207d2a0ba369904dcc0562714198bb9a34c8d60f7cd4512eb442726163e91ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 123322, "scanner": "osv-scanner", "fingerprint": "414ca3ed80f0533fcdf6810edac8044d645fb3e7f6ff8aa4a32ece205b14fa3c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 123321, "scanner": "osv-scanner", "fingerprint": "4ecfff23b1e9e9a2373eb3623721b0ec12055fdac8b1794310d5923967e9f26f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4918"}, "properties": {"repobilityId": 123320, "scanner": "osv-scanner", "fingerprint": "b6327a7ea003dd76eab1675822acbf0f17f7c1e9f3f19d041968051032efec03", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "golang.org/x/net", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-33814|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4441", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4441"}, "properties": {"repobilityId": 123319, "scanner": "osv-scanner", "fingerprint": "3cd96e70b503617652a9de66c3d99bb2c698027b68f1f691b7fbd54436cd69a5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58190"], "package": "golang.org/x/net", "rule_id": "GO-2026-4441", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2025-58190|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4440", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4440"}, "properties": {"repobilityId": 123318, "scanner": "osv-scanner", "fingerprint": "adb48326a6370bbeccbf2585a7f3ce46500ae48face585b40def17e9d2827f55", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47911", "GHSA-w4gw-w5jq-g9jh"], "package": "golang.org/x/net", "rule_id": "GO-2026-4440", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2025-47911|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3595", "level": "error", "message": {"text": "golang.org/x/net: GO-2025-3595"}, "properties": {"repobilityId": 123317, "scanner": "osv-scanner", "fingerprint": "111b4f39e7c9946bcc58b683986c2365b4f9e4f9543f1f1f7beee15311919377", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-22872", "GHSA-vvgc-356p-c3xw"], "package": "golang.org/x/net", "rule_id": "GO-2025-3595", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2025-22872|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-vvgc-356p-c3xw", "GO-2025-3595"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["111b4f39e7c9946bcc58b683986c2365b4f9e4f9543f1f1f7beee15311919377", "3bac0789aea19551077dcf1585d409924ed51d5c3096f8f07a21e366d318e8e0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3503", "level": "error", "message": {"text": "golang.org/x/net: GO-2025-3503"}, "properties": {"repobilityId": 123316, "scanner": "osv-scanner", "fingerprint": "2c944a14c68e408b7c533fceb7921194ad2442859a2b8818013416a87e985447", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-22870", "GHSA-qxp5-gwg8-xv66"], "package": "golang.org/x/net", "rule_id": "GO-2025-3503", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2025-22870|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qxp5-gwg8-xv66", "GO-2025-3503"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2c944a14c68e408b7c533fceb7921194ad2442859a2b8818013416a87e985447", "2e99846e9b7586ad2aa20ca1e7295e924e65bd39f17bfa1fcc70f37cb74df08a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3333", "level": "error", "message": {"text": "golang.org/x/net: GO-2024-3333"}, "properties": {"repobilityId": 123315, "scanner": "osv-scanner", "fingerprint": "883ee1a5751ab5f5a981f41915584787c26a6f505c2d20571d4de9c20ca174af", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45338", "GHSA-w32m-9786-jp63"], "package": "golang.org/x/net", "rule_id": "GO-2024-3333", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2024-45338|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2687", "level": "error", "message": {"text": "golang.org/x/net: GO-2024-2687"}, "properties": {"repobilityId": 123314, "scanner": "osv-scanner", "fingerprint": "781e4f46d2f0066391eb61fb8dd9c0c67d347878cbbb109965a1637b7010116b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45288", "CVE-2023-45288", "GHSA-4v7x-pqxf-cx7m"], "package": "golang.org/x/net", "rule_id": "GO-2024-2687", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2023-45288|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-4v7x-pqxf-cx7m", "GO-2024-2687"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["781e4f46d2f0066391eb61fb8dd9c0c67d347878cbbb109965a1637b7010116b", "ccde039b886fa102d8cef96eee40ac3499d7b5726b16763587c4226fe2bd5b8b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2023-2102", "level": "error", "message": {"text": "golang.org/x/net: GO-2023-2102"}, "properties": {"repobilityId": 123313, "scanner": "osv-scanner", "fingerprint": "6b0cecfcd0563bbab482cbd3e4c4e74128eba33295eb36ec6f7dfd56e6b2b687", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2023-39325", "CVE-2023-39325", "GHSA-4374-p667-p6c8"], "package": "golang.org/x/net", "rule_id": "GO-2023-2102", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2023-39325|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-4374-p667-p6c8", "GO-2023-2102"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6b0cecfcd0563bbab482cbd3e4c4e74128eba33295eb36ec6f7dfd56e6b2b687", "b3f5a016948a3001cb71ee5722364a74d29e28b870acb2e2c07db2d251ca8127"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2023-1988", "level": "error", "message": {"text": "golang.org/x/net: GO-2023-1988"}, "properties": {"repobilityId": 123312, "scanner": "osv-scanner", "fingerprint": "e96b7253a36868b5b650d5fadc6dfd6c0072c52135d9cc37d8cd8ed1d5b27f59", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-3978", "GHSA-2wrh-6pvc-2jm9"], "package": "golang.org/x/net", "rule_id": "GO-2023-1988", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2023-3978|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-2wrh-6pvc-2jm9", "GO-2023-1988"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5983ae1d24f9311e78e61d4ca901d3a91373a330f443fd7e88a1eaaa366ff33b", "e96b7253a36868b5b650d5fadc6dfd6c0072c52135d9cc37d8cd8ed1d5b27f59"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 123311, "scanner": "osv-scanner", "fingerprint": "ff6af5fbe6fcc585a449710c2e177b86659b56cb858d87da0d73abdf5c834c16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 123310, "scanner": "osv-scanner", "fingerprint": "4badb5641bf965c0d8cfaf7b4a861796f81ad674eb3b29e79279723e7b7685ff", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 123309, "scanner": "osv-scanner", "fingerprint": "fa88d153769b6899edfd679652300bbb5eccf1d64f2e76e899302515efcc7f08", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 123308, "scanner": "osv-scanner", "fingerprint": "2676fc718141cbd24b2f6c01579589a690f15967f2d410a47d1ff15a511995b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 123307, "scanner": "osv-scanner", "fingerprint": "d17c40f6bf11504bf8c21afd85db19bf79fbf10d32c6e475aed0c96d83bca5b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 123306, "scanner": "osv-scanner", "fingerprint": "86bac1ee9a83b1e1cca3ff281089fc42748440d7bb801b38a14d2e285f73f414", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 123305, "scanner": "osv-scanner", "fingerprint": "cc277c2f183d88d41cdc677fafdb61fdad22975b684467cceb216b5668362f4b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 123304, "scanner": "osv-scanner", "fingerprint": "1254287213f8ee5ff703903dc68b6bf6aa18c4d7631c956948f40773a5012462", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 123303, "scanner": "osv-scanner", "fingerprint": "c1c4d2ca517a2e9bc83c218cd22ee388ff498a1bad977697b8459a4a56db9ea2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 123302, "scanner": "osv-scanner", "fingerprint": "71734432db1027113f7f8fe031d181d5c6d0a5c7ccbab13558cd955e2740f385", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 123301, "scanner": "osv-scanner", "fingerprint": "e2456240d2a2ab26ae034ca49617b8fe2c162640613fc3483b63dbde83d01d20", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 123300, "scanner": "osv-scanner", "fingerprint": "cc4d73836360ac2c22ae0ae946390b22c3bf66c439a7a2b20d9be25016ff2205", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 123299, "scanner": "osv-scanner", "fingerprint": "7f6d7cd6c511bae6e4512f54042e8664e48ee3c723a2d9160794188fb9e8e00c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4135", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4135"}, "properties": {"repobilityId": 123298, "scanner": "osv-scanner", "fingerprint": "6c78e27674a1e7ba53db023e32895280ae15d4f10a93ffe61bb6cdd7a8325169", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-47914", "GHSA-f6x5-jh6r-wrfv"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4135", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-47914|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f6x5-jh6r-wrfv", "GO-2025-4135"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["459213b2f26f94533db5ccdb9514e2c6fbbaaacf0d2ded340b92acea6eab006c", "6c78e27674a1e7ba53db023e32895280ae15d4f10a93ffe61bb6cdd7a8325169"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4134", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4134"}, "properties": {"repobilityId": 123297, "scanner": "osv-scanner", "fingerprint": "ce88060de104eab54ad61020918ef82bd207910ec6db8378633235b98adc24fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-58181", "GHSA-j5w8-q4qc-rx2x"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4134", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-58181|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j5w8-q4qc-rx2x", "GO-2025-4134"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["135a40072060ffa3575930384aebf2b2cd927dc8feaf76edb57b88c2ac84572b", "ce88060de104eab54ad61020918ef82bd207910ec6db8378633235b98adc24fc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4116", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4116"}, "properties": {"repobilityId": 123296, "scanner": "osv-scanner", "fingerprint": "1715413a421e1d61352cdab7eff4b3fc9290c02a112c11074d14b45bd8dc357c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47913", "GHSA-56w8-48fp-6mgv"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4116", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-47913|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3487", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-3487"}, "properties": {"repobilityId": 123295, "scanner": "osv-scanner", "fingerprint": "60505a25f4826d4a6063f82165ec92c7585fdfcf3aa1b2e39efaf5dc56f71012", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-22869", "GHSA-hcg3-q754-cr77"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-3487", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-22869|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hcg3-q754-cr77", "GO-2025-3487"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["60505a25f4826d4a6063f82165ec92c7585fdfcf3aa1b2e39efaf5dc56f71012", "612a3fbf16c1324a99b725971cdbfcbc250f6ae38ee225f16ff681c764b55c40"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4479", "level": "error", "message": {"text": "github.com/pion/dtls/v2: GO-2026-4479"}, "properties": {"repobilityId": 123293, "scanner": "osv-scanner", "fingerprint": "0c66da604dce5221c80ecef39146a3c3f54a2ad9edd1455e6e98144422a3ec79", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-26014", "GHSA-9f3f-wv7r-qc8r"], "package": "github.com/pion/dtls/v2", "rule_id": "GO-2026-4479", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/pion/dtls/v2|CVE-2026-26014|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-9f3f-wv7r-qc8r", "GO-2026-4479"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0c66da604dce5221c80ecef39146a3c3f54a2ad9edd1455e6e98144422a3ec79", "ec31cfcff571742ace6bde3a4e116cd5b7aaee128c918f7e0bdc72ba2eef5872"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 123292, "scanner": "osv-scanner", "fingerprint": "a83e627c146ec5ae6354a209b08e46b90552fb3a55f244faf312d2b6a843ac55", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 123291, "scanner": "osv-scanner", "fingerprint": "26372ffc012a6e2f27ce548bd31a794161794f6db76480f81788e01849ca8dcf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 123290, "scanner": "osv-scanner", "fingerprint": "7541d4dba5fe7d349432ff80e6bd46b2c38dd49496f069ec8dc88c96fdceac42", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 123289, "scanner": "osv-scanner", "fingerprint": "55d3beed68a8f5e42f18723efe918ad21fc61328525c12c89ad625c5d23b7d9a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 123288, "scanner": "osv-scanner", "fingerprint": "06597abb53f8beb41690d7c819ff1d3e8a2462b14165f2aec6adf584ae5391fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 123287, "scanner": "osv-scanner", "fingerprint": "28de4e8cade658d2e44ab8fd3e29ba0bdfdf0b1eeb2ffec399deac5678b03a31", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 123286, "scanner": "osv-scanner", "fingerprint": "10ec7b10c93ff987796c913ebbfb76a710d8ed93bbbe45b13f6f0d10e2b211e6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 123285, "scanner": "osv-scanner", "fingerprint": "3620a62e00e33214f96ebc7312d23fec44851a9ee712599ee745845147c40e21", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 123284, "scanner": "osv-scanner", "fingerprint": "68c9ed164767bc1abc8d6a8706cf655bcaa445cc8f997e11de5c53701466a0a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 123283, "scanner": "osv-scanner", "fingerprint": "1a9b8779ea85b5b0ef026400c900b7f27dcd6628d9b6df9f442929c24844f89e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 123282, "scanner": "osv-scanner", "fingerprint": "6a2263e9fecc21871d7240174f9ea0f2519ea0ac23b3fc3ff0ed52e2c5b99602", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 123281, "scanner": "osv-scanner", "fingerprint": "9eee462c00c8456bd7d2d4badc7bf78d311924612882fb6fc2e47014d51e47a2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 123280, "scanner": "osv-scanner", "fingerprint": "b5a44e944ffd7c105aa62904a3469805e8033225279767b94a0d562437b7e9f6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 123279, "scanner": "osv-scanner", "fingerprint": "7a602b0215fccffc7bd6ea6495a41311331a53696d26e919d4c27e06e7dc1127", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 123278, "scanner": "osv-scanner", "fingerprint": "2616d3ca78cea03ffe2fd69591ac572a5c26c1a0f2d9b7251c276d1c7ef533e2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 123277, "scanner": "osv-scanner", "fingerprint": "99144fa7a438f5de339d05331016ab642fcdd56d3e34fcd10966c226dc703277", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 123276, "scanner": "osv-scanner", "fingerprint": "3eda3039016c3998065f2008f357040040a62205b6827640c36d1af597f1321e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 123275, "scanner": "osv-scanner", "fingerprint": "d7d3f84a2aefd06da14535bc5bd652521167fa18c1af035dad60fbeaaab718b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 123274, "scanner": "osv-scanner", "fingerprint": "72fb48c374368b7b6746faae03f792b1fbfc30fa0ca49a9c6798f4728600e9be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 123273, "scanner": "osv-scanner", "fingerprint": "a44cc08228f1d2907c99f8e158dface76fff075b40ff17af8f0b2c72ef35f74d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4403", "level": "error", "message": {"text": "stdlib: GO-2026-4403"}, "properties": {"repobilityId": 123272, "scanner": "osv-scanner", "fingerprint": "0599db09bac973b441944e9de3ef1d5d97e4a1b891c5db43e223d5cf6b864b17", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22873", "CVE-2025-22873"], "package": "stdlib", "rule_id": "GO-2026-4403", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22873|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 123271, "scanner": "osv-scanner", "fingerprint": "5278430be17741e61400d1f30710c44ddd2ec4dbdf3e87b6ff60d0386927ed95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 123270, "scanner": "osv-scanner", "fingerprint": "b15f19c3a93c4dbe48ec5dce4f897a4b0cc1804a795108b2290301d4b2a4d088", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 123269, "scanner": "osv-scanner", "fingerprint": "5fdcf088afd1d1512255dceef1dbf16199182fbd6c905f1f2602e05a2767df04", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 123268, "scanner": "osv-scanner", "fingerprint": "cce309486249674e847b44d5166efc9503259ae3b6eb4899b6e518afa40306d2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 123267, "scanner": "osv-scanner", "fingerprint": "1451c80f35b0899164a856594b8131a7dbe181b7fcf1e04f9e5627c91fbc785b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 123266, "scanner": "osv-scanner", "fingerprint": "f61e290522280d57b31ad4d3e4b1ad634809a6fcb83c544a5c73e36f89a1f1a2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 123265, "scanner": "osv-scanner", "fingerprint": "ed0a3973c0fa749d25a3a29ec0d042b62018010b09d9988c279fa1b03b53db68", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 123264, "scanner": "osv-scanner", "fingerprint": "1c5da88f89311fe3e0d4ca3c5bcf3fee82455fbf0637d840afeeef8e224e3f93", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 123263, "scanner": "osv-scanner", "fingerprint": "5525e27eeb74c5af76e1e938a8d07a793af27f2eeb33e65cf22e243f0014d625", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 123262, "scanner": "osv-scanner", "fingerprint": "789ab5700c0df2d86e95dba3cb69feab9bf7a5d2c906a6408fff440e3e02f2ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 123261, "scanner": "osv-scanner", "fingerprint": "3787f51453125abfc86f44a498517eb562d10ba89c1715559eed0589463f97fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 123260, "scanner": "osv-scanner", "fingerprint": "6619eae742afe9811d2c58cf98521e0e5887009b7b0d77bbcd350f067171d39c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 123259, "scanner": "osv-scanner", "fingerprint": "c7131dfb85dbd427f287b5ecd77ebff08e7cabd52a24f6caa30257a0a22364d6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 123258, "scanner": "osv-scanner", "fingerprint": "9bb81c1794b76053af760b2b859c96f1db217da1c31e0ebea41bb484cd5fa47e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 123257, "scanner": "osv-scanner", "fingerprint": "6fbd9e9d19224c8aa99ec9f874889b008ed7580c9b5e277450916050f07dc7c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 123256, "scanner": "osv-scanner", "fingerprint": "a2c54d7b47764090eb05f87beb521bde5a52154fe53a43225348488ed5e28e3d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3956", "level": "error", "message": {"text": "stdlib: GO-2025-3956"}, "properties": {"repobilityId": 123255, "scanner": "osv-scanner", "fingerprint": "9512d960bee33ae99815b16df33e1a2cab9e4ac35d694abb0477b37fa432b2ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47906", "CVE-2025-47906"], "package": "stdlib", "rule_id": "GO-2025-3956", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47906|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3849", "level": "error", "message": {"text": "stdlib: GO-2025-3849"}, "properties": {"repobilityId": 123254, "scanner": "osv-scanner", "fingerprint": "205e415e29a98dac761de81483be32922ef6832d56cc17cb589af1849ba1f4d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47907", "CVE-2025-47907"], "package": "stdlib", "rule_id": "GO-2025-3849", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47907|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3751", "level": "error", "message": {"text": "stdlib: GO-2025-3751"}, "properties": {"repobilityId": 123253, "scanner": "osv-scanner", "fingerprint": "ecd3308c6df045db289d3df3dc067d4ddca36ecc6f7ed5b92e8f6f8627af64d9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-4673", "CVE-2025-4673"], "package": "stdlib", "rule_id": "GO-2025-3751", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-4673|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3750", "level": "error", "message": {"text": "stdlib: GO-2025-3750"}, "properties": {"repobilityId": 123252, "scanner": "osv-scanner", "fingerprint": "0dbd2f23f76f41471c4b0dd6f4418464087209e20dc4b6882439743cdb084bcb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-0913", "CVE-2025-0913"], "package": "stdlib", "rule_id": "GO-2025-3750", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-0913|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3749", "level": "error", "message": {"text": "stdlib: GO-2025-3749"}, "properties": {"repobilityId": 123251, "scanner": "osv-scanner", "fingerprint": "a503c1363584b932fe8c7ecd53ef30bb4643168978b4f1352b0569c334c63210", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22874", "CVE-2025-22874"], "package": "stdlib", "rule_id": "GO-2025-3749", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22874|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3563", "level": "error", "message": {"text": "stdlib: GO-2025-3563"}, "properties": {"repobilityId": 123250, "scanner": "osv-scanner", "fingerprint": "bc0be3c7766191e7664209d2f34eb74b63f2e32eac8c3eaf2df49804cec7ed30", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22871", "CVE-2025-22871", "GHSA-g9pc-8g42-g6vq"], "package": "stdlib", "rule_id": "GO-2025-3563", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22871|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3503", "level": "error", "message": {"text": "stdlib: GO-2025-3503"}, "properties": {"repobilityId": 123249, "scanner": "osv-scanner", "fingerprint": "0629adf21af952232ca56d45ad4a80b74debb909912eab0cf3a710a7b7ee835f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-22870", "GHSA-qxp5-gwg8-xv66"], "package": "stdlib", "rule_id": "GO-2025-3503", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22870|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5024", "level": "error", "message": {"text": "golang.org/x/sys: GO-2026-5024"}, "properties": {"repobilityId": 123248, "scanner": "osv-scanner", "fingerprint": "79f10c25369703a3754463aae8a0158f89425541907e3182ad0da8006916ee19", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39824"], "package": "golang.org/x/sys", "rule_id": "GO-2026-5024", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/sys|CVE-2026-39824|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 123247, "scanner": "osv-scanner", "fingerprint": "f56f13f5fd0d02e616781fb4e263264064c55d496b56f34e2e697db0a1750dd6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 123246, "scanner": "osv-scanner", "fingerprint": "346c97831be09b89603f8819967a1caf39f8f572a2d5dc5925a9ae0a6b98856e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 123245, "scanner": "osv-scanner", "fingerprint": "796445bee725d6616761216b224cb420e85017321d01a56e43bf03efe210c5f5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 123244, "scanner": "osv-scanner", "fingerprint": "acf4f4ae909e3489f7be9bc36808d846c836956d4a36bc26ba43890f213b1436", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 123243, "scanner": "osv-scanner", "fingerprint": "2a9be343e7c5c43785f4d36c5506f23f8b055fb0d461a84395ad634441be541a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 123242, "scanner": "osv-scanner", "fingerprint": "be62fe7df92442560f1a21cceb16f1ca23f3e9cbe2e00b9699b8ae286a0012ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4918"}, "properties": {"repobilityId": 123241, "scanner": "osv-scanner", "fingerprint": "d07e75663319e62f27408375428863546ab8185771ef2447feb53879555f4916", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "golang.org/x/net", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-33814|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 123240, "scanner": "osv-scanner", "fingerprint": "ad1d47a6aef958448f22a42c2d60392dc7008e25932b619f84e66221eb131e95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 123239, "scanner": "osv-scanner", "fingerprint": "2d612844c17f0f3569717978b60331059540fefc1c2346e38678f12228b2ebdb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 123238, "scanner": "osv-scanner", "fingerprint": "9cfea8adee448a2428e663f481c352e77e2cd449655562d5b118efedfb7da4f8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 123237, "scanner": "osv-scanner", "fingerprint": "93b646b3920c3a2193a1efdebfdfa5196ce3475c1dc5bae6355a6e1f9cbf460a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 123236, "scanner": "osv-scanner", "fingerprint": "345537a037a5b3177ae140a9e9c405ec64da8434ead8931918ec7573a6ce20b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 123235, "scanner": "osv-scanner", "fingerprint": "949f77a9611832376c508d55bf01659a712274ac105d24e504e15dd5e1dbf16f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 123234, "scanner": "osv-scanner", "fingerprint": "2930f2404722144c851cb9051c8ebf92002718de31c8d9fd7a648ca0f2ef6ada", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 123233, "scanner": "osv-scanner", "fingerprint": "ac67bbb6c13f69fe38c8bbe16cf8fe7e2ed0ab66e0c5b15dba53f20834fe3d86", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 123232, "scanner": "osv-scanner", "fingerprint": "2e502398ad2ca483c07bc43556f4c4eb205c7761c2c9cd89d2d1aee4f087438f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 123231, "scanner": "osv-scanner", "fingerprint": "8daae6fef532b43e67fa01a55acbd01bab03899e2f5d4ad247bee8e8442024dd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 123230, "scanner": "osv-scanner", "fingerprint": "ccaa102abe73278dc6503207bd926859d7ba8955ec415d747a72b6b58b6a3dc3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 123229, "scanner": "osv-scanner", "fingerprint": "8b88451b530e190692c439835073029a47d5722b48b6a00ddb5e3369824775a2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 123228, "scanner": "osv-scanner", "fingerprint": "ae98cdae0aac80f7b5a30a91f9180936ed79f348030d056d429d20e8b082f033", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4479", "level": "error", "message": {"text": "github.com/pion/dtls/v2: GO-2026-4479"}, "properties": {"repobilityId": 123226, "scanner": "osv-scanner", "fingerprint": "2ad8c32b4532ca65bfacc81e20463593d7e617af88dd1b73efd7b2dfd0d0ffb8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-26014", "GHSA-9f3f-wv7r-qc8r"], "package": "github.com/pion/dtls/v2", "rule_id": "GO-2026-4479", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/pion/dtls/v2|CVE-2026-26014|go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-9f3f-wv7r-qc8r", "GO-2026-4479"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2ad8c32b4532ca65bfacc81e20463593d7e617af88dd1b73efd7b2dfd0d0ffb8", "ba9e43de701abcfb584a6eedef1bf4693560e3a4b06ef9e766c717e702ea6737"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 123223, "scanner": "repobility-docker", "fingerprint": "dbc7f8956d6a5caf2fc2c45ec58cb3f022dc7b2e90deab7b487117f97d27cacb", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|dbc7f8956d6a5caf2fc2c45ec58cb3f022dc7b2e90deab7b487117f97d27cacb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 123215, "scanner": "repobility-docker", "fingerprint": "14663582decee3bc0cd557a235a83d29293b8e5b1e33181aa5c5caa90f3963c5", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|14663582decee3bc0cd557a235a83d29293b8e5b1e33181aa5c5caa90f3963c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 123214, "scanner": "repobility-threat-engine", "fingerprint": "f1349a381918e42c861ab8e626072fcdea188c1f1cf889ef674623b2fa7e29ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f1349a381918e42c861ab8e626072fcdea188c1f1cf889ef674623b2fa7e29ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/catalog/torrentio/client.go"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 123212, "scanner": "repobility-threat-engine", "fingerprint": "7867466a68129d7bf8ee16341a72d62dc9d8932475143bc2d29bc84548c44ea5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7867466a68129d7bf8ee16341a72d62dc9d8932475143bc2d29bc84548c44ea5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/tracker/http/client.go"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC088", "level": "error", "message": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "properties": {"repobilityId": 123211, "scanner": "repobility-threat-engine", "fingerprint": "fe8bbf3b184f5143841dae09aa42df5e2961da9b301bd908742f5149a4e22565", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "InsecureSkipVerify: true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC088", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe8bbf3b184f5143841dae09aa42df5e2961da9b301bd908742f5149a4e22565"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/tracker/http/client.go"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 123209, "scanner": "repobility-threat-engine", "fingerprint": "4ed1c7f891082ebf440dc16e7f169ca4d146dab4e4fe5b1e334b8ea905a02d00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4ed1c7f891082ebf440dc16e7f169ca4d146dab4e4fe5b1e334b8ea905a02d00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/metadb/db.go"}, "region": {"startLine": 83}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 123208, "scanner": "repobility-threat-engine", "fingerprint": "509c4e08bf1ef7ba71363c487bac5bac8289caa97feed3d11fb9a620de95266d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(entry", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|509c4e08bf1ef7ba71363c487bac5bac8289caa97feed3d11fb9a620de95266d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/metadb/caches.go"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 123207, "scanner": "repobility-threat-engine", "fingerprint": "235baec0bbd88fc5db978a409ee413cfe8556543b92b9c390f61a5059280afcc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(\n\t\tme", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|235baec0bbd88fc5db978a409ee413cfe8556543b92b9c390f61a5059280afcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/storage/sqlite-piece-completion.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 123194, "scanner": "repobility-threat-engine", "fingerprint": "bec5898a158c5e01c1cc57ccf75f6d807f4c566f9c0ca05f58a776e9f5eecd4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bec5898a158c5e01c1cc57ccf75f6d807f4c566f9c0ca05f58a776e9f5eecd4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/peer_protocol/msg.go"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 123193, "scanner": "repobility-threat-engine", "fingerprint": "261107303107b95ae8f3b763db011d1b35b747134d4070dfd41aeeacd2833be6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|261107303107b95ae8f3b763db011d1b35b747134d4070dfd41aeeacd2833be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/peer_protocol/decoder.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 123192, "scanner": "repobility-threat-engine", "fingerprint": "960446a4bd416e227501f702a353a378909259b5d23b313c541f59bbab55a92b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|960446a4bd416e227501f702a353a378909259b5d23b313c541f59bbab55a92b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/mse/cmd/mse/main.go"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 123188, "scanner": "repobility-threat-engine", "fingerprint": "ba688ba0bd7a54d1275196132f2b877d717b9d3e571c23a6df02df798dd62d19", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ba688ba0bd7a54d1275196132f2b877d717b9d3e571c23a6df02df798dd62d19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/tracker_scraper.go"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 123187, "scanner": "repobility-threat-engine", "fingerprint": "9c0bec90b685ab8d4715063324733393d25d07712c527ec247586ff96b39a9dc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9c0bec90b685ab8d4715063324733393d25d07712c527ec247586ff96b39a9dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/tracker/http/http.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 123186, "scanner": "repobility-threat-engine", "fingerprint": "91f0b36a004874e7acd9e551d1d66502e05b1bb4fce9d073dc4708233d6e2b0e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|91f0b36a004874e7acd9e551d1d66502e05b1bb4fce9d073dc4708233d6e2b0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/internal/cmd/issue-465/main.go"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 123185, "scanner": "repobility-threat-engine", "fingerprint": "468a58d8f225eee85ccc02c9278ce45c694a4ed42566a86ca6a7f1ead7bd9874", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|468a58d8f225eee85ccc02c9278ce45c694a4ed42566a86ca6a7f1ead7bd9874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/types/infohash/infohash.go"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 123184, "scanner": "repobility-threat-engine", "fingerprint": "7e6984e0b0a58aa8796685f07044a784d3a4d5a5cd1bc20c0e428df6faf3c6e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e6984e0b0a58aa8796685f07044a784d3a4d5a5cd1bc20c0e428df6faf3c6e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/metainfo/pieces.go"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 123183, "scanner": "repobility-threat-engine", "fingerprint": "e06bc6f2d31f03774b31c99c88184249d711021e6640f13e20e43e6dcb43faea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e06bc6f2d31f03774b31c99c88184249d711021e6640f13e20e43e6dcb43faea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/global.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 123182, "scanner": "repobility-threat-engine", "fingerprint": "0a7fa30d4b2f73a7fae1cea69aec2d7a9f39656d6f9c35028988d79ef0ac9306", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(ctx context.Context, req *fuse.OpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|25|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/fs/filenode.go"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 123180, "scanner": "repobility-threat-engine", "fingerprint": "edcf67a93007951b0ac9b4f40c29bb7f35fb7f645388c7d90c751e60a6cffd2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "me.last.Delete()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|edcf67a93007951b0ac9b4f40c29bb7f35fb7f645388c7d90c751e60a6cffd2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/internal/nestedmaps/nestedmaps.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 123179, "scanner": "repobility-threat-engine", "fingerprint": "0d77a81307e48d91999197ed6ad961b3f36e7663dc9ff462fb84f4b4498aad48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "rn.fs.Destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d77a81307e48d91999197ed6ad961b3f36e7663dc9ff462fb84f4b4498aad48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/fs/torrentfs.go"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 123178, "scanner": "repobility-threat-engine", "fingerprint": "f5c70ab93941a596f7d0742342e8d740f848db23fbe0d29ef1ba90d97a629749", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fs.Destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5c70ab93941a596f7d0742342e8d740f848db23fbe0d29ef1ba90d97a629749"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/fs/cmd/torrentfs/main.go"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 123176, "scanner": "repobility-threat-engine", "fingerprint": "b0a90e51e4b43798765896b940f597f76302dcea5b7a9ee0af2468a4167f83ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0a90e51e4b43798765896b940f597f76302dcea5b7a9ee0af2468a4167f83ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/webtorrent/tracker-protocol.go"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 123175, "scanner": "repobility-threat-engine", "fingerprint": "7632b996f8f254c63b4e229cbb9c237315c8fee2fe05c9d86ef1ea6df5312d23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7632b996f8f254c63b4e229cbb9c237315c8fee2fe05c9d86ef1ea6df5312d23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/metainfo/nodes.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 123174, "scanner": "repobility-threat-engine", "fingerprint": "dc5641c1ec722a47d177e59754a441b5162cffced12a179cb9af30443154b973", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc5641c1ec722a47d177e59754a441b5162cffced12a179cb9af30443154b973"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/bencode/encode.go"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/dockerhub-description` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 123161, "scanner": "repobility-supply-chain", "fingerprint": "718771620e07cc26a8dc2470e8d0ef802b6cddddb40a4c81425b2b7495245c24", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|718771620e07cc26a8dc2470e8d0ef802b6cddddb40a4c81425b2b7495245c24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-publish.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 123160, "scanner": "repobility-supply-chain", "fingerprint": "820056b5dec0d8ddac1b98390154a8a403403e02091524cb31f7f12cd4d75030", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|820056b5dec0d8ddac1b98390154a8a403403e02091524cb31f7f12cd4d75030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-publish.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `lscr.io/linuxserver/jellyfin:latest` not pinned by digest"}, "properties": {"repobilityId": 123156, "scanner": "repobility-supply-chain", "fingerprint": "4dda9d99eaea6ba8e5b70c2e6315896a6b2c28ec663a8446be1180d87e0c88c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4dda9d99eaea6ba8e5b70c2e6315896a6b2c28ec663a8446be1180d87e0c88c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.jellyfin.tmpl"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `golang:1.24-bookworm` not pinned by digest"}, "properties": {"repobilityId": 123155, "scanner": "repobility-supply-chain", "fingerprint": "e35a61b3bf21067fb17e43fa96d3653baf428232b59c11706fcc6ec2e6c064c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e35a61b3bf21067fb17e43fa96d3653baf428232b59c11706fcc6ec2e6c064c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.jellyfin.tmpl"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `lscr.io/linuxserver/plex:latest` not pinned by digest"}, "properties": {"repobilityId": 123154, "scanner": "repobility-supply-chain", "fingerprint": "eb6e50e12043f3add777234781090db5986f2485764ab666fc955bb1d6c4a90b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eb6e50e12043f3add777234781090db5986f2485764ab666fc955bb1d6c4a90b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.plex.tmpl"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `golang:1.24-bookworm` not pinned by digest"}, "properties": {"repobilityId": 123153, "scanner": "repobility-supply-chain", "fingerprint": "e08c43490d49b03e327593c61ac3b126744459ac88cc16072bcfcf69e3dbcc62", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e08c43490d49b03e327593c61ac3b126744459ac88cc16072bcfcf69e3dbcc62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-windows/templates/Dockerfile.plex.tmpl"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 123152, "scanner": "repobility-supply-chain", "fingerprint": "7e359fc7ecc82f110db710501e4b0b0171cf246fc8de84165c4eb88ca877ff29", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e359fc7ecc82f110db710501e4b0b0171cf246fc8de84165c4eb88ca877ff29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `golang:1.24-bookworm` not pinned by digest"}, "properties": {"repobilityId": 123151, "scanner": "repobility-supply-chain", "fingerprint": "36222fd413b9c5642dd5ab11bda791cab6992d3d59564aae662bcd7cf4023134", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36222fd413b9c5642dd5ab11bda791cab6992d3d59564aae662bcd7cf4023134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 123150, "scanner": "repobility-supply-chain", "fingerprint": "746d227752a0eae37ea9b0696f99a1dda4fe569a36426559212e9b626e34416f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|746d227752a0eae37ea9b0696f99a1dda4fe569a36426559212e9b626e34416f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 6}}}]}, {"ruleId": "GHSA-p77j-4mvh-x3m3", "level": "error", "message": {"text": "google.golang.org/grpc: GHSA-p77j-4mvh-x3m3"}, "properties": {"repobilityId": 123329, "scanner": "osv-scanner", "fingerprint": "86d154a8c38b469eebc7916200a62b1365c5c0a7210522b5463868d467be1fb9", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33186", "GO-2026-4762"], "package": "google.golang.org/grpc", "rule_id": "GHSA-p77j-4mvh-x3m3", "scanner": "osv-scanner", "correlation_key": "vuln|google.golang.org/grpc|CVE-2026-33186|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-p77j-4mvh-x3m3", "GO-2026-4762"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["86d154a8c38b469eebc7916200a62b1365c5c0a7210522b5463868d467be1fb9", "ed9f8d62fde5795acda8715f6deb94e456eddf37b7d2a13ba7801d2e10d3d451"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v778-237x-gjrc", "level": "error", "message": {"text": "golang.org/x/crypto: GHSA-v778-237x-gjrc"}, "properties": {"repobilityId": 123294, "scanner": "osv-scanner", "fingerprint": "506de2be59e7269183b6af6910b8b49be11c0c9f11439138fcfc5ce0e8627028", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-45337", "GO-2024-3321"], "package": "golang.org/x/crypto", "rule_id": "GHSA-v778-237x-gjrc", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2024-45337|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-v778-237x-gjrc", "GO-2024-3321"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["328b6f89bb6e0242e7f03fe4ea346d43f4f2a98addd383064fc86dfbfa5e2ef9", "506de2be59e7269183b6af6910b8b49be11c0c9f11439138fcfc5ce0e8627028"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anacrolix-torrent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.APP_PRIVATE_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 123163, "scanner": "repobility-supply-chain", "fingerprint": "8f3e4ba6d047897049944a3b25ca57322e9dea5ce16da1d6df75391ea8f875de", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f3e4ba6d047897049944a3b25ca57322e9dea5ce16da1d6df75391ea8f875de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gemini-dispatch.yml"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.APP_PRIVATE_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 123162, "scanner": "repobility-supply-chain", "fingerprint": "948aa7f6d78d3e1bfbb493a6c9b0202aa329dfd02f6778c754126ea821b5a347", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|948aa7f6d78d3e1bfbb493a6c9b0202aa329dfd02f6778c754126ea821b5a347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gemini-dispatch.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.APP_PRIVATE_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 123159, "scanner": "repobility-supply-chain", "fingerprint": "1984d32d677db7b7c61f064394afbed7ecd957ffc06938e83f0923d0a1dd2c92", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1984d32d677db7b7c61f064394afbed7ecd957ffc06938e83f0923d0a1dd2c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gemini-scheduled-triage.yml"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GOOGLE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 123158, "scanner": "repobility-supply-chain", "fingerprint": "7a735f915496658ca069e69ee7a12e6098acaf18521f537ed3a5f391e441c1dd", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a735f915496658ca069e69ee7a12e6098acaf18521f537ed3a5f391e441c1dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gemini-scheduled-triage.yml"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GEMINI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 123157, "scanner": "repobility-supply-chain", "fingerprint": "9438f6b21fd7f5f250d8c82dfa985038279c1e55b70972e4050ac3b405d3108f", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9438f6b21fd7f5f250d8c82dfa985038279c1e55b70972e4050ac3b405d3108f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gemini-scheduled-triage.yml"}, "region": {"startLine": 103}}}]}]}]}