{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-rv9v-r4vm-gj8x", "name": "miniscript: GHSA-rv9v-r4vm-gj8x", "shortDescription": {"text": "miniscript: GHSA-rv9v-r4vm-gj8x"}, "fullDescription": {"text": "Miniscript allows stack consumption"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)", "shortDescription": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "fullDescription": {"text": "`uses: actions/checkout@v4` is 2 major version(s) behind the latest published release v6.0.3. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4403", "name": "stdlib: GO-2026-4403", "shortDescription": {"text": "stdlib: GO-2026-4403"}, "fullDescription": {"text": "Improper access to parent directory of root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3956", "name": "stdlib: GO-2025-3956", "shortDescription": {"text": "stdlib: GO-2025-3956"}, "fullDescription": {"text": "Unexpected paths returned from LookPath in os/exec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3849", "name": "stdlib: GO-2025-3849", "shortDescription": {"text": "stdlib: GO-2025-3849"}, "fullDescription": {"text": "Incorrect results returned from Rows.Scan in database/sql"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3751", "name": "stdlib: GO-2025-3751", "shortDescription": {"text": "stdlib: GO-2025-3751"}, "fullDescription": {"text": "Sensitive headers not cleared on cross-origin redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3750", "name": "stdlib: GO-2025-3750", "shortDescription": {"text": "stdlib: GO-2025-3750"}, "fullDescription": {"text": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3563", "name": "stdlib: GO-2025-3563", "shortDescription": {"text": "stdlib: GO-2025-3563"}, "fullDescription": {"text": "Request smuggling due to acceptance of invalid chunked data in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3503", "name": "stdlib: GO-2025-3503", "shortDescription": {"text": "stdlib: GO-2025-3503"}, "fullDescription": {"text": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3447", "name": "stdlib: GO-2025-3447", "shortDescription": {"text": "stdlib: GO-2025-3447"}, "fullDescription": {"text": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3420", "name": "stdlib: GO-2025-3420", "shortDescription": {"text": "stdlib: GO-2025-3420"}, "fullDescription": {"text": "Sensitive headers incorrectly sent after cross-domain redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3373", "name": "stdlib: GO-2025-3373", "shortDescription": {"text": "stdlib: GO-2025-3373"}, "fullDescription": {"text": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3107", "name": "stdlib: GO-2024-3107", "shortDescription": {"text": "stdlib: GO-2024-3107"}, "fullDescription": {"text": "Stack exhaustion in Parse in go/build/constraint"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3106", "name": "stdlib: GO-2024-3106", "shortDescription": {"text": "stdlib: GO-2024-3106"}, "fullDescription": {"text": "Stack exhaustion in Decoder.Decode in encoding/gob"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3105", "name": "stdlib: GO-2024-3105", "shortDescription": {"text": "stdlib: GO-2024-3105"}, "fullDescription": {"text": "Stack exhaustion in all Parse functions in go/parser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2963", "name": "stdlib: GO-2024-2963", "shortDescription": {"text": "stdlib: GO-2024-2963"}, "fullDescription": {"text": "Denial of service due to improper 100-continue handling in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2888", "name": "stdlib: GO-2024-2888", "shortDescription": {"text": "stdlib: GO-2024-2888"}, "fullDescription": {"text": "Mishandling of corrupt central directory record in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2887", "name": "stdlib: GO-2024-2887", "shortDescription": {"text": "stdlib: GO-2024-2887"}, "fullDescription": {"text": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2687", "name": "stdlib: GO-2024-2687", "shortDescription": {"text": "stdlib: GO-2024-2687"}, "fullDescription": {"text": "HTTP/2 CONTINUATION flood in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2610", "name": "stdlib: GO-2024-2610", "shortDescription": {"text": "stdlib: GO-2024-2610"}, "fullDescription": {"text": "Errors returned from JSON marshaling may break template escaping in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2609", "name": "stdlib: GO-2024-2609", "shortDescription": {"text": "stdlib: GO-2024-2609"}, "fullDescription": {"text": "Comments in display names are incorrectly handled in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2600", "name": "stdlib: GO-2024-2600", "shortDescription": {"text": "stdlib: GO-2024-2600"}, "fullDescription": {"text": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2599", "name": "stdlib: GO-2024-2599", "shortDescription": {"text": "stdlib: GO-2024-2599"}, "fullDescription": {"text": "Memory exhaustion in multipart form parsing in net/textproto and net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-2598", "name": "stdlib: GO-2024-2598", "shortDescription": {"text": "stdlib: GO-2024-2598"}, "fullDescription": {"text": "Verify panics on certificates with an unknown public key algorithm in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5024", "name": "golang.org/x/sys: GO-2026-5024", "shortDescription": {"text": "golang.org/x/sys: GO-2026-5024"}, "fullDescription": {"text": "Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5033", "name": "golang.org/x/crypto: GO-2026-5033", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5033"}, "fullDescription": {"text": "Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5023", "name": "golang.org/x/crypto: GO-2026-5023", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5023"}, "fullDescription": {"text": "Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5021", "name": "golang.org/x/crypto: GO-2026-5021", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5021"}, "fullDescription": {"text": "Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5020", "name": "golang.org/x/crypto: GO-2026-5020", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5020"}, "fullDescription": {"text": "Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5019", "name": "golang.org/x/crypto: GO-2026-5019", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5019"}, "fullDescription": {"text": "Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5018", "name": "golang.org/x/crypto: GO-2026-5018", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5018"}, "fullDescription": {"text": "Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5017", "name": "golang.org/x/crypto: GO-2026-5017", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5017"}, "fullDescription": {"text": "Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5016", "name": "golang.org/x/crypto: GO-2026-5016", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5016"}, "fullDescription": {"text": "Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5015", "name": "golang.org/x/crypto: GO-2026-5015", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5015"}, "fullDescription": {"text": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5014", "name": "golang.org/x/crypto: GO-2026-5014", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5014"}, "fullDescription": {"text": "Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5013", "name": "golang.org/x/crypto: GO-2026-5013", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5013"}, "fullDescription": {"text": "Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5006", "name": "golang.org/x/crypto: GO-2026-5006", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5006"}, "fullDescription": {"text": "Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5005", "name": "golang.org/x/crypto: GO-2026-5005", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5005"}, "fullDescription": {"text": "Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4135", "name": "golang.org/x/crypto: GO-2025-4135", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4135"}, "fullDescription": {"text": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4134", "name": "golang.org/x/crypto: GO-2025-4134", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4134"}, "fullDescription": {"text": "Unbounded memory consumption in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4116", "name": "golang.org/x/crypto: GO-2025-4116", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-4116"}, "fullDescription": {"text": "Potential denial of service in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3487", "name": "golang.org/x/crypto: GO-2025-3487", "shortDescription": {"text": "golang.org/x/crypto: GO-2025-3487"}, "fullDescription": {"text": "Potential denial of service in golang.org/x/crypto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern.", "shortDescription": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-go` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/setup-go@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "go.mod replaces `github.com/btcsuite/btcd` \u2014 points to a LOCAL path", "shortDescription": {"text": "go.mod replaces `github.com/btcsuite/btcd` \u2014 points to a LOCAL path"}, "fullDescription": {"text": "`replace github.com/btcsuite/btcd => ../dependencies/btcd/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GHSA-v778-237x-gjrc", "name": "golang.org/x/crypto: GHSA-v778-237x-gjrc", "shortDescription": {"text": "golang.org/x/crypto: GHSA-v778-237x-gjrc"}, "fullDescription": {"text": "Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1236"}, "properties": {"repository": "bitcoinfuzz/bitcoinfuzz", "repoUrl": "https://github.com/bitcoinfuzz/bitcoinfuzz", "branch": "main"}, "results": [{"ruleId": "GHSA-rv9v-r4vm-gj8x", "level": "warning", "message": {"text": "miniscript: GHSA-rv9v-r4vm-gj8x"}, "properties": {"repobilityId": 124293, "scanner": "osv-scanner", "fingerprint": "860913e6fd9e8828c5523af2d7ad998c015e91e6670a848850dd88b06d209f6e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-44073"], "package": "miniscript", "rule_id": "GHSA-rv9v-r4vm-gj8x", "scanner": "osv-scanner", "correlation_key": "vuln|miniscript|CVE-2024-44073|rust_bitcoin_lib/cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_bitcoin_lib/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 124213, "scanner": "repobility-dependency-currency", "fingerprint": "ab8f8602d44e1b6c3208bbfb581666699693192993ad1325aa92211d0f9e7cb9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|ab8f8602d44e1b6c3208bbfb581666699693192993ad1325aa92211d0f9e7cb9", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 124208, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 124292, "scanner": "osv-scanner", "fingerprint": "6c606c00f409dedaf56661053f9e5dd59bc385d3d35fddf2ee410db807ddfe24", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 124291, "scanner": "osv-scanner", "fingerprint": "074a6a9504503dd847b694b27408583feab679e356fde3d125a792bfdfaac6f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 124290, "scanner": "osv-scanner", "fingerprint": "dd0b08704cb77c0a8ceb03cd23d98168d4e615bdd7ec1f590aa5e8072fa1c8c4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 124289, "scanner": "osv-scanner", "fingerprint": "050ab294ad96d308688a2e47c1372fe4d635dc415be78dd5ea6f572abc56d032", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 124288, "scanner": "osv-scanner", "fingerprint": "6747ba43eb5becdb571b05ac920b9d0f965fecb3a5cce8db5e53f4f2b2f96957", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 124287, "scanner": "osv-scanner", "fingerprint": "2ea8e52dacd67ca13bd083cc9d7846a5c0adab1b791ca31466006b656469335d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 124286, "scanner": "osv-scanner", "fingerprint": "0541ea53821a5d8a9be1d49b3ea354f50e3e2fd53158301e704dbf1b2f12d3ed", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 124285, "scanner": "osv-scanner", "fingerprint": "db00d964a2fca3e0889b996a43883dc9f6878d49ce392bd1afd827568e04df84", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 124284, "scanner": "osv-scanner", "fingerprint": "04dafbb3fd2da95f270d8fb0a39eb8e6c155e7837266d27d6914f7b67da4805e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 124283, "scanner": "osv-scanner", "fingerprint": "98e7d60630cd8c390b6dd4b9618cdd8019b622ad293e1888ec8e27a2d3ed2145", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 124282, "scanner": "osv-scanner", "fingerprint": "6c2e14d1e243a7cd844fb13c074aed2e3a6ab82d07247f7a69c307709d2c959d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 124281, "scanner": "osv-scanner", "fingerprint": "74cbffc2db08cbf353d25540ed5b32b3608ee2146bf7e5d6d357c4e10aa057a5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 124280, "scanner": "osv-scanner", "fingerprint": "88595b1152ec8bc5221356c9ab621b67589ae44cc24261715599d8ed4a206253", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 124279, "scanner": "osv-scanner", "fingerprint": "1ea0ce6860aaa87d1927a750919d941c0df64f4e2e13e58a3cc852703c0dac2d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 124278, "scanner": "osv-scanner", "fingerprint": "99ca833e3bc115e33f541c4e7c5ecd94fa58bc540d3332d0d63155ba97c61d1d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 124277, "scanner": "osv-scanner", "fingerprint": "fdb41d42ea26c2891fac06f9e2877ac2dc1ecb6c70fc392ffd0af18095d40be0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 124276, "scanner": "osv-scanner", "fingerprint": "5527225884f61338e762c5fa0a0e42d36536b69fd7f5d265ab4650afd2f05c6c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 124275, "scanner": "osv-scanner", "fingerprint": "314b920aafff7caaac6c2b56382f50c687815da430a1d613e6672abd09297eb0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 124274, "scanner": "osv-scanner", "fingerprint": "54e4e6329ffb25fc3678395f79c9f2405cc817a745702b7f7d586fb8967d96b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 124273, "scanner": "osv-scanner", "fingerprint": "7839f60087848f61c3f7069981cd5c3cc9b6ea6b662c8ab8052007470ccf2632", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4403", "level": "error", "message": {"text": "stdlib: GO-2026-4403"}, "properties": {"repobilityId": 124272, "scanner": "osv-scanner", "fingerprint": "acd9dbdc67bd27d3f1624da9d8905faf682c536db428fe53e9821395f9c284be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22873", "CVE-2025-22873"], "package": "stdlib", "rule_id": "GO-2026-4403", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22873|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 124271, "scanner": "osv-scanner", "fingerprint": "7d4ea602aaf0b17143be7053cf75ac308fd9cd8ebbf323e324d9b1302618106f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 124270, "scanner": "osv-scanner", "fingerprint": "b3a45bb1a87297584fdb0e8857a909c2a45d3c2e011500c40fee9d03d336430f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 124269, "scanner": "osv-scanner", "fingerprint": "40ae7ab17724b13503c629575c46a4af0077ffdc1af76cb30ce87c10f05bab14", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 124268, "scanner": "osv-scanner", "fingerprint": "5d40e24448a409459118b9b7dd7325495647c6d2cc1eff613fd3804b9e09d9b8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 124267, "scanner": "osv-scanner", "fingerprint": "11f7f151c5b3165d3b9d5c231de08cc03df7c6cf2d62d4d65fbc74ae16ce074d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 124266, "scanner": "osv-scanner", "fingerprint": "31fa8e7db632717a803e5ed034d0757dd4a25f0e4a887bb65bda6ce29b478008", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 124265, "scanner": "osv-scanner", "fingerprint": "e5cfef693893268f51955c54e3b3fc923a7ddf6fbc79ff50d02c64c5cbfc138e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 124264, "scanner": "osv-scanner", "fingerprint": "3b96b88960dd39097c420854190a6192ab089bc8782330a73f6a29029020007a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 124263, "scanner": "osv-scanner", "fingerprint": "69d5ed7c14767edae2efd8bf3684e33e21020dad036a9df3ae650dd68b2ccfd8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 124262, "scanner": "osv-scanner", "fingerprint": "52d51fde40885db1e31545b038c8096edfa04dfceec6a3f1cd9593543d487d2a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 124261, "scanner": "osv-scanner", "fingerprint": "24517051c5964cb2e17eb4575debbcea06bc2753281be6a35fff1f0ba548a8f8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 124260, "scanner": "osv-scanner", "fingerprint": "0d2170a9016a92defd21b59698ba1c2099d9ae9fdac470626660ce2592598fd0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 124259, "scanner": "osv-scanner", "fingerprint": "cfe12d3dbc4d443e4bfe28172f9fdd782ddbd690d3d19a231604d8d1070a06b8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 124258, "scanner": "osv-scanner", "fingerprint": "021b82178dd94a604ae8f1423389ec95df9fdd353adef96b91a2d8bd2766dfc2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 124257, "scanner": "osv-scanner", "fingerprint": "510d05be829086a3096392d2a9136fa6a6964e84c1e46dd330500f6068c60af6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 124256, "scanner": "osv-scanner", "fingerprint": "006f60c0c4174e63c4d30e75d4a057ccfa61ce553c173428e69a9b18ea5165cf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3956", "level": "error", "message": {"text": "stdlib: GO-2025-3956"}, "properties": {"repobilityId": 124255, "scanner": "osv-scanner", "fingerprint": "988bb4f799b5f65603a7bcb300291db396cd35d6ed2f4b5d594284e52f1615c4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47906", "CVE-2025-47906"], "package": "stdlib", "rule_id": "GO-2025-3956", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47906|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3849", "level": "error", "message": {"text": "stdlib: GO-2025-3849"}, "properties": {"repobilityId": 124254, "scanner": "osv-scanner", "fingerprint": "ff2fe19e0527100c30fe9f61f2aeecc127503131db0b3880c4f5dd0ce89500e2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47907", "CVE-2025-47907"], "package": "stdlib", "rule_id": "GO-2025-3849", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47907|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3751", "level": "error", "message": {"text": "stdlib: GO-2025-3751"}, "properties": {"repobilityId": 124253, "scanner": "osv-scanner", "fingerprint": "ef32e4e6e662c854495eaf7124f8cc9557710ff40aae4df1ef95f93af69e0155", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-4673", "CVE-2025-4673"], "package": "stdlib", "rule_id": "GO-2025-3751", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-4673|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3750", "level": "error", "message": {"text": "stdlib: GO-2025-3750"}, "properties": {"repobilityId": 124252, "scanner": "osv-scanner", "fingerprint": "bc2ade19d60019bf26fdbfd239f4156871d87326059f4902780ea4ec43a73774", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-0913", "CVE-2025-0913"], "package": "stdlib", "rule_id": "GO-2025-3750", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-0913|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3563", "level": "error", "message": {"text": "stdlib: GO-2025-3563"}, "properties": {"repobilityId": 124251, "scanner": "osv-scanner", "fingerprint": "8f100549072e35ec8bf884019c03e7c79df1868859972a37eb89e0690ea37209", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22871", "CVE-2025-22871", "GHSA-g9pc-8g42-g6vq"], "package": "stdlib", "rule_id": "GO-2025-3563", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22871|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3503", "level": "error", "message": {"text": "stdlib: GO-2025-3503"}, "properties": {"repobilityId": 124250, "scanner": "osv-scanner", "fingerprint": "e07b9c486fb1fe4a40d4b074c87501276689c83187365a7ee3286f7b62366eb4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-22870", "GHSA-qxp5-gwg8-xv66"], "package": "stdlib", "rule_id": "GO-2025-3503", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22870|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3447", "level": "error", "message": {"text": "stdlib: GO-2025-3447"}, "properties": {"repobilityId": 124249, "scanner": "osv-scanner", "fingerprint": "864f4482477af5025565853ff98cf45e4c01128b1bab0b351481d4916e30512e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22866", "CVE-2025-22866"], "package": "stdlib", "rule_id": "GO-2025-3447", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22866|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3420", "level": "error", "message": {"text": "stdlib: GO-2025-3420"}, "properties": {"repobilityId": 124248, "scanner": "osv-scanner", "fingerprint": "b193537233b4250790e022cd5ad2c75fb1c484a20dcb415fb1bb2b67235910bc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-45336", "CVE-2024-45336"], "package": "stdlib", "rule_id": "GO-2025-3420", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-45336|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3373", "level": "error", "message": {"text": "stdlib: GO-2025-3373"}, "properties": {"repobilityId": 124247, "scanner": "osv-scanner", "fingerprint": "575cd880604d5a25a9b565805ea49b63c87e3c14d5297e6a286e0d3da2c9914e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-45341", "CVE-2024-45341"], "package": "stdlib", "rule_id": "GO-2025-3373", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-45341|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3107", "level": "error", "message": {"text": "stdlib: GO-2024-3107"}, "properties": {"repobilityId": 124246, "scanner": "osv-scanner", "fingerprint": "064f3231afe8187300fb56651f50ecb932dba4943940c8a3588b60d1018a53b6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34158", "CVE-2024-34158"], "package": "stdlib", "rule_id": "GO-2024-3107", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34158|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3106", "level": "error", "message": {"text": "stdlib: GO-2024-3106"}, "properties": {"repobilityId": 124245, "scanner": "osv-scanner", "fingerprint": "930515b66318bd595ef7ccf39a298479b7c1702273482fd882a132401e950fef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34156", "CVE-2024-34156"], "package": "stdlib", "rule_id": "GO-2024-3106", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34156|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3105", "level": "error", "message": {"text": "stdlib: GO-2024-3105"}, "properties": {"repobilityId": 124244, "scanner": "osv-scanner", "fingerprint": "1af3ca23fe85450cb9c23a243cae6806dc3ee84a83a6fc58207d8261ff175549", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34155", "CVE-2024-34155"], "package": "stdlib", "rule_id": "GO-2024-3105", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34155|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2963", "level": "error", "message": {"text": "stdlib: GO-2024-2963"}, "properties": {"repobilityId": 124243, "scanner": "osv-scanner", "fingerprint": "8cf45f6fd736c3479e010306a0959b339ee8f139119474b0b69274c19af3dd7f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24791", "CVE-2024-24791"], "package": "stdlib", "rule_id": "GO-2024-2963", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24791|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2888", "level": "error", "message": {"text": "stdlib: GO-2024-2888"}, "properties": {"repobilityId": 124242, "scanner": "osv-scanner", "fingerprint": "683b8d3fbc361c414277d17c6f70e91d4ce1deaa50a09878ad20a4d8542b6840", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24789", "CVE-2024-24789"], "package": "stdlib", "rule_id": "GO-2024-2888", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24789|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2887", "level": "error", "message": {"text": "stdlib: GO-2024-2887"}, "properties": {"repobilityId": 124241, "scanner": "osv-scanner", "fingerprint": "901b2c7f236f6106080565f890039f019b77f34022772947680f8557b4380f46", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24790", "CVE-2024-24790"], "package": "stdlib", "rule_id": "GO-2024-2887", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24790|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2687", "level": "error", "message": {"text": "stdlib: GO-2024-2687"}, "properties": {"repobilityId": 124240, "scanner": "osv-scanner", "fingerprint": "22fe3a623be9dc7b4eb6da7139da54eda76a3b154ca8103231fbe3819d6cd03a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45288", "CVE-2023-45288", "GHSA-4v7x-pqxf-cx7m"], "package": "stdlib", "rule_id": "GO-2024-2687", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2023-45288|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2610", "level": "error", "message": {"text": "stdlib: GO-2024-2610"}, "properties": {"repobilityId": 124239, "scanner": "osv-scanner", "fingerprint": "55dc0d36e83994be05a1df7c801c42567c1932ccfaa37ea5102f2a598c578dc4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24785", "CVE-2024-24785"], "package": "stdlib", "rule_id": "GO-2024-2610", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24785|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2609", "level": "error", "message": {"text": "stdlib: GO-2024-2609"}, "properties": {"repobilityId": 124238, "scanner": "osv-scanner", "fingerprint": "a36c32ca4d708329c8eb64aabd6de9cdd07a841b6e5a5a5223cf274bffe0f7ba", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24784", "CVE-2024-24784"], "package": "stdlib", "rule_id": "GO-2024-2609", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24784|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2600", "level": "error", "message": {"text": "stdlib: GO-2024-2600"}, "properties": {"repobilityId": 124237, "scanner": "osv-scanner", "fingerprint": "d55da9971690406ad716645484b67d38fdce6b6d9ae23256465c9d9505d000db", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45289", "CVE-2023-45289"], "package": "stdlib", "rule_id": "GO-2024-2600", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2023-45289|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2599", "level": "error", "message": {"text": "stdlib: GO-2024-2599"}, "properties": {"repobilityId": 124236, "scanner": "osv-scanner", "fingerprint": "42aa9082040c0af6ea05d20e3375b8d45811f82cbc2906eb641e08f6e2bdacca", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2023-45290", "CVE-2023-45290"], "package": "stdlib", "rule_id": "GO-2024-2599", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2023-45290|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-2598", "level": "error", "message": {"text": "stdlib: GO-2024-2598"}, "properties": {"repobilityId": 124235, "scanner": "osv-scanner", "fingerprint": "a1834ea7573f25ec17f51555166d65f611202c5a5e56e338d24d119f93ab3706", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-24783", "CVE-2024-24783"], "package": "stdlib", "rule_id": "GO-2024-2598", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-24783|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5024", "level": "error", "message": {"text": "golang.org/x/sys: GO-2026-5024"}, "properties": {"repobilityId": 124234, "scanner": "osv-scanner", "fingerprint": "4baa5b05862594034d06b6221f9908d417d25bb3a3f49809afeeb6bb0b3d0dfb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39824"], "package": "golang.org/x/sys", "rule_id": "GO-2026-5024", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/sys|CVE-2026-39824|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 124233, "scanner": "osv-scanner", "fingerprint": "3f128020244ac1d2606177514d2db01721446bfb487ff684c1774ed5e0739f21", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 124232, "scanner": "osv-scanner", "fingerprint": "202232fee130776c697fddf080b154e30820906b1b0224d722a90b82777ddb3d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 124231, "scanner": "osv-scanner", "fingerprint": "bef110fedf680296b92c07245b1b61996196ecbb99256ba1c5c1870281269478", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 124230, "scanner": "osv-scanner", "fingerprint": "0362fa72d7575a172781ebd64d44034866b8a10a1476f25dfc455e6565788654", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 124229, "scanner": "osv-scanner", "fingerprint": "e4a34ae0a8be81d3e94a719c241c562e45286833834658af2ba82bba3fc61430", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 124228, "scanner": "osv-scanner", "fingerprint": "dff4cc54b8499d5ed0d6fcd02b4d475b4ef763d1ec45ec601fc54131776d5ac6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 124227, "scanner": "osv-scanner", "fingerprint": "2311cddd32a2c3c6a7658aa4b3f478d064ffc10287a1a993cebb2e077a271ea7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 124226, "scanner": "osv-scanner", "fingerprint": "cc8a60d5659f5ad796822300096beb4e79d2602aa99ef1e1f95125a51b176565", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 124225, "scanner": "osv-scanner", "fingerprint": "9e7a7ebbfe37b145396ee8a08c5d122a0022284857542f939f685a19541f1beb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 124224, "scanner": "osv-scanner", "fingerprint": "6c13349fd41d3c3817dafb2ed95aa442361b81fc0df4eb0f5d9f0854365270dd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 124223, "scanner": "osv-scanner", "fingerprint": "a987196478fd8db1a0e5bb0a356b1a0e89775e3be8621bcdbef9ea3018e731ac", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 124222, "scanner": "osv-scanner", "fingerprint": "c4e78489d0f8e7e22d068dae85eda86f02daec629dcf4f84fdd3ddb0637d292d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 124221, "scanner": "osv-scanner", "fingerprint": "a60779db8a00eb4b9e7ed6dc0563759612999e5d04e9ffe302f4462bcea3429b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4135", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4135"}, "properties": {"repobilityId": 124220, "scanner": "osv-scanner", "fingerprint": "f9cab4b5727289ec7a9a886a78703cac60e08e62ca42c61ae75bb367ec2fff84", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-47914", "GHSA-f6x5-jh6r-wrfv"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4135", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-47914|btcd_lib/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f6x5-jh6r-wrfv", "GO-2025-4135"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["46f6907042e0082dc2616d49ef4c2367ab0cd9ed928b7db9a0ee5c6d2f243d10", "f9cab4b5727289ec7a9a886a78703cac60e08e62ca42c61ae75bb367ec2fff84"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4134", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4134"}, "properties": {"repobilityId": 124219, "scanner": "osv-scanner", "fingerprint": "f7ffb1088c1d80bf40526cb8e9b13aa0a7b242c39e01d5fbadc8ca3b90eb4d18", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-58181", "GHSA-j5w8-q4qc-rx2x"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4134", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-58181|btcd_lib/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j5w8-q4qc-rx2x", "GO-2025-4134"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4c50b379801c478b158240ae1c8ad0563c2f53e02e72b015a26846627128cd06", "f7ffb1088c1d80bf40526cb8e9b13aa0a7b242c39e01d5fbadc8ca3b90eb4d18"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4116", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-4116"}, "properties": {"repobilityId": 124218, "scanner": "osv-scanner", "fingerprint": "69887704498a032a76e48056f60caf117995f4f0a9e13e7f95bf9a9d57e0dd76", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47913", "GHSA-56w8-48fp-6mgv"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-4116", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-47913|btcd_lib/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3487", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2025-3487"}, "properties": {"repobilityId": 124217, "scanner": "osv-scanner", "fingerprint": "852fb6f6cc9232e1359f3023e55d915cbf60265c2d079794d88ab3bd20587f7f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-22869", "GHSA-hcg3-q754-cr77"], "package": "golang.org/x/crypto", "rule_id": "GO-2025-3487", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2025-22869|btcd_lib/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hcg3-q754-cr77", "GO-2025-3487"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["852fb6f6cc9232e1359f3023e55d915cbf60265c2d079794d88ab3bd20587f7f", "c0d9d2507af5073df77694415a6b3fad325d8dab8a1a685a708534eb94f0d2bf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 124215, "scanner": "repobility-threat-engine", "fingerprint": "f1e9da18ff2c98e9defe17f497e49b7347d31e0303658e6011e6eb4f8d090494", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1e9da18ff2c98e9defe17f497e49b7347d31e0303658e6011e6eb4f8d090494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_bitcoin_lib/src/lib.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 124214, "scanner": "repobility-threat-engine", "fingerprint": "e1d8c21fa388b5fd06f7c793450da0ec567255ff356e5d425c084c467203bdfe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e1d8c21fa388b5fd06f7c793450da0ec567255ff356e5d425c084c467203bdfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/wrapper.go"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 124212, "scanner": "repobility-supply-chain", "fingerprint": "9a65a79caec726cc2533a60fae14da1e91aa370e63e5d25a3f68f52e31ea1fb1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a65a79caec726cc2533a60fae14da1e91aa370e63e5d25a3f68f52e31ea1fb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions-rs/toolchain` pinned to mutable ref `@v1.0.6`"}, "properties": {"repobilityId": 124211, "scanner": "repobility-supply-chain", "fingerprint": "087127eb2c296609bfbe657e5e0fac69e83ee731aa4e3d61b2ffbde25e596071", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|087127eb2c296609bfbe657e5e0fac69e83ee731aa4e3d61b2ffbde25e596071"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 124210, "scanner": "repobility-supply-chain", "fingerprint": "c7497f6a2bf56b4a386728877f63e9f9858d293958a2338954d9ad63f9744b46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c7497f6a2bf56b4a386728877f63e9f9858d293958a2338954d9ad63f9744b46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/workflow.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `github.com/btcsuite/btcd` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 124209, "scanner": "repobility-supply-chain", "fingerprint": "8cfab1e337b04ae12262692dc29039c763396c8ae010936c673055bfb4bf026c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8cfab1e337b04ae12262692dc29039c763396c8ae010936c673055bfb4bf026c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 16}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 124207, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "GHSA-v778-237x-gjrc", "level": "error", "message": {"text": "golang.org/x/crypto: GHSA-v778-237x-gjrc"}, "properties": {"repobilityId": 124216, "scanner": "osv-scanner", "fingerprint": "1d7571bc6ef9493827ad5131e425b6fc4124800aaa7da69f246fda7f2c6be707", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-45337", "GO-2024-3321"], "package": "golang.org/x/crypto", "rule_id": "GHSA-v778-237x-gjrc", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2024-45337|btcd_lib/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-v778-237x-gjrc", "GO-2024-3321"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1d7571bc6ef9493827ad5131e425b6fc4124800aaa7da69f246fda7f2c6be707", "dda7b9c771eb4d759c4648583183a30e6699cbe2f013f62ddeefb198c10bcd5c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "btcd_lib/go.mod"}, "region": {"startLine": 1}}}]}]}]}