{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9jgg-88mc-972h", "name": "webpack-dev-server: GHSA-9jgg-88mc-972h", "shortDescription": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-79cf-xcqc-c78w", "name": "webpack-dev-server: GHSA-79cf-xcqc-c78w", "shortDescription": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "fullDescription": {"text": "webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4v9v-hfq4-rm2v", "name": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v", "shortDescription": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8mj-m7cp-5q26", "name": "qs: GHSA-q8mj-m7cp-5q26", "shortDescription": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "fullDescription": {"text": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6rw7-vpxm-498p", "name": "qs: GHSA-6rw7-vpxm-498p", "shortDescription": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "fullDescription": {"text": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7fh5-64p2-3v2j", "name": "postcss: GHSA-7fh5-64p2-3v2j", "shortDescription": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "fullDescription": {"text": "PostCSS line return parsing error"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-27v5-c462-wpq7", "name": "path-to-regexp: GHSA-27v5-c462-wpq7", "shortDescription": {"text": "path-to-regexp: GHSA-27v5-c462-wpq7"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh29-5h37-fv8m", "name": "js-yaml: GHSA-mh29-5h37-fv8m", "shortDescription": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "fullDescription": {"text": "js-yaml has prototype pollution in merge (<<)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2v4-37r5-5v8g", "name": "ip-address: GHSA-v2v4-37r5-5v8g", "shortDescription": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "fullDescription": {"text": "ip-address has XSS in Address6 HTML-emitting methods"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r4q5-vmmm-2653", "name": "follow-redirects: GHSA-r4q5-vmmm-2653", "shortDescription": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "fullDescription": {"text": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jxxr-4gwj-5jf2", "name": "brace-expansion: GHSA-jxxr-4gwj-5jf2", "shortDescription": {"text": "brace-expansion: GHSA-jxxr-4gwj-5jf2"}, "fullDescription": {"text": "brace-expansion: Large numeric range defeats documented `max` DoS protection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vp62-88p7-qqf5", "name": "github.com/docker/docker: GHSA-vp62-88p7-qqf5", "shortDescription": {"text": "github.com/docker/docker: GHSA-vp62-88p7-qqf5"}, "fullDescription": {"text": "Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `actions/download-artifact@v3` is 5 major version(s) behind (latest v8.0.1)", "shortDescription": {"text": "GitHub Action `actions/download-artifact@v3` is 5 major version(s) behind (latest v8.0.1)"}, "fullDescription": {"text": "`uses: actions/download-artifact@v3` is 5 major version(s) behind the latest published release v8.0.1. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `flask` has no version pin", "shortDescription": {"text": "requirements.txt: `flask` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "GHSA-8fgc-7cc6-rx7x", "name": "webpack: GHSA-8fgc-7cc6-rx7x", "shortDescription": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "fullDescription": {"text": "webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38r7-794h-5758", "name": "webpack: GHSA-38r7-794h-5758", "shortDescription": {"text": "webpack: GHSA-38r7-794h-5758"}, "fullDescription": {"text": "webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects \u2192 SSRF + cache persistence"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-52f5-9888-hmc6", "name": "tmp: GHSA-52f5-9888-hmc6", "shortDescription": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "fullDescription": {"text": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w7fw-mjwx-w883", "name": "qs: GHSA-w7fw-mjwx-w883", "shortDescription": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "fullDescription": {"text": "qs's arrayLimit bypass in comma parsing allows denial of service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76c9-3jph-rj3q", "name": "on-headers: GHSA-76c9-3jph-rj3q", "shortDescription": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "fullDescription": {"text": "on-headers is vulnerable to http response header manipulation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-73rr-hh4g-fpgx", "name": "diff: GHSA-73rr-hh4g-fpgx", "shortDescription": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "fullDescription": {"text": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pxg6-pf52-xh8x", "name": "cookie: GHSA-pxg6-pf52-xh8x", "shortDescription": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "fullDescription": {"text": "cookie accepts cookie name, path, and domain with out of bounds characters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `resolve_test` has cognitive complexity 8 (SonarSource scale). Cognitive c", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `resolve_test` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion a"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `ts-loader` is minor version(s) behind (^9.5.7 -> 9.6.0)", "shortDescription": {"text": "npm package `ts-loader` is minor version(s) behind (^9.5.7 -> 9.6.0)"}, "fullDescription": {"text": "`ts-loader` is pinned/resolved at ^9.5.7 but the latest stable release on the npm registry is 9.6.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `backend-service` image is selected through a build variable", "shortDescription": {"text": "Compose service `backend-service` image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 40 more): Same pattern found in 40 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 131 more): Same pattern found in 131 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 131 more): Same pattern found in 131 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 67 more): Same pattern found in 67 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 67 more): Same pattern found in 67 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 13 more): Same pattern found in 13 additional files. Review if nee", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-ph9p-34f9-6g65", "name": "tmp: GHSA-ph9p-34f9-6g65", "shortDescription": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "fullDescription": {"text": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xpqw-6gx7-v673", "name": "svgo: GHSA-xpqw-6gx7-v673", "shortDescription": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "fullDescription": {"text": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j3q9-mxjg-w52f", "name": "path-to-regexp: GHSA-j3q9-mxjg-w52f", "shortDescription": {"text": "path-to-regexp: GHSA-j3q9-mxjg-w52f"}, "fullDescription": {"text": "path-to-regexp vulnerable to Denial of Service via sequential optional groups"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37ch-88jc-xwx2", "name": "path-to-regexp: GHSA-37ch-88jc-xwx2", "shortDescription": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qjx8-664m-686j", "name": "js-cookie: GHSA-qjx8-664m-686j", "shortDescription": {"text": "js-cookie: GHSA-qjx8-664m-686j"}, "fullDescription": {"text": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v39h-62p7-jpjc", "name": "fast-uri: GHSA-v39h-62p7-jpjc", "shortDescription": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "fullDescription": {"text": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q3j6-qgpj-74h6", "name": "fast-uri: GHSA-q3j6-qgpj-74h6", "shortDescription": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "fullDescription": {"text": "fast-uri vulnerable to path traversal via percent-encoded dot segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rpmf-866q-6p89", "name": "basic-ftp: GHSA-rpmf-866q-6p89", "shortDescription": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "fullDescription": {"text": "basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rp42-5vxx-qpwr", "name": "basic-ftp: GHSA-rp42-5vxx-qpwr", "shortDescription": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "fullDescription": {"text": "basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-chqc-8p9q-pq6q", "name": "basic-ftp: GHSA-chqc-8p9q-pq6q", "shortDescription": {"text": "basic-ftp: GHSA-chqc-8p9q-pq6q"}, "fullDescription": {"text": "basic-ftp has FTP Command Injection via CRLF"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6v7q-wjvx-w8wg", "name": "basic-ftp: GHSA-6v7q-wjvx-w8wg", "shortDescription": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "fullDescription": {"text": "basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x6wf-f3px-wcqx", "name": "@xmldom/xmldom: GHSA-x6wf-f3px-wcqx", "shortDescription": {"text": "@xmldom/xmldom: GHSA-x6wf-f3px-wcqx"}, "fullDescription": {"text": "xmldom has XML node injection through unvalidated processing instruction serialization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wh4c-j3r5-mjhp", "name": "@xmldom/xmldom: GHSA-wh4c-j3r5-mjhp", "shortDescription": {"text": "@xmldom/xmldom: GHSA-wh4c-j3r5-mjhp"}, "fullDescription": {"text": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j759-j44w-7fr8", "name": "@xmldom/xmldom: GHSA-j759-j44w-7fr8", "shortDescription": {"text": "@xmldom/xmldom: GHSA-j759-j44w-7fr8"}, "fullDescription": {"text": "xmldom has XML node injection through unvalidated comment serialization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f6ww-3ggp-fr8h", "name": "@xmldom/xmldom: GHSA-f6ww-3ggp-fr8h", "shortDescription": {"text": "@xmldom/xmldom: GHSA-f6ww-3ggp-fr8h"}, "fullDescription": {"text": "xmldom has XML injection through unvalidated DocumentType serialization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2v35-w6hq-6mfw", "name": "@xmldom/xmldom: GHSA-2v35-w6hq-6mfw", "shortDescription": {"text": "@xmldom/xmldom: GHSA-2v35-w6hq-6mfw"}, "fullDescription": {"text": "xmldom: Uncontrolled recursion in XML serialization leads to DoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fv7c-fp4j-7gwp", "name": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp", "shortDescription": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "fullDescription": {"text": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4866", "name": "stdlib: GO-2026-4866", "shortDescription": {"text": "stdlib: GO-2026-4866"}, "fullDescription": {"text": "Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4600", "name": "stdlib: GO-2026-4600", "shortDescription": {"text": "stdlib: GO-2026-4600"}, "fullDescription": {"text": "Panic in name constraint checking for malformed certificates in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4599", "name": "stdlib: GO-2026-4599", "shortDescription": {"text": "stdlib: GO-2026-4599"}, "fullDescription": {"text": "Incorrect enforcement of email constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3955", "name": "stdlib: GO-2025-3955", "shortDescription": {"text": "stdlib: GO-2025-3955"}, "fullDescription": {"text": "CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5033", "name": "golang.org/x/crypto: GO-2026-5033", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5033"}, "fullDescription": {"text": "Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5023", "name": "golang.org/x/crypto: GO-2026-5023", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5023"}, "fullDescription": {"text": "Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5021", "name": "golang.org/x/crypto: GO-2026-5021", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5021"}, "fullDescription": {"text": "Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5020", "name": "golang.org/x/crypto: GO-2026-5020", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5020"}, "fullDescription": {"text": "Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5019", "name": "golang.org/x/crypto: GO-2026-5019", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5019"}, "fullDescription": {"text": "Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5018", "name": "golang.org/x/crypto: GO-2026-5018", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5018"}, "fullDescription": {"text": "Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5017", "name": "golang.org/x/crypto: GO-2026-5017", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5017"}, "fullDescription": {"text": "Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5016", "name": "golang.org/x/crypto: GO-2026-5016", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5016"}, "fullDescription": {"text": "Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5015", "name": "golang.org/x/crypto: GO-2026-5015", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5015"}, "fullDescription": {"text": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5014", "name": "golang.org/x/crypto: GO-2026-5014", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5014"}, "fullDescription": {"text": "Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5013", "name": "golang.org/x/crypto: GO-2026-5013", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5013"}, "fullDescription": {"text": "Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5006", "name": "golang.org/x/crypto: GO-2026-5006", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5006"}, "fullDescription": {"text": "Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5005", "name": "golang.org/x/crypto: GO-2026-5005", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5005"}, "fullDescription": {"text": "Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh2q-q3fh-2475", "name": "go.opentelemetry.io/otel: GHSA-mh2q-q3fh-2475", "shortDescription": {"text": "go.opentelemetry.io/otel: GHSA-mh2q-q3fh-2475"}, "fullDescription": {"text": "OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x86f-5xw2-fm2r", "name": "github.com/docker/docker: GHSA-x86f-5xw2-fm2r", "shortDescription": {"text": "github.com/docker/docker: GHSA-x86f-5xw2-fm2r"}, "fullDescription": {"text": "Docker: `PUT /containers/{id}/archive` executes container binary on the host"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rg2x-37c3-w2rh", "name": "github.com/docker/docker: GHSA-rg2x-37c3-w2rh", "shortDescription": {"text": "github.com/docker/docker: GHSA-rg2x-37c3-w2rh"}, "fullDescription": {"text": "Docker: Race condition in docker cp allows bind mount redirection to host path"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4887", "name": "github.com/docker/docker: GO-2026-4887", "shortDescription": {"text": "github.com/docker/docker: GO-2026-4887"}, "fullDescription": {"text": "Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4883", "name": "github.com/docker/docker: GO-2026-4883", "shortDescription": {"text": "github.com/docker/docker: GO-2026-4883"}, "fullDescription": {"text": "Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/download-artifact` pinned to mutable ref `@v3`", "shortDescription": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v3`"}, "fullDescription": {"text": "`uses: actions/download-artifact@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "go.mod replaces `github.com/lima-vm/lima` \u2014 redirects to fork `github.com/rancher-sandbox/lima`", "shortDescription": {"text": "go.mod replaces `github.com/lima-vm/lima` \u2014 redirects to fork `github.com/rancher-sandbox/lima`"}, "fullDescription": {"text": "`replace github.com/lima-vm/lima => github.com/rancher-sandbox/lima` overrides the canonical dependency with a different source (redirects to fork `github.com/rancher-sandbox/lima`). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `registry.suse.com/bci/bci-minimal:16.0` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `registry.suse.com/bci/bci-minimal:16.0` not pinned by digest"}, "fullDescription": {"text": "`FROM registry.suse.com/bci/bci-minimal:16.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.OBS_WEBHOOK_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.OBS_WEBHOOK_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.OBS_WEBHOOK_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1161"}, "properties": {"repository": "rancher-sandbox/rancher-desktop", "repoUrl": "https://github.com/rancher-sandbox/rancher-desktop", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 116544, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 116543, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 116538, "scanner": "repobility-journey-contract", "fingerprint": "7a8419194073fcc057aa23da1a7cfb8c2c577796a9f8d98a885544e4ef37bd21", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/services", "correlation_key": "fp|7a8419194073fcc057aa23da1a7cfb8c2c577796a9f8d98a885544e4ef37bd21", "backend_endpoint_count": 2}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/kube/client.ts"}, "region": {"startLine": 273}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 116537, "scanner": "repobility-access-control", "fingerprint": "b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 2, "correlation_key": "fp|b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "auth_visible_percent": 0.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 116536, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Express"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 116535, "scanner": "osv-scanner", "fingerprint": "70d0d7460be007a4193e90cfe82eaea7100a07bfac6179c6be94dea5dedb7db0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 116534, "scanner": "osv-scanner", "fingerprint": "de906a0edbb25093a2e18157d27e7650c5d59dfb14b06382f6f170c04d020630", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9jgg-88mc-972h", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "properties": {"repobilityId": 116533, "scanner": "osv-scanner", "fingerprint": "fb09520fde1a4f84497af33937c571ff33f5a999d173c0c4f6e01ec825d9cf94", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30360"], "package": "webpack-dev-server", "rule_id": "GHSA-9jgg-88mc-972h", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30360|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 116532, "scanner": "osv-scanner", "fingerprint": "1e32bfd8f5f15c2b79a2ab7f97395b72ecd1e2b62a9021c254ab19741e717999", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4v9v-hfq4-rm2v", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "properties": {"repobilityId": 116531, "scanner": "osv-scanner", "fingerprint": "1d4c33131915734da58bcd31a8095da17f72f842ce2c37a2c8e6e415426f344d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30359"], "package": "webpack-dev-server", "rule_id": "GHSA-4v9v-hfq4-rm2v", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30359|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 116528, "scanner": "osv-scanner", "fingerprint": "43ffcb0a2ce37f02f11229414b326bf3461eff0a2313382f704b9797828a6315", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 116524, "scanner": "osv-scanner", "fingerprint": "1c59ef4afe92099f003e3ffa513ad410d787a2b56fa73570cd1239ea05bfa2d4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 116521, "scanner": "osv-scanner", "fingerprint": "3e5751f1c47beefde8f6b075407b1b7186b45e90c496fc0f432b18afb75421eb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 116520, "scanner": "osv-scanner", "fingerprint": "c779d54649dfa2aea4b3707fb8234eaa558924c2a9cef66e77ea99b5ca63f967", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 116519, "scanner": "osv-scanner", "fingerprint": "88e6b1a808a46d1254fb003a71496f6f03cc18938cf18c56646c44245e0d824a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7fh5-64p2-3v2j", "level": "warning", "message": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "properties": {"repobilityId": 116518, "scanner": "osv-scanner", "fingerprint": "69b33eb0acfc3533b8ac1117f647b15a9d1dde9f768514bfd25f4671304264d8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-44270"], "package": "postcss", "rule_id": "GHSA-7fh5-64p2-3v2j", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2023-44270|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 116516, "scanner": "osv-scanner", "fingerprint": "462b6f9a41343b35a2309e55c043ca31f20f04b7f9e15cb869e7180ff7fc1d96", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-27v5-c462-wpq7", "level": "warning", "message": {"text": "path-to-regexp: GHSA-27v5-c462-wpq7"}, "properties": {"repobilityId": 116514, "scanner": "osv-scanner", "fingerprint": "ef9b4d0acf6c44a954ea5788ca61744f4f3348c84536dd89ce3eb731534b58be", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4923"], "package": "path-to-regexp", "rule_id": "GHSA-27v5-c462-wpq7", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4923|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 116508, "scanner": "osv-scanner", "fingerprint": "a6fb91e8f613cd9af90c71675d02191330b4012dbca773f6ae2506c416145b90", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2v4-37r5-5v8g", "level": "warning", "message": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "properties": {"repobilityId": 116506, "scanner": "osv-scanner", "fingerprint": "110e8c35b05f03766a369ef404439b4c80745df475a104793df87be7cc339d9f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42338"], "package": "ip-address", "rule_id": "GHSA-v2v4-37r5-5v8g", "scanner": "osv-scanner", "correlation_key": "vuln|ip-address|CVE-2026-42338|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 116505, "scanner": "osv-scanner", "fingerprint": "7f5e23cd7a08776d807d82a9403b2d99acd2805bce2a7f200327957657d49d10", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jxxr-4gwj-5jf2", "level": "warning", "message": {"text": "brace-expansion: GHSA-jxxr-4gwj-5jf2"}, "properties": {"repobilityId": 116498, "scanner": "osv-scanner", "fingerprint": "5c96833c46f7678ad21518dc140979d6fcaac1d576fe54d4c5d84a9e7a3e8ace", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45149"], "package": "brace-expansion", "rule_id": "GHSA-jxxr-4gwj-5jf2", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-45149|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 116496, "scanner": "osv-scanner", "fingerprint": "d4b419a31e0e9347bcfafa58b7ad490de2bf201d666b0f13dc4b2518b663d57c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 116491, "scanner": "osv-scanner", "fingerprint": "128d26ea5f5b40a60e9c47ea7ffd50a69def1874a9520acb5439503c3ca8a9e7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vp62-88p7-qqf5", "level": "warning", "message": {"text": "github.com/docker/docker: GHSA-vp62-88p7-qqf5"}, "properties": {"repobilityId": 116225, "scanner": "osv-scanner", "fingerprint": "17408716804552eb7deeba0d5ed32c7e1fd609c9be1265c391a4521445edce97", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41568"], "package": "github.com/docker/docker", "rule_id": "GHSA-vp62-88p7-qqf5", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/docker/docker|CVE-2026-41568|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 116141, "scanner": "repobility-docker", "fingerprint": "c4bc5a5d1918f0da91b2ad4dace3fec3c0a336db422908c694a0088b6097d5de", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "registry.suse.com/bci/bci-minimal:16.0", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c4bc5a5d1918f0da91b2ad4dace3fec3c0a336db422908c694a0088b6097d5de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 116140, "scanner": "repobility-docker", "fingerprint": "27b562c5e72507c777620503a7de717d78156f4168f801a09b5ee57dcf41cc9c", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "registry.suse.com/bci/golang:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|27b562c5e72507c777620503a7de717d78156f4168f801a09b5ee57dcf41cc9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 116139, "scanner": "repobility-docker", "fingerprint": "a5e872371b317762c6e8c63dd6dd841e63c7ebe8605cd687a4faa092d6844bf5", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "registry.suse.com/bci/golang:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a5e872371b317762c6e8c63dd6dd841e63c7ebe8605cd687a4faa092d6844bf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 116138, "scanner": "repobility-docker", "fingerprint": "9be15dbdec405ccb37ab205e928fe7d6922ad8f76df782aea76b62552629406d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${IMAGE_PYTHON}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9be15dbdec405ccb37ab205e928fe7d6922ad8f76df782aea76b62552629406d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/app/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 116135, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 116134, "scanner": "repobility-docker", "fingerprint": "2f2dd16317ee6768d0586a1d3fc867e86b471b9b7f8b0648883d11aeefb73971", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${IMAGE_NGINX}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2f2dd16317ee6768d0586a1d3fc867e86b471b9b7f8b0648883d11aeefb73971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/Dockerfile.nginx"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 116124, "scanner": "repobility-threat-engine", "fingerprint": "740577bcb9e0c8d5b5f1082e4e8b67010d0dcd92aa86733875a8a01dcbbc1c2b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\t\tHandler:      mux,\n\t\t\tReadTimeout:  10 * time.Second,\n\t\t\tWriteTimeout: 10 * time.Sec", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|740577bcb9e0c8d5b5f1082e4e8b67010d0dcd92aa86733875a8a01dcbbc1c2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/cmd/host/switch_windows.go"}, "region": {"startLine": 207}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 116123, "scanner": "repobility-threat-engine", "fingerprint": "95e024611cab8aee002ce0de7dac67d93c08df443886ccf1120e42e7f5ddbfee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\tAddr:        \":80\",\n\t\tHandler:     proxy,\n\t\tReadTimeout: time.Minute,\n\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|95e024611cab8aee002ce0de7dac67d93c08df443886ccf1120e42e7f5ddbfee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/extension-proxy/main.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 116102, "scanner": "repobility-threat-engine", "fingerprint": "4f69f71e0a5c1004b2cd2baef048da259f6702b29c0415df81915e61a4a70421", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (error) {\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4f69f71e0a5c1004b2cd2baef048da259f6702b29c0415df81915e61a4a70421"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/sudo-prompt/test.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 116068, "scanner": "repobility-threat-engine", "fingerprint": "5886c40c803b4ebb9f454705496f27efcab61fc4307315fef2a501032cae1b68", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "exec(input", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|. token|80|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".yarn/plugins/plugin-rancher-desktop-license-checker.cjs"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 116058, "scanner": "repobility-threat-engine", "fingerprint": "06592c38174613e5020368ee42cd19c678edf5a525fea152546599880579a209", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|babel.config.cjs|3|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "babel.config.cjs"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 116057, "scanner": "repobility-threat-engine", "fingerprint": "df2e5b0d9a605872e75729b61fb7e4ef601c54b5a59dab37a25bd85ad7a9d707", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|80|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".yarn/plugins/plugin-rancher-desktop-license-checker.cjs"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 116056, "scanner": "repobility-threat-engine", "fingerprint": "b2bffd02d5acb39a97dd03ea8ac3353d50047870bec236fec3183219581156be", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|215|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bats/summarize.mjs"}, "region": {"startLine": 215}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 116053, "scanner": "repobility-agent-runtime", "fingerprint": "20009f24f1ff838613326a9ed9e8474910017fbbd7218ffecf76031665f6dc31", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|20009f24f1ff838613326a9ed9e8474910017fbbd7218ffecf76031665f6dc31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/wsl.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/download-artifact@v3` is 5 major version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 116052, "scanner": "repobility-dependency-currency", "fingerprint": "c0f2770cb4de59d993973184da5a9780d487b65fe720274b6c77578f1489fa60", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "5 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|c0f2770cb4de59d993973184da5a9780d487b65fe720274b6c77578f1489fa60", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 51}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/upload-artifact@v3` is 4 major version(s) behind (latest v7.0.1)"}, "properties": {"repobilityId": 116051, "scanner": "repobility-dependency-currency", "fingerprint": "4ea592bbbc9860856b0e22984552ed9f966b608770d385f99d0d5fff6dcf3dcf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/upload-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.1", "correlation_key": "fp|4ea592bbbc9860856b0e22984552ed9f966b608770d385f99d0d5fff6dcf3dcf", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 34}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-go@v3` is 3 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 116050, "scanner": "repobility-dependency-currency", "fingerprint": "03c8099c2776d2d1fae925269241b0c2a00af44d0c5c727c2861b7eecd9ae178", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-go", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|03c8099c2776d2d1fae925269241b0c2a00af44d0c5c727c2861b7eecd9ae178", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v3` is 3 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 116049, "scanner": "repobility-dependency-currency", "fingerprint": "6f79616a72dec32b1f0a29e84f9c03958dc29d229796528c78004a4e583b3d00", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|6f79616a72dec32b1f0a29e84f9c03958dc29d229796528c78004a4e583b3d00", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `golangci/golangci-lint-action@v3.1.0` is 6 major version(s) behind (latest v9.2.1)"}, "properties": {"repobilityId": 116048, "scanner": "repobility-dependency-currency", "fingerprint": "67c2264952e65d7adf135a36913520739e41d12619f37a9b04a7cfbd9e2a8963", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "6 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "golangci/golangci-lint-action", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v9.2.1", "correlation_key": "fp|67c2264952e65d7adf135a36913520739e41d12619f37a9b04a7cfbd9e2a8963", "current_version": "v3.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-go@v3` is 3 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 116047, "scanner": "repobility-dependency-currency", "fingerprint": "ed79fe9a20b5a57ae655358e05ec07acca9b1b54d7954bf9664f330c81b3ea45", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-go", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|ed79fe9a20b5a57ae655358e05ec07acca9b1b54d7954bf9664f330c81b3ea45", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v3` is 3 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 116046, "scanner": "repobility-dependency-currency", "fingerprint": "19d6509be2d67d0f9262fdf07e51756ccb80e90ce27c05f750c9e67c935bba89", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|19d6509be2d67d0f9262fdf07e51756ccb80e90ce27c05f750c9e67c935bba89", "current_version": "v3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `flask` has no version pin"}, "properties": {"repobilityId": 116013, "scanner": "repobility-supply-chain", "fingerprint": "b0f2680150f9e38be4b01a5f8e5ec185c85fac7453ffba253993a1e61df38727", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b0f2680150f9e38be4b01a5f8e5ec185c85fac7453ffba253993a1e61df38727"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/app/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 116012, "scanner": "repobility-ast-engine", "fingerprint": "ff7bde73795b9659f0bc800227ff9bd170454b589a269eea652a50a1cf4712ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff7bde73795b9659f0bc800227ff9bd170454b589a269eea652a50a1cf4712ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/security/cve-2026-43284-dirtyfrag-probe.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 116542, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 116541, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 116540, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 116539, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 116530, "scanner": "osv-scanner", "fingerprint": "1d1496f3f5463d27a84b1945a0710436b7fcb4f9b8a8ad083b13e770574f8af2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 116529, "scanner": "osv-scanner", "fingerprint": "acb299e492e670bc1421e7fa1604c058c3132a5f962a2ee11f5a832c3e6e4925", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 116526, "scanner": "osv-scanner", "fingerprint": "416377474478599cf1e44c5928b15ec68a1ac9566156b26f88d44ab467d56a49", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 116522, "scanner": "osv-scanner", "fingerprint": "a73d559c3c203e434714cc09b29fe257901a825a427fc4bb71e23c8c69ec3490", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76c9-3jph-rj3q", "level": "note", "message": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "properties": {"repobilityId": 116512, "scanner": "osv-scanner", "fingerprint": "a7985f273708d19405671548c594a791d212fdc268ac7eb3aecf4a00ab7e5e50", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7339"], "package": "on-headers", "rule_id": "GHSA-76c9-3jph-rj3q", "scanner": "osv-scanner", "correlation_key": "vuln|on-headers|CVE-2025-7339|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 116500, "scanner": "osv-scanner", "fingerprint": "03944092c5442fa60437db4400a4f39b63afd07f2762be40a6626a21c859ad4b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 116499, "scanner": "osv-scanner", "fingerprint": "e4b330f5630ed01c82fba254f81c5567f3250984aca049c77d39a36c9f96533b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 116497, "scanner": "osv-scanner", "fingerprint": "1854d9dd5eb370302d7119641e8b8517081a2f7d14cd0cb0730993d4c09eb4d6", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 116145, "scanner": "repobility-docker", "fingerprint": "4b26d98ed1afe0afabdcedf7debb7af0e4eaeda4af555f0ae23e3de832a9461d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4b26d98ed1afe0afabdcedf7debb7af0e4eaeda4af555f0ae23e3de832a9461d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/compose.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 116144, "scanner": "repobility-docker", "fingerprint": "f1b41b4df1ff681e1e008cef0945a80dd86edf8f2c3fc6f0e168f477bee7b016", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f1b41b4df1ff681e1e008cef0945a80dd86edf8f2c3fc6f0e168f477bee7b016"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/compose.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 116143, "scanner": "repobility-docker", "fingerprint": "838fdec94dd05fbf3b0bde7bf6c0ab0438f02c666a7f9bee53c83063d273f4e8", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "nginx", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|838fdec94dd05fbf3b0bde7bf6c0ab0438f02c666a7f9bee53c83063d273f4e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 116142, "scanner": "repobility-docker", "fingerprint": "d823c902bc6b76a42b7ad57404f7c431b8090ca17ce986c00b0e0aa5f2be2602", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "nginx", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d823c902bc6b76a42b7ad57404f7c431b8090ca17ce986c00b0e0aa5f2be2602"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 116127, "scanner": "repobility-threat-engine", "fingerprint": "a511952870f49439f9955ee5f22b9a7ba7092b7cc9380ef54e3300925bc32832", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = ln.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a511952870f49439f9955ee5f22b9a7ba7092b7cc9380ef54e3300925bc32832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/cmd/host/switch_windows.go"}, "region": {"startLine": 162}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 116126, "scanner": "repobility-threat-engine", "fingerprint": "ce67862eaef57112f24fac608711439780b8bfdc4bb1f76976f11028a03f2455", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = pc.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ce67862eaef57112f24fac608711439780b8bfdc4bb1f76976f11028a03f2455"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/procnet/loopback_forwarder_linux.go"}, "region": {"startLine": 117}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 116125, "scanner": "repobility-threat-engine", "fingerprint": "b171d4922c8570def97443626947ff62faebb3548349723ea55e874a6968a93e", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = sharedInformer.AddEventHandler(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b171d4922c8570def97443626947ff62faebb3548349723ea55e874a6968a93e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/kube/servicewatcher_linux.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 116101, "scanner": "repobility-threat-engine", "fingerprint": "e291a2570a2c7176e9a8b21b534fc285f406c75d53b1d004c2a7d1147135452d", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = t", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|71|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/utils/string.js"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 116100, "scanner": "repobility-threat-engine", "fingerprint": "758654d1d6a11903d5eb4b69c974ab756f7ea07e45427a0102c8781a42f791ec", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = s", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|39|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/plugins/i18n.js"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 116099, "scanner": "repobility-threat-engine", "fingerprint": "ae2b8df1b61cacb5fd5dded021fa0be2f75fc776360a5ab58ed4fb52d72636de", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = p", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|26|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/plugins/clean-html-directive.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `resolve_test` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=1, nested_bonus=3, or=1."}, "properties": {"repobilityId": 116055, "scanner": "repobility-threat-engine", "fingerprint": "8072ee917dcf164805f9524dbee3437940ed7d4d0ca240a60873cd1c1f4e43ed", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "resolve_test", "breakdown": {"if": 1, "or": 1, "for": 2, "else": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|8072ee917dcf164805f9524dbee3437940ed7d4d0ca240a60873cd1c1f4e43ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bats/get-tests.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `ts-loader` is minor version(s) behind (^9.5.7 -> 9.6.0)"}, "properties": {"repobilityId": 116044, "scanner": "repobility-dependency-currency", "fingerprint": "16ef80f9bb7c00b3beaaa82125bb543783b7b42db47789da90ba27e3a5465690", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ts-loader", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.6.0", "correlation_key": "fp|16ef80f9bb7c00b3beaaa82125bb543783b7b42db47789da90ba27e3a5465690", "current_version": "^9.5.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `node-gyp` is minor version(s) behind (12.3.0 -> 12.4.0)"}, "properties": {"repobilityId": 116043, "scanner": "repobility-dependency-currency", "fingerprint": "7acaf97e46d3d667cf0e6eef8aeaa48d847a4b5b75f3be469b64e0fb081d1dfc", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "node-gyp", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "12.4.0", "correlation_key": "fp|7acaf97e46d3d667cf0e6eef8aeaa48d847a4b5b75f3be469b64e0fb081d1dfc", "current_version": "12.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `node-addon-api` is minor version(s) behind (8 -> 8.8.0)"}, "properties": {"repobilityId": 116042, "scanner": "repobility-dependency-currency", "fingerprint": "f253249dcbfe79ab77c5bc51aa0f908fdac5de937cc73942591154a232b63d17", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "node-addon-api", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.8.0", "correlation_key": "fp|f253249dcbfe79ab77c5bc51aa0f908fdac5de937cc73942591154a232b63d17", "current_version": "8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@yarnpkg/cli` is minor version(s) behind (4.15.0 -> 4.16.0)"}, "properties": {"repobilityId": 116039, "scanner": "repobility-dependency-currency", "fingerprint": "05c2bceffb8c2aa3194de28e415d2a4ddf4d3881d17d8de3c0e868989c3a4a85", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@yarnpkg/cli", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.16.0", "correlation_key": "fp|05c2bceffb8c2aa3194de28e415d2a4ddf4d3881d17d8de3c0e868989c3a4a85", "current_version": "4.15.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@vue/eslint-config-typescript` is minor version(s) behind (14.7.0 -> 14.8.0)"}, "properties": {"repobilityId": 116037, "scanner": "repobility-dependency-currency", "fingerprint": "89fbef17a0579ae1b74d8bb86bfc7b67c355fd2e6dbf3cb5d3482108e8abe10f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vue/eslint-config-typescript", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "14.8.0", "correlation_key": "fp|89fbef17a0579ae1b74d8bb86bfc7b67c355fd2e6dbf3cb5d3482108e8abe10f", "current_version": "14.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116011, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78e0df960860385ef9c495b4eef84d6be6b00c02e2426cb780f223e2ee36a2d8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/mock-wsl/lock_file_other.go", "duplicate_line": 1, "correlation_key": "fp|78e0df960860385ef9c495b4eef84d6be6b00c02e2426cb780f223e2ee36a2d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/cmd/proxy/wsl_integration_linux.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116010, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4caa0b7751d68a0bcbe54d862a652e5ca655e998fcabd42e28cf74228cc4d247", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/main.go", "duplicate_line": 1, "correlation_key": "fp|4caa0b7751d68a0bcbe54d862a652e5ca655e998fcabd42e28cf74228cc4d247"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/cmd/network/setup_linux.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116009, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b22449f8f1488171ed925278e5e6057d5553c64778504b3d82ce0d8b4dbd40b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/main.go", "duplicate_line": 2, "correlation_key": "fp|5b22449f8f1488171ed925278e5e6057d5553c64778504b3d82ce0d8b4dbd40b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/cmd/host/switch_windows.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116008, "scanner": "repobility-ai-code-hygiene", "fingerprint": "123d5185efec5ef6808eb70601696d8da395f185c498801fc3e157ccd352b9ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/networking/cmd/host/config_windows.go", "duplicate_line": 1, "correlation_key": "fp|123d5185efec5ef6808eb70601696d8da395f185c498801fc3e157ccd352b9ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/cmd/host/switch_windows.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116007, "scanner": "repobility-ai-code-hygiene", "fingerprint": "367a7a6560ea7ef06244b4b44f78202773ebcc147447ee7f8a1dd99be96deff5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/nerdctl-stub/main_linux.go", "duplicate_line": 31, "correlation_key": "fp|367a7a6560ea7ef06244b4b44f78202773ebcc147447ee7f8a1dd99be96deff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/main_windows.go"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116006, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2a6ee8afd751d4718f86858752358b00b20f80a9537478860137e3cc9eadd3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/mock-wsl/lock_file_other.go", "duplicate_line": 1, "correlation_key": "fp|c2a6ee8afd751d4718f86858752358b00b20f80a9537478860137e3cc9eadd3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/debugging.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116005, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0447c81b81c627a99dcdc1fb336b5bf7260a028383be211efe79856b8815e2e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/pkg/tracker/apitracker.go", "duplicate_line": 1, "correlation_key": "fp|0447c81b81c627a99dcdc1fb336b5bf7260a028383be211efe79856b8815e2e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/tracker/portstorage.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116004, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6c16731e98d08643e1694a0a58df696f362ab5f88998bc6c593bcdce1f5707b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/pkg/kube/servicewatcher_linux.go", "duplicate_line": 2, "correlation_key": "fp|a6c16731e98d08643e1694a0a58df696f362ab5f88998bc6c593bcdce1f5707b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/kube/watcher_stub.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116003, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e771dfcc94af95a0987cb90a52110c34767d36559f0bd0ec702c3630c93a3ca3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/pkg/kube/servicewatcher_linux.go", "duplicate_line": 2, "correlation_key": "fp|e771dfcc94af95a0987cb90a52110c34767d36559f0bd0ec702c3630c93a3ca3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/kube/watcher_linux.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116002, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c205699e5c9bc4a398fda76f75eb0b6f439ad3a1aa4fb2c5b69ca6317da7c00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/pkg/forwarder/forwarder.go", "duplicate_line": 1, "correlation_key": "fp|9c205699e5c9bc4a398fda76f75eb0b6f439ad3a1aa4fb2c5b69ca6317da7c00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/forwarder/wslproxy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116001, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1b353942b3faac9766e6f127aa79937e3e145f0e1681d9ed3906dc182ae9055", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/go/guestagent/pkg/forwarder/forwarder.go", "duplicate_line": 1, "correlation_key": "fp|b1b353942b3faac9766e6f127aa79937e3e145f0e1681d9ed3906dc182ae9055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/forwarder/serviceapi.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116000, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9785e2ea0b58852e2eccb1c3fb6281f9090790529d84b7ffe8feacef816957c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/dev.ts", "duplicate_line": 15, "correlation_key": "fp|f9785e2ea0b58852e2eccb1c3fb6281f9090790529d84b7ffe8feacef816957c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/e2e.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115999, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d4dc670ca62af840ef4e97b42ce7e33cba204e221aa3214df9c7cdc791ce84c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "screenshots/test-data/container-inspect.ts", "duplicate_line": 26, "correlation_key": "fp|9d4dc670ca62af840ef4e97b42ce7e33cba204e221aa3214df9c7cdc791ce84c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "screenshots/test-data/containers.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115998, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45fc9ef82895175d25a954bb209d880114c1578f850d384d4dfb2baa924623cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/window/index.ts", "duplicate_line": 109, "correlation_key": "fp|45fc9ef82895175d25a954bb209d880114c1578f850d384d4dfb2baa924623cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/window/preferences.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115997, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c846e32369b5b9e7e096b41a02afb8cfaf28eb8d7abf22df25f4ecce5d7b6d53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/SortableTable/selection.js", "duplicate_line": 392, "correlation_key": "fp|c846e32369b5b9e7e096b41a02afb8cfaf28eb8d7abf22df25f4ecce5d7b6d53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/store/action-menu.js"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115996, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09aae36c0680962a5abbb3038fd945898e72999cb74332b7af7145656b931543", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/plugins/clean-html-directive.js", "duplicate_line": 2, "correlation_key": "fp|09aae36c0680962a5abbb3038fd945898e72999cb74332b7af7145656b931543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/plugins/clean-tooltip-directive.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115995, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa65e7ce8f0a85d54db8eb97369e9aae82244b63adcf868d4efbda29b29bef8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/SnapshotCard.vue", "duplicate_line": 153, "correlation_key": "fp|fa65e7ce8f0a85d54db8eb97369e9aae82244b63adcf868d4efbda29b29bef8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/pages/snapshots/dialog.vue"}, "region": {"startLine": 157}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115994, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9476a2701bd0849bb8d9f192d1eaaf8992a7234280f2088d701bfec8c5d1a1cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/pages/Containers.vue", "duplicate_line": 447, "correlation_key": "fp|9476a2701bd0849bb8d9f192d1eaaf8992a7234280f2088d701bfec8c5d1a1cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/pages/Volumes.vue"}, "region": {"startLine": 288}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115993, "scanner": "repobility-ai-code-hygiene", "fingerprint": "899fd3b3232d8a747bff658a7b93d628bd69c5de40b0b89a0a1d32c8a75e544a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/Preferences/BodyKubernetes.vue", "duplicate_line": 109, "correlation_key": "fp|899fd3b3232d8a747bff658a7b93d628bd69c5de40b0b89a0a1d32c8a75e544a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/pages/FirstRun.vue"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115992, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f32d8e3a096ce66eb217151a507203537882a17da4cf7c3907bb9d54ee8d2e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/ActionMenu.vue", "duplicate_line": 151, "correlation_key": "fp|7f32d8e3a096ce66eb217151a507203537882a17da4cf7c3907bb9d54ee8d2e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/form/SplitButton.vue"}, "region": {"startLine": 200}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115991, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8f90594a6fef71fc1906690ef81f94ba76c18c0648c2c05b166a2d67f4d568c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/RdInput.vue", "duplicate_line": 33, "correlation_key": "fp|d8f90594a6fef71fc1906690ef81f94ba76c18c0648c2c05b166a2d67f4d568c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/RdSelect.vue"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115990, "scanner": "repobility-ai-code-hygiene", "fingerprint": "968122043fc6d974e4e8ed14e3ac6ec51877b522786663890226bd50a97460be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/MountTypeSelector.vue", "duplicate_line": 26, "correlation_key": "fp|968122043fc6d974e4e8ed14e3ac6ec51877b522786663890226bd50a97460be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/Preferences/VirtualMachineEmulation.vue"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115989, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79eb816240bc861c1387d41422e9f23ef1d4f49f97c190ef812db713821397e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/Preferences/BodyApplication.vue", "duplicate_line": 38, "correlation_key": "fp|79eb816240bc861c1387d41422e9f23ef1d4f49f97c190ef812db713821397e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/Preferences/BodyWsl.vue"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115988, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8dba1ec26bde079d68468d9ea9f0ac7cb5a7ae48a473cba26bff5296910dad8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/Preferences/BodyContainerEngine.vue", "duplicate_line": 32, "correlation_key": "fp|8dba1ec26bde079d68468d9ea9f0ac7cb5a7ae48a473cba26bff5296910dad8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/Preferences/BodyWsl.vue"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115987, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23259295718c72679b585fb99929267853c9eff909a692dc54f3b640a933787e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/Preferences/BodyApplication.vue", "duplicate_line": 21, "correlation_key": "fp|23259295718c72679b585fb99929267853c9eff909a692dc54f3b640a933787e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/Preferences/BodyVirtualMachine.vue"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115986, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03b2c554868a0873bfeeb1d938e6835a6f9347d5a43f14a3c9b46ce94ef8b53a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/Preferences/BodyApplication.vue", "duplicate_line": 38, "correlation_key": "fp|03b2c554868a0873bfeeb1d938e6835a6f9347d5a43f14a3c9b46ce94ef8b53a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/Preferences/BodyContainerEngine.vue"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115985, "scanner": "repobility-ai-code-hygiene", "fingerprint": "233dbb1aa7fc9a8f81e2a4bb3ba9fa70a2c815447d17151dab6667bed6877b58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/components/ContainerLogs.vue", "duplicate_line": 74, "correlation_key": "fp|233dbb1aa7fc9a8f81e2a4bb3ba9fa70a2c815447d17151dab6667bed6877b58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/components/ContainerShell.vue"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115984, "scanner": "repobility-ai-code-hygiene", "fingerprint": "40475d41760a5047f3d920110365fde2c74457696278f535693e08e67289f807", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/backend/kube/lima.ts", "duplicate_line": 248, "correlation_key": "fp|40475d41760a5047f3d920110365fde2c74457696278f535693e08e67289f807"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/kube/wsl.ts"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115983, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35dd183b6ff58fb360132abfcfe845ff6eafd8eeb6ee3b6fad081fc2c84c8117", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/backend/images/mobyImageProcessor.ts", "duplicate_line": 36, "correlation_key": "fp|35dd183b6ff58fb360132abfcfe845ff6eafd8eeb6ee3b6fad081fc2c84c8117"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/images/nerdctlImageProcessor.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 115982, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3331ec97415b8b35f7cc8a726b240cb61750a324d5dd3be511159bba81b1f522", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/rancher-desktop/backend/containerClient/mobyClient.ts", "duplicate_line": 267, "correlation_key": "fp|3331ec97415b8b35f7cc8a726b240cb61750a324d5dd3be511159bba81b1f522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/containerClient/nerdctlClient.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 115981, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `backend-service` image is selected through a build variable"}, "properties": {"repobilityId": 116146, "scanner": "repobility-docker", "fingerprint": "aa876e0f0efd43399b2d814c4f8225fdc883fc5ae87f2f646cc86aa53884816d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${DESKTOP_PLUGIN_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|aa876e0f0efd43399b2d814c4f8225fdc883fc5ae87f2f646cc86aa53884816d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 116136, "scanner": "repobility-docker", "fingerprint": "21ff86dc9ab053112b7f839e85ac41757acb3455c40cce6a67712fcee11679b6", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${IMAGE_PYTHON}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|21ff86dc9ab053112b7f839e85ac41757acb3455c40cce6a67712fcee11679b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/app/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 116133, "scanner": "repobility-docker", "fingerprint": "e000019848409eaf07918de597d316990f54b1be23dca5d229e80958d432a3be", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${IMAGE_NGINX}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|e000019848409eaf07918de597d316990f54b1be23dca5d229e80958d432a3be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/Dockerfile.nginx"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC093", "level": "none", "message": {"text": "[SEC093] Go: exec.Command with non-literal (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 116132, "scanner": "repobility-threat-engine", "fingerprint": "195c2cd426537e4a557be46ba83965bd479adeaf52e0b6ef7093fd4424673dc2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|195c2cd426537e4a557be46ba83965bd479adeaf52e0b6ef7093fd4424673dc2"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 116128, "scanner": "repobility-threat-engine", "fingerprint": "a4ec8d1f070617d303fae0e938ced99f0d7ca2873961e2016c3420c96d0864a0", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a4ec8d1f070617d303fae0e938ced99f0d7ca2873961e2016c3420c96d0864a0"}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 116122, "scanner": "repobility-threat-engine", "fingerprint": "eaf9bb4351ef42bcd10cae28e6daf443fbfc30cca2c911de2dcf0dc7abc9c3ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eaf9bb4351ef42bcd10cae28e6daf443fbfc30cca2c911de2dcf0dc7abc9c3ca", "aggregated_count": 10}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 116117, "scanner": "repobility-threat-engine", "fingerprint": "5c52357a69401c9774166fe17796ef00b9228c4db757bee258e4ec5a5f319775", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5c52357a69401c9774166fe17796ef00b9228c4db757bee258e4ec5a5f319775", "aggregated_count": 5}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 116116, "scanner": "repobility-threat-engine", "fingerprint": "ffa134062e39db3c66121c8bea0df903a6f1eb0c1c823f47bba5bcc58bd53f06", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ffa134062e39db3c66121c8bea0df903a6f1eb0c1c823f47bba5bcc58bd53f06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/procnet/scanner_stub.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 116115, "scanner": "repobility-threat-engine", "fingerprint": "3a1e38076c3cdb6c59399d790eb8e1817147c981063114e27c4fed5c48bb6b1a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a1e38076c3cdb6c59399d790eb8e1817147c981063114e27c4fed5c48bb6b1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/containerd/events_stub.go"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 116114, "scanner": "repobility-threat-engine", "fingerprint": "fe51c99f800bc05709f822bf65a5e9528da3b7c6b4ba3b837c7be6085a8959ad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fe51c99f800bc05709f822bf65a5e9528da3b7c6b4ba3b837c7be6085a8959ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/k3s-versions.go"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 116113, "scanner": "repobility-threat-engine", "fingerprint": "d2110cc6dcdc4853df1fdd802f53135d2820dd9c8f2458cd354009dd713157d7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d2110cc6dcdc4853df1fdd802f53135d2820dd9c8f2458cd354009dd713157d7", "aggregated_count": 12}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 116112, "scanner": "repobility-threat-engine", "fingerprint": "024c4ddb738cde1eb24fb0cd1fa2bc147d9a8ba7a3eabbf7ed9e9dc90b247014", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|024c4ddb738cde1eb24fb0cd1fa2bc147d9a8ba7a3eabbf7ed9e9dc90b247014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/pkg/forwarder/serviceapi.go"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 116111, "scanner": "repobility-threat-engine", "fingerprint": "efb6f78640c6b9dc895c17d1ea290a31e24b27b39a9e149f35b656ed2ad33d1b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|efb6f78640c6b9dc895c17d1ea290a31e24b27b39a9e149f35b656ed2ad33d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/main.go"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 116110, "scanner": "repobility-threat-engine", "fingerprint": "a4a655e0a23e2a311c0ee2be4782b373fc30ca2669ad48b37f916df62de89e4f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a4a655e0a23e2a311c0ee2be4782b373fc30ca2669ad48b37f916df62de89e4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/k3s-versions.go"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 116098, "scanner": "repobility-threat-engine", "fingerprint": "c8fabc04c6fdbd72062560a9bad3b7fdc2e8db44ead99334c768f60360149398", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c8fabc04c6fdbd72062560a9bad3b7fdc2e8db44ead99334c768f60360149398"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/main/serverHelper.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 116097, "scanner": "repobility-threat-engine", "fingerprint": "019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|019b39b089e0a5300e633ba49803bcfe4794f6c5a6a074ad04df1b5dc533e687"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 116096, "scanner": "repobility-threat-engine", "fingerprint": "a3c74f4e7f3988244227cae7b834198bb11c7e71497836acc2def79e24bab173", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error(`Invalid credentials: please check GITHUB_TOKEN is set. ${ ex }`)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|11|console.error invalid credentials: please check github_token is set. ex"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/populate-update-server.ts"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 116095, "scanner": "repobility-threat-engine", "fingerprint": "f8bcd2ad7703a56bd816e4bbe39517799449deff29e10d3d4bd1d1c40a6b6ce7", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log('Auth failure: no username+password given')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|console.log auth failure: no username+password given"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/main/serverHelper.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 116094, "scanner": "repobility-threat-engine", "fingerprint": "bbce53827d3881a7e1b20d422fd58fc73ca2edc94ca398c4a0c6ceab0143ead9", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error(`Error listing system certificate tokens, ignoring: ${ ex }`)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|3|console.error error listing system certificate tokens ignoring: ex"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/main/networking/linux-ca.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 116092, "scanner": "repobility-threat-engine", "fingerprint": "8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "aggregated_count": 10}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 116091, "scanner": "repobility-threat-engine", "fingerprint": "9a9a858ae8225acf78242dc9306beef727e9c5d7a46bcde3c7845342442fa1d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a9a858ae8225acf78242dc9306beef727e9c5d7a46bcde3c7845342442fa1d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/integrations/unixIntegrationManager.ts"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 116090, "scanner": "repobility-threat-engine", "fingerprint": "62991d92ba154cfba65ee4719e45745be9139dc8732f6f4128038f309fc11c7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62991d92ba154cfba65ee4719e45745be9139dc8732f6f4128038f309fc11c7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/progressTracker.ts"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 116089, "scanner": "repobility-threat-engine", "fingerprint": "9e4a3e24aa9448f00af2ad5398237e3be097b4f325d37f905934e16cac6f54f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e4a3e24aa9448f00af2ad5398237e3be097b4f325d37f905934e16cac6f54f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/images/imageFactory.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 116088, "scanner": "repobility-threat-engine", "fingerprint": "4c8764b5b26e37415a284cc3a005af3288cf252e855ab51befa2ed42c04aeec8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4c8764b5b26e37415a284cc3a005af3288cf252e855ab51befa2ed42c04aeec8", "aggregated_count": 13}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 116087, "scanner": "repobility-threat-engine", "fingerprint": "1cf8fe3d975c8051501bf7fa04696a7470c28454e990f860e19b0369af37927c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1cf8fe3d975c8051501bf7fa04696a7470c28454e990f860e19b0369af37927c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/entry/store.ts"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 116086, "scanner": "repobility-threat-engine", "fingerprint": "3678b95e23df5a848d23a1a28e6f57fb732c94e23d863c798ec8b881a1d78e34", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3678b95e23df5a848d23a1a28e6f57fb732c94e23d863c798ec8b881a1d78e34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/entry/index.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 116085, "scanner": "repobility-threat-engine", "fingerprint": "16bd4e0b708669690a4aa18fb45dc3d411092eadab242374f6412f87721454d6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|16bd4e0b708669690a4aa18fb45dc3d411092eadab242374f6412f87721454d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/containerClient/auth.ts"}, "region": {"startLine": 146}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 116084, "scanner": "repobility-threat-engine", "fingerprint": "ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "properties": {"repobilityId": 116080, "scanner": "repobility-threat-engine", "fingerprint": "aceda8aeddb5ae73d439d467ff01f5522e658b3b9a20f7dea022c10ed6c794b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|aceda8aeddb5ae73d439d467ff01f5522e658b3b9a20f7dea022c10ed6c794b0", "aggregated_count": 40}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 116079, "scanner": "repobility-threat-engine", "fingerprint": "4f1f0cda9f40aa6f5bb1754a90337488fac7d203ca57ee1be6e5e4f1eef86934", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f1f0cda9f40aa6f5bb1754a90337488fac7d203ca57ee1be6e5e4f1eef86934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/kubeconfig.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 116078, "scanner": "repobility-threat-engine", "fingerprint": "bcc0bc6beaa11c94be86354e00c638978b759661cd80620b76217646ba93c782", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bcc0bc6beaa11c94be86354e00c638978b759661cd80620b76217646ba93c782"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/containerClient/auth.ts"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 116077, "scanner": "repobility-threat-engine", "fingerprint": "cafd572fd17ca29a699ebe6c793b89d302971eadadea97c9a88619d38db4624c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cafd572fd17ca29a699ebe6c793b89d302971eadadea97c9a88619d38db4624c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/backend.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 131 more): Same pattern found in 131 additional files. Review if needed."}, "properties": {"repobilityId": 116076, "scanner": "repobility-threat-engine", "fingerprint": "30d0fb72fb90b7332f745d4de213a893659a513dff2b7adaa799da697bdd70ec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 131 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|30d0fb72fb90b7332f745d4de213a893659a513dff2b7adaa799da697bdd70ec", "aggregated_count": 131}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 116075, "scanner": "repobility-threat-engine", "fingerprint": "e5dc34b77f245180db5c579b0220079875cb51734549363d6d8aa8c1341650a4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e5dc34b77f245180db5c579b0220079875cb51734549363d6d8aa8c1341650a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/main/networking/cert-parse.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 116074, "scanner": "repobility-threat-engine", "fingerprint": "e6e908dd7fe0249454e8292b8098bf02969ab3b858d1c544a2114c553a1fb676", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6e908dd7fe0249454e8292b8098bf02969ab3b858d1c544a2114c553a1fb676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/main/credentialServer/httpCredentialHelperServer.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 116073, "scanner": "repobility-threat-engine", "fingerprint": "3f43904947133ec7d135040fc412e2c49fcbf6acf31b22e115ee9d613b000cdd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f43904947133ec7d135040fc412e2c49fcbf6acf31b22e115ee9d613b000cdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".yarn/plugins/plugin-rancher-desktop-license-checker.cjs"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 116072, "scanner": "repobility-threat-engine", "fingerprint": "dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 67 more): Same pattern found in 67 additional files. Review if needed."}, "properties": {"repobilityId": 116067, "scanner": "repobility-threat-engine", "fingerprint": "2b5e7f7b697068d10f8331304bbc89aec59a8e1fb13b52b2c9b15d6cd533faf4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 67 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2b5e7f7b697068d10f8331304bbc89aec59a8e1fb13b52b2c9b15d6cd533faf4", "aggregated_count": 67}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 116066, "scanner": "repobility-threat-engine", "fingerprint": "2c578826f3535602d1511f8af035760c0c9f39896a1b119fa9e0226587602bb6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2c578826f3535602d1511f8af035760c0c9f39896a1b119fa9e0226587602bb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/containerClient/auth.ts"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 116065, "scanner": "repobility-threat-engine", "fingerprint": "2e07390e8dfc05f2cda840539ef9121265a2758fc75e27ca5b35977502b5d672", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2e07390e8dfc05f2cda840539ef9121265a2758fc75e27ca5b35977502b5d672"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".yarn/plugins/plugin-rancher-desktop-license-checker.cjs"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 116064, "scanner": "repobility-threat-engine", "fingerprint": "1266079d2ffcc426a5d1eab3cd35e46b10e88393351239ab6ac555528c909326", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1266079d2ffcc426a5d1eab3cd35e46b10e88393351239ab6ac555528c909326"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bats/summarize.mjs"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 116063, "scanner": "repobility-threat-engine", "fingerprint": "5eeaa73e66a1d4ee6ec8a4983553d5014979d83b92620e25ad359d2ab6457f45", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5eeaa73e66a1d4ee6ec8a4983553d5014979d83b92620e25ad359d2ab6457f45"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 116059, "scanner": "repobility-threat-engine", "fingerprint": "d14be0fefa073ce5d7f9e06ddc2458b70958a5bc036469eafe870ed8d062de60", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d14be0fefa073ce5d7f9e06ddc2458b70958a5bc036469eafe870ed8d062de60"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 116054, "scanner": "repobility-threat-engine", "fingerprint": "2af137af7eeda9dd3103eddc989bcbdc9ad54e8b05f143ec89cae5d79bb36ad8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2af137af7eeda9dd3103eddc989bcbdc9ad54e8b05f143ec89cae5d79bb36ad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bats/get-tests.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `tsx` is patch version(s) behind (4.22.3 -> 4.22.4)"}, "properties": {"repobilityId": 116045, "scanner": "repobility-dependency-currency", "fingerprint": "12a6189888451c002d020d24139798c0eea7d72eb8e0b5dd249ba420e8413566", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|12a6189888451c002d020d24139798c0eea7d72eb8e0b5dd249ba420e8413566", "current_version": "4.22.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `glob` is patch version(s) behind (^13.0.3 -> 13.0.6)"}, "properties": {"repobilityId": 116041, "scanner": "repobility-dependency-currency", "fingerprint": "068ca908a01603c370bfbd0d020843a37c18e148d008ee1e5914c6f9e310faa6", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "glob", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "13.0.6", "correlation_key": "fp|068ca908a01603c370bfbd0d020843a37c18e148d008ee1e5914c6f9e310faa6", "current_version": "^13.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `eslint-plugin-vue` is patch version(s) behind (10.9.1 -> 10.9.2)"}, "properties": {"repobilityId": 116040, "scanner": "repobility-dependency-currency", "fingerprint": "83c715bf35a67cc9cf03fd7112ceab5017e6c8fe56190bcb667974a0d18dfbac", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "eslint-plugin-vue", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.9.2", "correlation_key": "fp|83c715bf35a67cc9cf03fd7112ceab5017e6c8fe56190bcb667974a0d18dfbac", "current_version": "10.9.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@vue/test-utils` is patch version(s) behind (2.4.10 -> 2.4.11)"}, "properties": {"repobilityId": 116038, "scanner": "repobility-dependency-currency", "fingerprint": "73b891fe39a101b9524560d772d29589933381ac8f15f44d541dedd9438a46c3", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vue/test-utils", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.4.11", "correlation_key": "fp|73b891fe39a101b9524560d772d29589933381ac8f15f44d541dedd9438a46c3", "current_version": "2.4.10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@electron/fuses` is patch version(s) behind (^2.1.1 -> 2.1.2)"}, "properties": {"repobilityId": 116036, "scanner": "repobility-dependency-currency", "fingerprint": "242cc2412cb3ec2f14a4e2c8e8484959a9e105bc87aaea772581d785020fa111", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@electron/fuses", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.1.2", "correlation_key": "fp|242cc2412cb3ec2f14a4e2c8e8484959a9e105bc87aaea772581d785020fa111", "current_version": "^2.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `semver` is patch version(s) behind (7.8.1 -> 7.8.2)"}, "properties": {"repobilityId": 116035, "scanner": "repobility-dependency-currency", "fingerprint": "373b7d0d8e37fa623873f59294ac076d4bb38c46fe6e5910e05e4d1aa6dfa8c0", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "semver", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.8.2", "correlation_key": "fp|373b7d0d8e37fa623873f59294ac076d4bb38c46fe6e5910e05e4d1aa6dfa8c0", "current_version": "7.8.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `proxy-agent` is patch version(s) behind (^8.0.0 -> 8.0.1)"}, "properties": {"repobilityId": 116034, "scanner": "repobility-dependency-currency", "fingerprint": "c7c4909ccaa44772a9d14f9ddb5caf343363f189aea7a6d99b6bb40bd8af9f84", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "proxy-agent", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.0.1", "correlation_key": "fp|c7c4909ccaa44772a9d14f9ddb5caf343363f189aea7a6d99b6bb40bd8af9f84", "current_version": "^8.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `marked` is patch version(s) behind (18.0.4 -> 18.0.5)"}, "properties": {"repobilityId": 116033, "scanner": "repobility-dependency-currency", "fingerprint": "62f5307e2021bfd67abb0a70cdc5bf91f3fe469196e7f0cb7e69cd9ae79b009c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "marked", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "18.0.5", "correlation_key": "fp|62f5307e2021bfd67abb0a70cdc5bf91f3fe469196e7f0cb7e69cd9ae79b009c", "current_version": "18.0.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `intl-messageformat` is patch version(s) behind (11.2.7 -> 11.2.8)"}, "properties": {"repobilityId": 116032, "scanner": "repobility-dependency-currency", "fingerprint": "78a1d0a2c385671a970fdd10015c6f9864930787c470a63eddfc5d6fda39e6d8", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "intl-messageformat", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "11.2.8", "correlation_key": "fp|78a1d0a2c385671a970fdd10015c6f9864930787c470a63eddfc5d6fda39e6d8", "current_version": "11.2.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `dompurify` is patch version(s) behind (3.4.7 -> 3.4.8)"}, "properties": {"repobilityId": 116031, "scanner": "repobility-dependency-currency", "fingerprint": "0926d2e2b35e35c45eb2e855460841eb4daa3719b44a13385d4519c6b168ace3", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "dompurify", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.4.8", "correlation_key": "fp|0926d2e2b35e35c45eb2e855460841eb4daa3719b44a13385d4519c6b168ace3", "current_version": "3.4.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 116527, "scanner": "osv-scanner", "fingerprint": "969f177edc25d47a4a00980338eb4137313af9123044485928e85c883680e00e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpqw-6gx7-v673", "level": "error", "message": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "properties": {"repobilityId": 116525, "scanner": "osv-scanner", "fingerprint": "f051f88a209c8782d870fe249e2d77f50a94bebeb934779c0bf5d44e16193bd7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29074"], "package": "svgo", "rule_id": "GHSA-xpqw-6gx7-v673", "scanner": "osv-scanner", "correlation_key": "vuln|svgo|CVE-2026-29074|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 116523, "scanner": "osv-scanner", "fingerprint": "1ef775a47df378c856c07b625124fda8dffefc3e2824185640a1944e77134c56", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 116517, "scanner": "osv-scanner", "fingerprint": "ecad408982c8a867788b1b169f9773cfa4c952dae95c6913e1d2a58e3f6235b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j3q9-mxjg-w52f", "level": "error", "message": {"text": "path-to-regexp: GHSA-j3q9-mxjg-w52f"}, "properties": {"repobilityId": 116515, "scanner": "osv-scanner", "fingerprint": "d4da6c00a3cef7cc1d2aafa9e671a786c7009eba70ff2be1e9d2b88ee95f88ba", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4926"], "package": "path-to-regexp", "rule_id": "GHSA-j3q9-mxjg-w52f", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4926|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 116513, "scanner": "osv-scanner", "fingerprint": "5742c339a39ab768b3eccf36b77e764e80f572d1c2004fb943c094a904543ff2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 116511, "scanner": "osv-scanner", "fingerprint": "155d5f86682d4cca28cde02dfe1b84c1837cf98c6feba6adf8f141619cbe7278", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 116510, "scanner": "osv-scanner", "fingerprint": "09e3156d77e314926a52fbc6f5aec96b0f979198ea66c485cce13e20587eb10d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 116509, "scanner": "osv-scanner", "fingerprint": "221b16994c1c62dd68d3c52e72deae94054e851fa81062e507d061a803f51227", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qjx8-664m-686j", "level": "error", "message": {"text": "js-cookie: GHSA-qjx8-664m-686j"}, "properties": {"repobilityId": 116507, "scanner": "osv-scanner", "fingerprint": "b36e9b3e97d49888489ade6670c24276458051983988deb517b30d3c9fcf9e5b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46625"], "package": "js-cookie", "rule_id": "GHSA-qjx8-664m-686j", "scanner": "osv-scanner", "correlation_key": "vuln|js-cookie|CVE-2026-46625|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 116504, "scanner": "osv-scanner", "fingerprint": "d0b9234ec2966d5cd1ae83b092076fc6f5a32dfd776078904598a2fa7f33a0c2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 116503, "scanner": "osv-scanner", "fingerprint": "c35df0a8f45b3093e14eb6817663ff04a68616414e8781d73a25447d74f0932f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 116502, "scanner": "osv-scanner", "fingerprint": "3af22cffbe7b1260496c3efef65cb290fe7aaa2f5adc714678d46e82570039b9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 116501, "scanner": "osv-scanner", "fingerprint": "dd364d35bd2220ba04697abf15c87b96232cb50b7b3a7f1af10539ded4682078", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rpmf-866q-6p89", "level": "error", "message": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "properties": {"repobilityId": 116495, "scanner": "osv-scanner", "fingerprint": "85393d5605e32ab4c2c256afbd8c1cdeb656cbda82ce680ae01ccae5d8e18c42", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44240"], "package": "basic-ftp", "rule_id": "GHSA-rpmf-866q-6p89", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-44240|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp42-5vxx-qpwr", "level": "error", "message": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "properties": {"repobilityId": 116494, "scanner": "osv-scanner", "fingerprint": "da1ea8d849e0c67a477acc9bd3309760ad7e4f15f3f2b026a34f5f0919fd50fd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41324"], "package": "basic-ftp", "rule_id": "GHSA-rp42-5vxx-qpwr", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-41324|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-chqc-8p9q-pq6q", "level": "error", "message": {"text": "basic-ftp: GHSA-chqc-8p9q-pq6q"}, "properties": {"repobilityId": 116493, "scanner": "osv-scanner", "fingerprint": "5d8e698bdc342788beb321cd1464fff88f158cb4fd8b17751e5e7e323c3f3d6a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39983"], "package": "basic-ftp", "rule_id": "GHSA-chqc-8p9q-pq6q", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-39983|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6v7q-wjvx-w8wg", "level": "error", "message": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "properties": {"repobilityId": 116492, "scanner": "osv-scanner", "fingerprint": "327fd7905002c34fff646c87ad8e58925cc21ea1cad910bafc29ffc6e35e873b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "basic-ftp", "rule_id": "GHSA-6v7q-wjvx-w8wg", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|GHSA-6V7Q-WJVX-W8WG|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x6wf-f3px-wcqx", "level": "error", "message": {"text": "@xmldom/xmldom: GHSA-x6wf-f3px-wcqx"}, "properties": {"repobilityId": 116490, "scanner": "osv-scanner", "fingerprint": "d27bd28c7a94e76a0aafdaafb899a358826d5119f53eb646523a73e3137bb5c5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41675"], "package": "@xmldom/xmldom", "rule_id": "GHSA-x6wf-f3px-wcqx", "scanner": "osv-scanner", "correlation_key": "vuln|xmldom/xmldom|CVE-2026-41675|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wh4c-j3r5-mjhp", "level": "error", "message": {"text": "@xmldom/xmldom: GHSA-wh4c-j3r5-mjhp"}, "properties": {"repobilityId": 116489, "scanner": "osv-scanner", "fingerprint": "6ceed9d55087fa55073e8ca23238714f4e91df7a7f76cfa733651e76b1219c2d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34601"], "package": "@xmldom/xmldom", "rule_id": "GHSA-wh4c-j3r5-mjhp", "scanner": "osv-scanner", "correlation_key": "vuln|xmldom/xmldom|CVE-2026-34601|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j759-j44w-7fr8", "level": "error", "message": {"text": "@xmldom/xmldom: GHSA-j759-j44w-7fr8"}, "properties": {"repobilityId": 116488, "scanner": "osv-scanner", "fingerprint": "f4424ca776479d77af8faa5867303413c4cc0643ff8a2318037ea50ad34f98c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41672"], "package": "@xmldom/xmldom", "rule_id": "GHSA-j759-j44w-7fr8", "scanner": "osv-scanner", "correlation_key": "vuln|xmldom/xmldom|CVE-2026-41672|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f6ww-3ggp-fr8h", "level": "error", "message": {"text": "@xmldom/xmldom: GHSA-f6ww-3ggp-fr8h"}, "properties": {"repobilityId": 116487, "scanner": "osv-scanner", "fingerprint": "f9aa97f08982925325cb2751f8af75d23bf42d886970668a7197966743ece00e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41674"], "package": "@xmldom/xmldom", "rule_id": "GHSA-f6ww-3ggp-fr8h", "scanner": "osv-scanner", "correlation_key": "vuln|xmldom/xmldom|CVE-2026-41674|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2v35-w6hq-6mfw", "level": "error", "message": {"text": "@xmldom/xmldom: GHSA-2v35-w6hq-6mfw"}, "properties": {"repobilityId": 116486, "scanner": "osv-scanner", "fingerprint": "0fb57e63759d59af34b2397e08d6491b0af432eead15878b2a4c31a12f7764eb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41673"], "package": "@xmldom/xmldom", "rule_id": "GHSA-2v35-w6hq-6mfw", "scanner": "osv-scanner", "correlation_key": "vuln|xmldom/xmldom|CVE-2026-41673|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 116485, "scanner": "osv-scanner", "fingerprint": "c2dc1a09078c71856886d8ce45758b5e18c5cb783464c9542246579d238e3b46", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116484, "scanner": "osv-scanner", "fingerprint": "79800e1a1cc3c2e7c505fc01e72aac0d35202aa46ad5a30c238d152a60b49850", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116483, "scanner": "osv-scanner", "fingerprint": "ec8fb8f520ecb54688408c48229a1934f98ba4bc28ce303ac09f53fb093ded01", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116482, "scanner": "osv-scanner", "fingerprint": "ed19247107a252bd492a2a08540c59447514f668655ef759161fe15f3fff82eb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116481, "scanner": "osv-scanner", "fingerprint": "11a4569078f0042065fafb7ce8282d35ef4d413363e34133c39e9fde0cdff312", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116480, "scanner": "osv-scanner", "fingerprint": "1f42f5c9f1dbac75445dbc86fbdf26ba5d85795c633da3f3d478c3c768848039", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116479, "scanner": "osv-scanner", "fingerprint": "b02f547801db476b36a03f33be3fbe5177d81d44773223a125f981d4ba30cb3a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116478, "scanner": "osv-scanner", "fingerprint": "5eea6905e2c85fc87c9ad072c6f4ae95319211d2426036c2f62a31a59c625df2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116477, "scanner": "osv-scanner", "fingerprint": "6948108be2e8fff8b17d01df63343d70939aaac69fb7c6dcef2a710e7b57770a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116476, "scanner": "osv-scanner", "fingerprint": "5e7fbc7e0d965a9643d758f0c02d130096a13536199f78e06bed6892d6b8d7be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116475, "scanner": "osv-scanner", "fingerprint": "84daa199c689bd21e5e235cac9843344a2159885b4febd4c974556ec5778eac2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116474, "scanner": "osv-scanner", "fingerprint": "63471e431e5529110de52e5630bc605f16c7ddb1493852222cd016f320c391f1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116473, "scanner": "osv-scanner", "fingerprint": "e9af96795e654645ee95de4842227f7b2249f92f1514101af3dfed4876a31073", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116472, "scanner": "osv-scanner", "fingerprint": "2c1ef98be5ac06df822584ad2ca305f7a601bfbe40fbbec7920c7894cbf05092", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116471, "scanner": "osv-scanner", "fingerprint": "d4a7c7f21bc3c6213069372c1204577c360806797a052072aedefdfdafa04fb7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116470, "scanner": "osv-scanner", "fingerprint": "be28598381ea62a8a6a7eabbf7d23c3b82f202aace05e4d0da90feeeb6b3bb91", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4866", "level": "error", "message": {"text": "stdlib: GO-2026-4866"}, "properties": {"repobilityId": 116469, "scanner": "osv-scanner", "fingerprint": "b3879c9d0d6157334967c3391af479a612c1589b34b4167ec1819263df9261f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33810", "CVE-2026-33810"], "package": "stdlib", "rule_id": "GO-2026-4866", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33810|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116468, "scanner": "osv-scanner", "fingerprint": "3d0ee6be57bdf5ddf27850bf434233f2667e7ba459bd5c9b643aa737ed94aa8b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116467, "scanner": "osv-scanner", "fingerprint": "3fd0a28b15c9dc94c96512b233b97152636d9cb12f43623bc3e9dbb7142d4bd2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116466, "scanner": "osv-scanner", "fingerprint": "088ebf762e2227279767826b73e05937ccae8caf2b2eb9908e1d56ecf596c71b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116465, "scanner": "osv-scanner", "fingerprint": "ae5e401957a2a6f74d549cd2097d486318947b621e103ebdfed151716a272592", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116464, "scanner": "osv-scanner", "fingerprint": "2fc47b6c75bc0d1c4a494348c30556172a46fd7e3bb607735dbfcc38f732b747", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4600", "level": "error", "message": {"text": "stdlib: GO-2026-4600"}, "properties": {"repobilityId": 116463, "scanner": "osv-scanner", "fingerprint": "e0ac475e6a27933e2626ceed48c0e243eb64ca345b145d30a549948d89a8ef45", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27138", "CVE-2026-27138"], "package": "stdlib", "rule_id": "GO-2026-4600", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27138|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4599", "level": "error", "message": {"text": "stdlib: GO-2026-4599"}, "properties": {"repobilityId": 116462, "scanner": "osv-scanner", "fingerprint": "d0744eeb66767d2a3d7ad7de041a9f3ac87fa14df380fd4f8cd85f0ad4780bf9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27137", "CVE-2026-27137"], "package": "stdlib", "rule_id": "GO-2026-4599", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27137|src/go/wsl-helper/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/wsl-helper/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116461, "scanner": "osv-scanner", "fingerprint": "3b29a7afcffabd51c37c1f95a3a980a3f75a652d0773aa2cfe509fcaae42fc3d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116460, "scanner": "osv-scanner", "fingerprint": "3a1e4087e04db518fc9be17f1692c0ce0a1d692c9c76883617bf747e7ef1b9cd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116459, "scanner": "osv-scanner", "fingerprint": "afbacee2bb20930505e54f5539b4304038923acee8566927dcca8fde581d421b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116458, "scanner": "osv-scanner", "fingerprint": "0de33688ae9f19066d712776a06422d60d5a5931766947a672645d930d05f72f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116457, "scanner": "osv-scanner", "fingerprint": "9269c5b2f3a49e8cc4174b6311e89beb7c825d8ab2997975723fd8cd098f2a66", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116456, "scanner": "osv-scanner", "fingerprint": "b3148d3b242d1069eae79be848ad3fe5c8043b0f2b2db3b853b50eaa72c8e378", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116455, "scanner": "osv-scanner", "fingerprint": "7f354b49620201fac5b84e6b2fabb474fdd5de3c350c89fe24bc23a5cc15931f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116454, "scanner": "osv-scanner", "fingerprint": "a0b26dafeda9da3826922488c8006f79add60f5aba322ec7608eb0e0dba6da88", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116453, "scanner": "osv-scanner", "fingerprint": "f20246f2ac82850261f4ef4b5d73008fc1c79205d98b5f20ec57770060e27527", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116452, "scanner": "osv-scanner", "fingerprint": "3aa8b7f7a86fbb36338e2f96b4a1273968cf55a5f38e400c488a235abb102b27", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116451, "scanner": "osv-scanner", "fingerprint": "3ab043bdf6059f3cb8ef9562bf8b6c5ea232bcfec4348abb7d0556ddc0180eea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116450, "scanner": "osv-scanner", "fingerprint": "62d3dc9620eb1dfced9718a41399e02ea9107a678f258826a06ef0d4e670dc16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116449, "scanner": "osv-scanner", "fingerprint": "16ceec57df17154afa4fc30371803ec5a2b064554866105119b21d1aa04dc7c0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116448, "scanner": "osv-scanner", "fingerprint": "8051f01e07a2182092c3a3c0aea1622df7ed9bd90bdf7f847f5269f4cac2a342", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116447, "scanner": "osv-scanner", "fingerprint": "b9dec30014bd96ed9ef9a880e690baf01f332864df95680aef726852437a5ef8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116446, "scanner": "osv-scanner", "fingerprint": "b9099c3c23ca376c3aed3948bd67ab3f0d4058c3e5fe46709fa61fa0b5b89848", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116445, "scanner": "osv-scanner", "fingerprint": "84ae64027cb442790385a8af5f81e8f001ca2b8c827167308e974469a801e07f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116444, "scanner": "osv-scanner", "fingerprint": "605dbcb60563971074238f0a7b9075e6752f6650ca2e9c9192a1e6b3fc5c218b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116443, "scanner": "osv-scanner", "fingerprint": "1df7ca9c46be4cea281d8b689259977dd69261c62287d5ab7c666783ae3193f3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116442, "scanner": "osv-scanner", "fingerprint": "b81f1bdd87ae523bae08948b869408e454c53563458d9418cf6edc2d225279e0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116441, "scanner": "osv-scanner", "fingerprint": "6589fa5d792d67de0c745aaf703c6e67f1de55a70641d1b3e622b4f5bdf500ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116440, "scanner": "osv-scanner", "fingerprint": "f2a867f06c0acd9959644352c25c9f00f033929d19e36ac7c848a6a7db516a3c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116439, "scanner": "osv-scanner", "fingerprint": "ec9f2924cee57e02fde490b77ef072fc60e90e356ca92dc063db7fda5c6b08dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116438, "scanner": "osv-scanner", "fingerprint": "4a21c3646a4bacccab02cb80e2381d455ffa84d301217795dcebc936b16df254", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116437, "scanner": "osv-scanner", "fingerprint": "690b14edf6758d5a937bd3cc259ae4bbf1148d280fbf16c61f2067d01adeea15", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116436, "scanner": "osv-scanner", "fingerprint": "87306c829600ef3912e644dbff1133c099ad467820db7a55269f660eb3490d48", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116435, "scanner": "osv-scanner", "fingerprint": "45729380f08c11ae411247a4c37f16f3628d42fee79628df6d30eb2a58458ef5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116434, "scanner": "osv-scanner", "fingerprint": "e856927519b0f9fc580a8e26795abd63701c6b25173a19402492e0f9ab39271a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116433, "scanner": "osv-scanner", "fingerprint": "c8c2e98ebe533a62adfab5f179c77ef5782470971b3c93ffd118a4bbf394fe81", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116432, "scanner": "osv-scanner", "fingerprint": "6792dc8312b989c79b2b383d59effcc2559e86d9b2ad337f7425a8ae34a0b425", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116431, "scanner": "osv-scanner", "fingerprint": "6cf5e870808352b5e4dfe1c23e0549a193ed7151f869c03bf5209376e3d0d732", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116430, "scanner": "osv-scanner", "fingerprint": "2fd01edd4b91a6e077b05b0eab0d5ef6bf062dcc2163302ef13ab0a69cd624df", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116429, "scanner": "osv-scanner", "fingerprint": "0439ec9e9ade2bf3594b2727c340e772b97c375dfa5f1670ef74455143076723", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116428, "scanner": "osv-scanner", "fingerprint": "c9a7ea39a7ffdea421bfe66d1c76631319a5ba0061cbee08d8d558d411f75ee8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116427, "scanner": "osv-scanner", "fingerprint": "20a87ffd8fafc8293746588c13f807b33474956682a06e4483ccf92149905bd9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116426, "scanner": "osv-scanner", "fingerprint": "d53213849f0895af7b36e59a8b5571ca6820acd37963bf7842cffd25da89c3c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116425, "scanner": "osv-scanner", "fingerprint": "dc7a666ec17c63f3db49efcce5a01c1cc63368d0ba85d33ab2dccccb284c6340", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|src/go/spin-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/spin-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116424, "scanner": "osv-scanner", "fingerprint": "6f205ece22b2451417caf2dbe82ee2090c929f49bef3229666036b94645071b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116423, "scanner": "osv-scanner", "fingerprint": "a2bc86fe98aebbceb9a0ced1c339cea82c24f6042cdf9892022d99a3b3e2100c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116422, "scanner": "osv-scanner", "fingerprint": "19d832609aa18402234488321961f90e4070ed7f8e22d07473d1378fc8bd5e78", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116421, "scanner": "osv-scanner", "fingerprint": "221db59fc747b9406baa11a5b9bf2d37e49a9b5ffacfe928774fc34309e15d70", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116420, "scanner": "osv-scanner", "fingerprint": "05e59f5ba34a6c9eda72e38a5982531049cdb596c63877306bff841ec0aeb481", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116419, "scanner": "osv-scanner", "fingerprint": "7092230bfe83debc272c8005a4b9577fe65f7beff2b8b40e4e8682befcb206f6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116418, "scanner": "osv-scanner", "fingerprint": "dc2d1d1af90410c57b1b3e2581ba592f6c9824fb346562a67af7ff1facbd4f33", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116417, "scanner": "osv-scanner", "fingerprint": "10f67d41881fc0f0d2755b3708f7e008719c9769223a2275a9e6926414f5b76c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116416, "scanner": "osv-scanner", "fingerprint": "9a3b8e6936b3d720504fa8899e47fcb797f957e98b458a9a7b5a61477b6341c9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116415, "scanner": "osv-scanner", "fingerprint": "755f2f24ba19886591ee429e940cd131732452b76d0ed32be6247f0f6372cb83", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116414, "scanner": "osv-scanner", "fingerprint": "9dd0037ac376b4a115900fe4008ea72978e63959e82bb298501e4d0d3f3d4a39", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116413, "scanner": "osv-scanner", "fingerprint": "9ea043a546a0d22e61a9bce741c7b00d20c917b68da88802ed77465a88e0ffd2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116412, "scanner": "osv-scanner", "fingerprint": "a988166fb007f8190e4b31e77724fe36f56086faa42e62ec998b4d254f6bf475", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116411, "scanner": "osv-scanner", "fingerprint": "f79ac3f692ea83c953cef987469fe648069e07f0d672da5bb7cf2f7c2e55b697", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116410, "scanner": "osv-scanner", "fingerprint": "db57bf7bc8116ae380b07987f0c9572ab262f04df79f0defe13d6e2b941abf53", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116409, "scanner": "osv-scanner", "fingerprint": "52c0119707b68ba9cb8225bd5924b3708f70f8983c9f697779f0e67cf1f550db", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116408, "scanner": "osv-scanner", "fingerprint": "1316cd4f228438cdfc91615772373c846a78337edcf1d0e37808edaf190ce87f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116407, "scanner": "osv-scanner", "fingerprint": "445d892f97569338ca2fd5c2c3bfba9c28f37cc1af580061c56cc610b1c82dff", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116406, "scanner": "osv-scanner", "fingerprint": "0266f3e824924bbaaee374ee22352d00030436676b8d57ad632d7889e246b5c2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116405, "scanner": "osv-scanner", "fingerprint": "b42109f49bb7b3847c1d94734ce53d20d7ad5ab02a8c58aa8912464c579e307d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116404, "scanner": "osv-scanner", "fingerprint": "4a2fd107b41ac61d0095d2e6a308a338cd9c88cda26b9c6b2fe03525fedd6866", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116403, "scanner": "osv-scanner", "fingerprint": "158f72cd89f86dd95c03f1e0013595e825b3f9a937b25856eecf15837bdbeb4e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116402, "scanner": "osv-scanner", "fingerprint": "4004eda0ed3f6763d257b64d59fab5d35b04cd359be129ef8ccb6edab4a60915", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116401, "scanner": "osv-scanner", "fingerprint": "a96f24b610a3e7bacdedb4d7b630f9d1f50651dd0182b115b5a66aeb0dd889f8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116400, "scanner": "osv-scanner", "fingerprint": "87967902d1d478975c41e790fd9a7df611305481366cd03167006c1e1e02f51a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116399, "scanner": "osv-scanner", "fingerprint": "1f9c0a8eac3fff7052ee4c90c6b2cbfcd06fc6394bd05c23737a5e3973c4060b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116398, "scanner": "osv-scanner", "fingerprint": "405abb645be1ad4c1b6de84641f812958dbd3231ade5bdea0e6803649650e927", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116397, "scanner": "osv-scanner", "fingerprint": "9d3917975db2076d8b5c731d9b68e7387f63dec2126f84c418b284369e45ed18", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116396, "scanner": "osv-scanner", "fingerprint": "7144810d238b4d6fd4a5d0e32b5c53d29510420957f4c18fc923a0eb1733fb01", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116395, "scanner": "osv-scanner", "fingerprint": "8cf53a8c6fca6a5806e10e5b694f925604c64a1ef464b424015680f5f7c15778", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116394, "scanner": "osv-scanner", "fingerprint": "779d649fe6448cfaef36da62d4cbb8977704a322bba2dcc25291744edd400047", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116393, "scanner": "osv-scanner", "fingerprint": "f9ebd94cf1bab1f2526a0b1e14efd4fbbcdb5986b5b4392700501fc812ef1d33", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116392, "scanner": "osv-scanner", "fingerprint": "33c45f633268b88401b9dd02af5fa81249b20d3e3fa0bd37c3537f48d9e1763c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116391, "scanner": "osv-scanner", "fingerprint": "6cc0526277c41189b9614890bb0ba878b2eec01adaa545b9438ea9383b057ed4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116390, "scanner": "osv-scanner", "fingerprint": "2f0069beb443bc62e0318aae6555ed26e7e3be5c95fb892a97a2ba7b66293bd4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116389, "scanner": "osv-scanner", "fingerprint": "3f19dfe58b661d9640dca33b43c11b80169f7339491fd07adf4fc95475cc9278", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116388, "scanner": "osv-scanner", "fingerprint": "827b937a4ded3825e2f3ac8c91c2fe634c6661ad4278f2c54679162003964120", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|src/go/rdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116387, "scanner": "osv-scanner", "fingerprint": "4101d58c8016b880c6fdeb166f0476bc0dc66f90dd32e31b70d8e52927b2de33", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116386, "scanner": "osv-scanner", "fingerprint": "29da98fffc176172a2ee63143d14dff94f608edfed6c9e2e4e6bd07c208e005e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116385, "scanner": "osv-scanner", "fingerprint": "f7c46d4fe0c2521db457cd9bbaa0c3c97b50980f859d130a2aa4fec4310e4bac", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116384, "scanner": "osv-scanner", "fingerprint": "a4558ce7b8003c81c2780fefd16488169b20bfe4f6d050dcdeb9012a3dd3ea84", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116383, "scanner": "osv-scanner", "fingerprint": "f7b6a765f0fe73c572ded0b3b0f6f34b242397db4e97ff789361be9cf0692796", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116382, "scanner": "osv-scanner", "fingerprint": "60e29c6f45ed24b2a9082cdb46ed7ddb4fe5b901a06384d9530b25357b9ab72e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116381, "scanner": "osv-scanner", "fingerprint": "34a90481a0290b8e0e116938fd0edd3883db4d71ffe300229599a2069cd6f7c8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116380, "scanner": "osv-scanner", "fingerprint": "7d37840ebc8a840fa6bd310d537f69df976b1aab0089ae20afce156bb81563d2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116379, "scanner": "osv-scanner", "fingerprint": "69fd63a18c5adbe1936d63c70c64b71939333f3185331acfdb6bd5efb1157c5e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116378, "scanner": "osv-scanner", "fingerprint": "22cfc2d00f9a4fd5c6054f437d8c2aec25621ca2e5c3ac2504e01f08ad73aa57", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116377, "scanner": "osv-scanner", "fingerprint": "7c1d2c355f440e94864cf07e5df11aa04ce63f97459005d179e5cb4ef26c6987", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116376, "scanner": "osv-scanner", "fingerprint": "dd15898c4cfa7c6d38d12b8a9239df6d25333fb7a58ac729dc1f72d09ad9b0ed", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116375, "scanner": "osv-scanner", "fingerprint": "0e307ebde349cce6c2033bbfd0d6e602327646c596da96a70fc88a7c9f2ea4bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116374, "scanner": "osv-scanner", "fingerprint": "e503f698c015a20d3068995ffa91a09397c202f07e8de368d278ee33dcd89787", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116373, "scanner": "osv-scanner", "fingerprint": "c300abe11b3af6434d1d90048581173c9fe034ab8a95f502eb79552057a9d981", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116372, "scanner": "osv-scanner", "fingerprint": "1dc4e44be162c3dc1bd4d45805a202cdb7ecb5a4167f208a928bd2b35111858f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116371, "scanner": "osv-scanner", "fingerprint": "c0431c2af465a008f65ae1e6550c759df1de12e54208c83589a84d5107787327", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116370, "scanner": "osv-scanner", "fingerprint": "d290cc2b75b205eb49c7229f9e8fc4d4abb6a8fb6fcd6e34f1940aaea4aa027d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116369, "scanner": "osv-scanner", "fingerprint": "f5e73deb248dd6c0b7ae307b49d528e27643b738c355e3a1f56536992e07c223", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116368, "scanner": "osv-scanner", "fingerprint": "18dc2635be8b8c9ae7eb48901d59f85752f7f08540ae4bb5a3d554987593c6a9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116367, "scanner": "osv-scanner", "fingerprint": "16fd32b04efd7b39c3f34b2c30985b1e89967c3e7c17b4ef04772d3ea757a041", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116366, "scanner": "osv-scanner", "fingerprint": "809959d3a7a1e2e18ef8ea939aa3e940ef2155e6b96ce8bd21b388068b66de95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116365, "scanner": "osv-scanner", "fingerprint": "f814519c4b3e5c75f62b0eadaad1f00b0efb189e52e06cc22e4ed014c0524a0f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116364, "scanner": "osv-scanner", "fingerprint": "8f8957aae3e3683b172cf86a8be1c40890c8f2c0994c60d50592372da5c58e3a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116363, "scanner": "osv-scanner", "fingerprint": "d5d2fcaed07d9e7ec8aa39fbd24d7c659db33d7ef5a0a704d2c7a9df75b357e5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116362, "scanner": "osv-scanner", "fingerprint": "bd1afbde87f3d8c3f74c26f0178787b389aaf534fe8888d5456665d8441fdd38", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116361, "scanner": "osv-scanner", "fingerprint": "1d9611fd020476f29563aed66bf48c101d087aeb040c5d50f4d9e582191c13ef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116360, "scanner": "osv-scanner", "fingerprint": "53db452763707a79e622d9a7cb80763ffb743779cb0bdfe72992e096d603e6e1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116359, "scanner": "osv-scanner", "fingerprint": "c99efbe47c65795dc53ea9e3f2becb4ac1550f89fe27bd99a3df2e33882f1696", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116358, "scanner": "osv-scanner", "fingerprint": "40b648f41daed3397d3a36ea00b9e63ff65cf33574aa40ff98f0f496e3ca7ebd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116357, "scanner": "osv-scanner", "fingerprint": "06e59ce2a12bd4b9a7e477d05de2cfe9adf98873eca1ce01e8b198d66ce281fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116356, "scanner": "osv-scanner", "fingerprint": "05bbc2d74040397fccbe820d5012501b55a5b69f920be3258c6890d5b9bf8dfd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116355, "scanner": "osv-scanner", "fingerprint": "a5b3f5916f077230d43495390663bc94710cfa00ae4e89eaf65ac006af86bc9e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116354, "scanner": "osv-scanner", "fingerprint": "6e8599ee18eb9e0e920898671268f7b313388ec0071281b2e54b3b2274e9d3dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116353, "scanner": "osv-scanner", "fingerprint": "ba02e456d6d685102f7323c50ee5c690a4490618d75cf56315b819b05b602f89", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116352, "scanner": "osv-scanner", "fingerprint": "f6320926e7455219466f129d433265298c4edb40d6ad43e3df643e0584ff5ef3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116351, "scanner": "osv-scanner", "fingerprint": "fc5ee1fff2491ffb72fc85b84c6f445e854b7e4771d157e24342fde4d3e45391", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 116350, "scanner": "osv-scanner", "fingerprint": "6765e8022a04a070606ab4d18432ba39fecb74ed15321306362c217181bbc86a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 116349, "scanner": "osv-scanner", "fingerprint": "efc8e4d65a05f3635d05bf6ab15883d0b441b8b46337b07402b83ede0a4c42d6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 116348, "scanner": "osv-scanner", "fingerprint": "64b8094159bd57a14e360156c2dbaba1d126a78e0dfe170f914a7bae30653bc5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 116347, "scanner": "osv-scanner", "fingerprint": "c25a4b412b825745438b8bcb4f6c0a11c1f34b8620a6c615a36fcc3ca932ed05", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 116346, "scanner": "osv-scanner", "fingerprint": "510fc2cc0924737a4560cce24c01c9e3c0b2ad7cb12d7b137efa664e9d441888", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 116345, "scanner": "osv-scanner", "fingerprint": "1db4e0bc89cd96db6359ed587e80a10b851cab1311d2d9395f56b7ee415f4bf9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 116344, "scanner": "osv-scanner", "fingerprint": "4c1301fb6e99b90fdee7726d850f3d8407baf82158556021e86bdcf645543743", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 116343, "scanner": "osv-scanner", "fingerprint": "a4f8c41b9d7401c7ecc796c7909b4bd095bc227c2baf1e2fadcb19f3c83004e2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 116342, "scanner": "osv-scanner", "fingerprint": "1295711bc31b88a3747f8856ff303d211951d5a45218d87a1a5145bee3d4e0c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 116341, "scanner": "osv-scanner", "fingerprint": "6303380caeb14ca5e6f39c6e1c39c7f5dc92f0d16438d0432877fb0eada14387", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 116340, "scanner": "osv-scanner", "fingerprint": "446eab5426ad26d86dc0618c830b7723ab773263325ee63bd3c587628728f74a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 116339, "scanner": "osv-scanner", "fingerprint": "56b1824bbe53a59ad3ced494461a12ad6ce79667fae66ae9123d4b40ea96e61b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 116338, "scanner": "osv-scanner", "fingerprint": "62feb0d34ea7eabd8a2e228d61da79f37984e683e9428e4cc6b0e5122331f46e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|src/go/networking/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116337, "scanner": "osv-scanner", "fingerprint": "1c32ed0eb4df48874b242c17fb739d675404200275d8fcda253aa4b6c87a6dba", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116336, "scanner": "osv-scanner", "fingerprint": "24c318c312ea313afad04a840cf88c8d5a431903e82625472fcec46b968bc61e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116335, "scanner": "osv-scanner", "fingerprint": "a1d73535df2646aa0bab376aa7c6528f3b941d02572e9ff235c89d5709b87ce2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116334, "scanner": "osv-scanner", "fingerprint": "c30fda74da72572a49677f61b52bd959593f1a2e3838794ac49ca47d1281c1e3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116333, "scanner": "osv-scanner", "fingerprint": "b809318d20906eb64e17b744cd83117e38cac203bbd14a981b16d43ba14bec40", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116332, "scanner": "osv-scanner", "fingerprint": "dd44bf4b145af60542ff9798f8f7c9a7828473d7ac3ef39e64df8fc6516edeef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116331, "scanner": "osv-scanner", "fingerprint": "2a9dc1332e5cc3bae7023c6def5399e1b59006c03518c3b45cd680de7cc888e3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116330, "scanner": "osv-scanner", "fingerprint": "e77c740ea84f48843ac02702f815fe2383f754fb888bdfeb215bf54bad19521e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116329, "scanner": "osv-scanner", "fingerprint": "7ae8a40062353d0efa920981fbde614d74e16c881fb5438b870ca98b1d739b7e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116328, "scanner": "osv-scanner", "fingerprint": "425aeb7cbeda598e57839f444fe308b0ef1a2998325eb2af78d2c9280cc225cb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116327, "scanner": "osv-scanner", "fingerprint": "c7d08ca69535d8f6da76553f6ecedc5409a918de117259ff366013f3a2c1d8d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116326, "scanner": "osv-scanner", "fingerprint": "58830856656a22941dd5cf4231e20230559758b7a97de040913fe95bb9b7ea9f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116325, "scanner": "osv-scanner", "fingerprint": "9c9007665fcb08b6c1d11d14bfeebea73f7fdc59068d62eee0c4b09b4c486518", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116324, "scanner": "osv-scanner", "fingerprint": "258340257c917b48be480e72d5e4b96d05ab6833677de27a7166b749ae11dacc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116323, "scanner": "osv-scanner", "fingerprint": "45d7239a34567013251f3326227227f0e72a425197045f1d04dc766136c3de70", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116322, "scanner": "osv-scanner", "fingerprint": "484c36e6c0455c34f48d8140f141bbd5ec3cdd30488f8725ff81a4b269b40184", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116321, "scanner": "osv-scanner", "fingerprint": "686e1d977cbc7209dcca5845b6109940cd4ee43effef8a5fa8dcca747f471223", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116320, "scanner": "osv-scanner", "fingerprint": "1645c2146c452940c6d0ada02ef97a7bbc527f4b28d63870f58aebc0326daf1f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116319, "scanner": "osv-scanner", "fingerprint": "5c64753ce4e8cade776709ee9d3110b4d2d5b906ea4436f31efbaca0372cec6d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116318, "scanner": "osv-scanner", "fingerprint": "d27b35f66a6f2ff23c441ff555168abd42ec6f3a9374203832a42911a7e6eaa1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116317, "scanner": "osv-scanner", "fingerprint": "380e1b824da13ac30b430e4564b69517b1396df46e1762de5c81c33d4804479c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116316, "scanner": "osv-scanner", "fingerprint": "dd8f7da2d143a2239c3e275dd0d358e5bd654b0f74851df122e7a0d4a4cf422d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116315, "scanner": "osv-scanner", "fingerprint": "c51cd9e3b7e180e0ddf6c224e9efdc86e9886ab7dbe393339e068f67542c47ed", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116314, "scanner": "osv-scanner", "fingerprint": "bb27c79d01b3a67369104f4d898464e1b8bf653dce4fe26bcf8162318bfaafc2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116313, "scanner": "osv-scanner", "fingerprint": "d701afc71efe902f496aa19bb8b2fef2d58981cc7d971220fc8a3be9f5d1cc43", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116312, "scanner": "osv-scanner", "fingerprint": "17c438c70ca8326c8750b2652c0468d3978f0c92dbc0b104dce35d9daddabde7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116311, "scanner": "osv-scanner", "fingerprint": "7f4ff4cf8977e43a5a7535d787de3027a82b84d28b0f91b1f7578d59e270f157", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116310, "scanner": "osv-scanner", "fingerprint": "baed71848c2e6488b928fcd0d5e36cb275f80ef26505f728c7e46d340d48ae1c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116309, "scanner": "osv-scanner", "fingerprint": "0938eea0604b07e9468c4e09e2fd3cd270493107abc835a33816a6c1ac5147f1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116308, "scanner": "osv-scanner", "fingerprint": "475cca981156f1aa05b521922d7122129fbac0f056c33be817a2b6e9c96179af", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116307, "scanner": "osv-scanner", "fingerprint": "9260b6623ce715dbc53f0358669ad94a433f80d649fc100d6ec06ae8233990f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116306, "scanner": "osv-scanner", "fingerprint": "8f6521b2eba3301cd58d0e96c2bac3fc9fc67fbfbf297b820918fe14d627a7d3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116305, "scanner": "osv-scanner", "fingerprint": "6a96c200efea3f6cc301580d2f7d90d82677571c675024e1ce99f0ab90b061f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116304, "scanner": "osv-scanner", "fingerprint": "acc4ca6fe082c117bc2afcf22c925c10edba2a6791f4682d5a98cd1814629f97", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116303, "scanner": "osv-scanner", "fingerprint": "e087b607588527ae857092158557c22681d2927521b8585303f61b19b4fa872c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116302, "scanner": "osv-scanner", "fingerprint": "09400b472fc91807816ae80a37686259cde3954e2890d59eca90291f218bbfe3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116301, "scanner": "osv-scanner", "fingerprint": "749f8dda394c72d9c760e910668f942ec1625c59ea7e14271aa63e5e48b92834", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|src/go/nerdctl-stub/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116300, "scanner": "osv-scanner", "fingerprint": "27f95d917ce3f693bc8f5ad07679db32acefd08a053da7739a597ecc29b28c85", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116299, "scanner": "osv-scanner", "fingerprint": "227b8da801e54ad173de01d266a3f662e9e12d9b8dba86ca59916585ef6b7d25", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116298, "scanner": "osv-scanner", "fingerprint": "acfe1b0fa6595631f1c2bc31496b2683ee888de5c5c9ad96dea1c1043d6c0010", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116297, "scanner": "osv-scanner", "fingerprint": "9da13d5ac2dc0f79860b8bbc4446bfba5b7bf18425132df0566adeba45694d2e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116296, "scanner": "osv-scanner", "fingerprint": "d1d12b8c5517fe7f20f5fd3668f7e0f97a3b9fcc55ce38ed9d3682275ec7d81b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116295, "scanner": "osv-scanner", "fingerprint": "dfad5b358ffcce4cdd2165174386896ddd935cfcf28ae40af45f041e1df84688", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116294, "scanner": "osv-scanner", "fingerprint": "26aa4cb27d56118aac15c3d3fea1fdf733cd14ac1e82fee193762aa676a00414", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116293, "scanner": "osv-scanner", "fingerprint": "caec0f390529d7194e59c6de0072598e6314f422d920c9b5d097ff2909e73ae8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116292, "scanner": "osv-scanner", "fingerprint": "0edeb05a6ee5794306aba1253ed2afa8e533da420a73f5cc8d2261d75238ef87", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116291, "scanner": "osv-scanner", "fingerprint": "d455293e056c1afe687871e5af7f69727d878c1907ff870b544043004be0978e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116290, "scanner": "osv-scanner", "fingerprint": "49ec7e1fa62dffee36f55b18f2eb657a159f0db658f5bc1c3366214bf7729b5a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116289, "scanner": "osv-scanner", "fingerprint": "9ba9a3a1ada680a5cd056387fb6b49955dfc699a19214bcfd8b1313fb7001714", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116288, "scanner": "osv-scanner", "fingerprint": "809764812f4161ad1495f0ce1fa790b20a05328b726325e533450e8976ecb365", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116287, "scanner": "osv-scanner", "fingerprint": "67f57af4919167339ebfc0a7534cb7275abc7fb0c625b158a8908c598cea8031", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116286, "scanner": "osv-scanner", "fingerprint": "ce87ca28d7c312b88f9eeccf0897c947ab06c973791dd691a13883c69de8ae65", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116285, "scanner": "osv-scanner", "fingerprint": "4635c9c52cf8c6e67002a77a3664e73ea92146fb904298c983bf24511ae4b52c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116284, "scanner": "osv-scanner", "fingerprint": "24a8f0f67981f3d8c47275a5de08b00b46f89649568ca4249635b949410137a3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116283, "scanner": "osv-scanner", "fingerprint": "b54814cdd7385176acf7cd56d54ff5698337652e2cd202ceffc26418ef5ffb5a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116282, "scanner": "osv-scanner", "fingerprint": "90aba6a1bdb5af6201f3fee18a16fad43e501e1924b89e85ce278dd893cf3905", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116281, "scanner": "osv-scanner", "fingerprint": "4739e417da3bb5a641e60a7e3e0c857a5a87cecbcc1126a9a73b023db61f0ae5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116280, "scanner": "osv-scanner", "fingerprint": "b935645c8431b4a53b501ea98f57631f6b90ecf073fd1abd00f133fef8194dff", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116279, "scanner": "osv-scanner", "fingerprint": "54469690455bf06f6ee5645ba00c7d53ff98201987546a5a282694e5c2f221e5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116278, "scanner": "osv-scanner", "fingerprint": "cf53f16d66ce1098b435ab410eb621d53f35dfe0fbb29eae26b75193011fe8c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116277, "scanner": "osv-scanner", "fingerprint": "91ba4ecbee0c786f90c474482d746759c5ef5f5bcd4b587866edf1632cdd1f93", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116276, "scanner": "osv-scanner", "fingerprint": "f2c84b9335481a4f572be02ff896e43d2d0873aa3681ed382963815d9dc28342", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116275, "scanner": "osv-scanner", "fingerprint": "e1b4c5ad6527f6773b79b9cb9950e69ac52db632f08e2e2f8e73772035920e95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116274, "scanner": "osv-scanner", "fingerprint": "feead82a11a231122c80c4de3b6ca7d57eb3386ee8458bb7c89e4a02c055acf6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116273, "scanner": "osv-scanner", "fingerprint": "9650cf4a66656be1c0294f7a9422f10a04eed732c7216ccda38bbc85c4701714", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116272, "scanner": "osv-scanner", "fingerprint": "9967c02f16628ce5f98cfa03095adeeb87613761d71d22589d3d015c09f3269f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116271, "scanner": "osv-scanner", "fingerprint": "07959caeda7dc5951441938715f48e49b02c5c7dbb2a8540110439cdec0d3bc4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116270, "scanner": "osv-scanner", "fingerprint": "3c9285f4fbf04b3374922df8a140fe6a8a10629f92f15dd8e983dd411181a59c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116269, "scanner": "osv-scanner", "fingerprint": "fdfa3d0d90c56a3e8df63be49a92c58d718bc18ad6940e233912139c9b35c296", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116268, "scanner": "osv-scanner", "fingerprint": "bfed51132627c05cb40e7bf04ef2fcd11ee7b9147e7e844188208129993acae3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116267, "scanner": "osv-scanner", "fingerprint": "cf517cac1c1fdd2e2a59d00407e1a2e1e2a7f76405d88d66aa1ceaadbc146065", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116266, "scanner": "osv-scanner", "fingerprint": "c976d7f32ab883a4869eef1575c75533b801ba642bddb22d9c64b12907f41ee9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116265, "scanner": "osv-scanner", "fingerprint": "3c31de062643ad144cd71167ec797529dc80da31d454d25c8c2af5cbc9a8b911", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116264, "scanner": "osv-scanner", "fingerprint": "e1d298364e9cc82fb9eac1d25fc32ffb6b573e4f54a12f99436ae5a42c9b3801", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|src/go/mock-wsl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/mock-wsl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116263, "scanner": "osv-scanner", "fingerprint": "cc9c7f83358250196d81c852bb83c0fa0f961feed056922737d5ccb573b8930a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116262, "scanner": "osv-scanner", "fingerprint": "01bbdf523a5d2f9007cd3cab7c87e3533f0f52ba81bc52d1860b728ae500e832", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116261, "scanner": "osv-scanner", "fingerprint": "8916f2e813a632e77dae71c0b24f392ea8ac36a1f729360c404dbd4000d65b59", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116260, "scanner": "osv-scanner", "fingerprint": "45b6e616c4009f2d876399c34f9e91b7af530f174b7199228b5be3c215b5ad78", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116259, "scanner": "osv-scanner", "fingerprint": "bf94d257a1603117cb59d893238b25ffbbb9cb9f657ba3ad332e17d43f86f367", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116258, "scanner": "osv-scanner", "fingerprint": "ecd281a2d3ba198020055351808369c3b75d911e0465636230afcf0a0eb6d5c9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116257, "scanner": "osv-scanner", "fingerprint": "b88ddfca03fa1d29db96673138e0d25cab0edd827928275f93314dfb9e5de721", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116256, "scanner": "osv-scanner", "fingerprint": "660282ac18a7ddb461329b84e43519244fca3b4d81fcb2774d038b0bff48fc54", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116255, "scanner": "osv-scanner", "fingerprint": "7608ae79f2d483b6709289645e6e27f566d7ec89293c0395cd24b5b4d3d38c91", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116254, "scanner": "osv-scanner", "fingerprint": "f8ac96377ec9c34a537aebe51167b39d6eaf13f9b7667dd574080f6e5037d5fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116253, "scanner": "osv-scanner", "fingerprint": "628f97af3f58daf9e08a0452629dd4c9e8fd1724fc244f939ef41bdf2adbeda3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116252, "scanner": "osv-scanner", "fingerprint": "1ba42c7e6b7ed925202045b5f203cabfdc6d4617cbdf2640594787bf64a53699", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116251, "scanner": "osv-scanner", "fingerprint": "ce00322bc37c278877f60ee7afb5ea7d9d7038c623b1a357db21059607d811ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116250, "scanner": "osv-scanner", "fingerprint": "45ea6460dc601dd9a0b779a57d496be60974b3d51649def6ce6832bc2c510a07", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116249, "scanner": "osv-scanner", "fingerprint": "55965904b67978e59b6add5bd6997fd16335dd037e8beb33fb888c7b7081d2a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4866", "level": "error", "message": {"text": "stdlib: GO-2026-4866"}, "properties": {"repobilityId": 116248, "scanner": "osv-scanner", "fingerprint": "c660533edeac0cd2880fd7cfecaa9fa7580aeb0e63f57eedaed53b45058dbdcf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33810", "CVE-2026-33810"], "package": "stdlib", "rule_id": "GO-2026-4866", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33810|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116247, "scanner": "osv-scanner", "fingerprint": "bb293a1fb796e31f511091097cd5598ce5e22a131d84c9f026b5f638026f3165", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116246, "scanner": "osv-scanner", "fingerprint": "863741a198d01b09883e00b6dd72afa850286e7a68c04cc52183107b6c09c18e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116245, "scanner": "osv-scanner", "fingerprint": "1fec754295029df5f201a5038459b8ceaadebe1989b9e7eece127269f85a1cee", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116244, "scanner": "osv-scanner", "fingerprint": "38b9e8fa55ad1272d8b1ad7abf9650f676c39e02b54c8da70a3f7c7db56376df", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116243, "scanner": "osv-scanner", "fingerprint": "61a368b24c532daafab05b8fe094ae447793070a1bf3519ad8e2cad7ff8d50a4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4600", "level": "error", "message": {"text": "stdlib: GO-2026-4600"}, "properties": {"repobilityId": 116242, "scanner": "osv-scanner", "fingerprint": "5a1853d478836ac1419496b32d5fa37e48039ad1ca9e77998d6f50176e46f3ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27138", "CVE-2026-27138"], "package": "stdlib", "rule_id": "GO-2026-4600", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27138|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4599", "level": "error", "message": {"text": "stdlib: GO-2026-4599"}, "properties": {"repobilityId": 116241, "scanner": "osv-scanner", "fingerprint": "b855530f9cb6f395372d18a39f4281932c8a4cf0c9eb2e18967b24577b8b3221", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27137", "CVE-2026-27137"], "package": "stdlib", "rule_id": "GO-2026-4599", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27137|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 116240, "scanner": "osv-scanner", "fingerprint": "55af6f9876c901b4d7e4a109e3036a960a0c353496f72eb5ef61bacb8aeb0847", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 116239, "scanner": "osv-scanner", "fingerprint": "2d98868f7c547c06bf39cde7308256a93705b023bc890328ea47344e5afca64e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 116238, "scanner": "osv-scanner", "fingerprint": "38774045a3e685cb7232ebabb1144b781f5aef819e490b945986addea95ebf1f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 116237, "scanner": "osv-scanner", "fingerprint": "94c8579abcb93b20bbd31c1ccb6ff9e4cf2d7ef725a298ff7f32c1ce15486279", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 116236, "scanner": "osv-scanner", "fingerprint": "f3aedbb1c8cfda598c57665b8eae394038c7e0027559b14b23ed0c5afad9645c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 116235, "scanner": "osv-scanner", "fingerprint": "0bd266c1d933d5df8c3c5e1c3f495b9abbc896457fa8f367a342f4473bdafe4f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 116234, "scanner": "osv-scanner", "fingerprint": "0328c785291b2a52cc547a8bbd65b8564088faebcbee99984ca65776b8a8911c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 116233, "scanner": "osv-scanner", "fingerprint": "71f85ae54c6fdbb07dcb1f1326baaa0b9251b3aff83b95e6f4bf3ee2d8e5872e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 116232, "scanner": "osv-scanner", "fingerprint": "0c5014eb9e6cfd856b67abf2643c63b01d6860cb39765a3c3b6ed93b0c03a107", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 116231, "scanner": "osv-scanner", "fingerprint": "0b0ddb8df0936a1b67505fdebea0ce05f58e25f30d9c0bb5a64792c4f36f8670", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 116230, "scanner": "osv-scanner", "fingerprint": "90aadae425501bab6667f1a25b89bb7417757d63053228ade79aec406c64696d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 116229, "scanner": "osv-scanner", "fingerprint": "28c800d853443ba8fd84762d5ef4f34cf070b57928ed5bff866824798ec1691f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 116228, "scanner": "osv-scanner", "fingerprint": "e310427bb99dbb455c60af31875c317182f9c6895f1c29fc3795a91f9808e64c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh2q-q3fh-2475", "level": "error", "message": {"text": "go.opentelemetry.io/otel: GHSA-mh2q-q3fh-2475"}, "properties": {"repobilityId": 116227, "scanner": "osv-scanner", "fingerprint": "ede955d9cefba74e7964e9ae1d32ef56ecdda8d87cd49ec00d057b4fff3f4819", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29181"], "package": "go.opentelemetry.io/otel", "rule_id": "GHSA-mh2q-q3fh-2475", "scanner": "osv-scanner", "correlation_key": "vuln|go.opentelemetry.io/otel|CVE-2026-29181|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x86f-5xw2-fm2r", "level": "error", "message": {"text": "github.com/docker/docker: GHSA-x86f-5xw2-fm2r"}, "properties": {"repobilityId": 116226, "scanner": "osv-scanner", "fingerprint": "5c5fca6495eab0243fe5496e085da9f2e2ed4df914dbfad2686209b67ef94978", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41567"], "package": "github.com/docker/docker", "rule_id": "GHSA-x86f-5xw2-fm2r", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/docker/docker|CVE-2026-41567|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rg2x-37c3-w2rh", "level": "error", "message": {"text": "github.com/docker/docker: GHSA-rg2x-37c3-w2rh"}, "properties": {"repobilityId": 116224, "scanner": "osv-scanner", "fingerprint": "be1026a63d6578b4d25079f564ecfb11a83ffa1bd329fad04d1ea364bb15cb5c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42306"], "package": "github.com/docker/docker", "rule_id": "GHSA-rg2x-37c3-w2rh", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/docker/docker|CVE-2026-42306|src/go/guestagent/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4887", "level": "error", "message": {"text": "github.com/docker/docker: GO-2026-4887"}, "properties": {"repobilityId": 116223, "scanner": "osv-scanner", "fingerprint": "b445b733f26a31627488c97774f0ad7205ba33bf4b3fd8bd6fb36f8d187d61ed", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34040", "GHSA-x744-4wpc-v9h2"], "package": "github.com/docker/docker", "rule_id": "GO-2026-4887", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/docker/docker|CVE-2026-34040|src/go/guestagent/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-x744-4wpc-v9h2", "GO-2026-4887"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["68d61b737b0b33acffaf5707f31b8d53b8c9960bf190a482ee23b55fe3531afd", "b445b733f26a31627488c97774f0ad7205ba33bf4b3fd8bd6fb36f8d187d61ed"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4883", "level": "error", "message": {"text": "github.com/docker/docker: GO-2026-4883"}, "properties": {"repobilityId": 116222, "scanner": "osv-scanner", "fingerprint": "9d2e1850311c2596cfe2fc5cc8d2f8fce4d3417dd41bd658601ea2133eea8adf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33997", "GHSA-pxq6-2prw-chj9"], "package": "github.com/docker/docker", "rule_id": "GO-2026-4883", "scanner": "osv-scanner", "correlation_key": "vuln|github.com/docker/docker|CVE-2026-33997|src/go/guestagent/go.mod", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pxq6-2prw-chj9", "GO-2026-4883"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9d2e1850311c2596cfe2fc5cc8d2f8fce4d3417dd41bd658601ea2133eea8adf", "aef29e381d7cacb6d307e3cfb18955a308e170f716f37ab0a653c64c13044b1d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116221, "scanner": "osv-scanner", "fingerprint": "ebb1fc767f49d466f8bf35bfd27b20591ee8974b19ab52790ce64930b7b34a5f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-5039"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5122609c6d7e2cec1abf378ccb01411ffca701844f1ef56c0226f227bfdc2ee5", "55a0ec98a79c944fb960798fea812d1886dc04709c7f62320fc2cd3ccf4199ef", "cba30b5ba02a14cf9181089e0e50fe2f59c9faa1164fcbd5409e94964fce1eed", "ebb1fc767f49d466f8bf35bfd27b20591ee8974b19ab52790ce64930b7b34a5f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116220, "scanner": "osv-scanner", "fingerprint": "7c3d573c4eae57a9204f58bad8ee74f044ca2e5aa2a9517d19ae8e1b6c7cbb3d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-5038"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2139f2439b97770cd810031d883896a50e6fc7220ceea6e7861758f93a64494a", "7c3d573c4eae57a9204f58bad8ee74f044ca2e5aa2a9517d19ae8e1b6c7cbb3d", "bbcbbd2a44144a229ea6ad456b1f565bb8f1756689e913cf7ce284a088757a8d", "fa2660168385e7d7c01111771561b0dfbd6f34b8a11a360945a021bb46ddc2bf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116219, "scanner": "osv-scanner", "fingerprint": "7af7e8a249328b5c6422cf8a522ea2e131d9b738c6a8477ea592093f2fead077", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-5037"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0a518f2add27852417cb3bd81737a92f0d316a7dd9406846df5d79c91d58c5c9", "7af7e8a249328b5c6422cf8a522ea2e131d9b738c6a8477ea592093f2fead077", "d45f2a1cfb1fc7ece85530f4550f2d907980504e7458762d00d7e856e5628e3f", "e33c97bbe6eeb4881f302ca800e4c6db3a673303bcab378d83bd44952d0d099f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116218, "scanner": "osv-scanner", "fingerprint": "e23c07989ece626da1d0190921a82dd9c59206b6d7f79d8f79bd0db3559143d8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4986"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["66524d4e30e641f5cfb5deebb0e4a39dedf903e52afa48086e38dac7c1345b8c", "a3c14d51876f1220d1542a306b242cd846fa43d0726fb8b0217aa24d64072deb", "a505f23f9e56d6f840bd45635cdaa97c9cd5bbcc5611a4d00b91f885d6d30e1f", "e23c07989ece626da1d0190921a82dd9c59206b6d7f79d8f79bd0db3559143d8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116217, "scanner": "osv-scanner", "fingerprint": "6adfe83013dfa82d6449bc54cca7476e717c2fc6b66c7f2aa0106fdc2e1bfff9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4982"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["00f6ed5f380ff67423ca76e13b711af42b5890e3cae2835d4df2dda61e9be931", "6adfe83013dfa82d6449bc54cca7476e717c2fc6b66c7f2aa0106fdc2e1bfff9", "a640bfff3bb9907157ba5fc0229f9b9b289108ef277c1cb93775cf5c901e09b0", "cb4f938b6158492b4e6cd41fb51b1dfdaebabbc9f3444b2f58fb768c13fd3391"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116216, "scanner": "osv-scanner", "fingerprint": "99bb2d8c225fa26ce27d2e8ce1c768ed3835b206a9536e2647bf1f92adc417d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4981"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3c1d64c706886c519b61ecbda49b5be3f6aef6cb410f7f295e0ed575193ce9fd", "91f1cd0d560d3f6b652297f7fbd063fee556007c5033cc5207624ad1669bc7af", "99bb2d8c225fa26ce27d2e8ce1c768ed3835b206a9536e2647bf1f92adc417d7", "ee23ac4f349629b3250338bf3a6799634895e926a8b7980abce6667ca33d9729"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116215, "scanner": "osv-scanner", "fingerprint": "f84584339ccdd7410b90f2576e7b1cbbbe0d631b7fdd930108e6a04f4b2d8558", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4980"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2bc9e50480e0a9bdbe9ce3c4eeccce8023a1dade34e86a8b93b38dc9b39ea889", "964208d8e6d7e8b60d89c44ca5f5993d4f32bb561bce1c6eb842e192b83b4243", "f130d7d12895b33edae82e01ec2ec53051b615d4e855604e6fd0d7d58cc43dcf", "f84584339ccdd7410b90f2576e7b1cbbbe0d631b7fdd930108e6a04f4b2d8558"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116214, "scanner": "osv-scanner", "fingerprint": "2dce9937d26ab63a998decf2eedc999ddbebfa7283428502f41ce570fce8769b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4977"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["28e3e96caeed5f0c311819e4db6af876fbdb4df7528c820689149e6d222bba10", "2dce9937d26ab63a998decf2eedc999ddbebfa7283428502f41ce570fce8769b", "be6c6fdd284e729c672f5f301e43be06e62c3dcbac52e88337cad9c0379d2178", "e6cfc3fc7b6811c68a114d8ed1a6690ea1de1849c8edc1492551b3f912617864"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116213, "scanner": "osv-scanner", "fingerprint": "70fcbfabbba8f8c600488cb9d27d088320b32cebab9da9694d07feb1379fe358", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4976"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1ab90e679d90b206a5b09e3c95b4cc22ecb99d1f79dfbf4988fbf8591bbd4a98", "70fcbfabbba8f8c600488cb9d27d088320b32cebab9da9694d07feb1379fe358", "d69a481c380aa44461bc8b12ea9c414af59d695352b8d06959a4e595cdba1628", "f9732c2d53ec468fec6f5432daf39bb138c7c9f04ca2f228f2c9aa8a001392aa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116212, "scanner": "osv-scanner", "fingerprint": "3d0da23755db96485dfd821fbcec54df7f094674e1a64f367a2ca92324ccf221", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4971"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["235223f4fd2c85553f13e0f4e62f1ff751b7732a33af5fa38e826b3b7479327e", "3d0da23755db96485dfd821fbcec54df7f094674e1a64f367a2ca92324ccf221", "9bbffa615c6dc30b5076dfe6d193aeacaaa49e04a2df5ae5da7faee6972b40ec", "c187317127ebf57e30c2a3a18643d12fa7b8286191cebbeae0019f72740241ab"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116211, "scanner": "osv-scanner", "fingerprint": "55f0a67e7246e638a87aa3e5bf446f5e224b1dc4bd38db8991d32fe0b2e12944", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4947"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["070b6b35d297a16c8d5a50454d04b89e589c5bfba1644e54fb94b02c2e72837c", "55f0a67e7246e638a87aa3e5bf446f5e224b1dc4bd38db8991d32fe0b2e12944", "a31312b882a966e3f54177f445c37cfb27a5df9bcba92b6618d6b68d83084b8d", "a42c5033cbd96fcfe9dbd32add9ad4b3f466e3cc8506799a5cc2e439d394d5ec"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116210, "scanner": "osv-scanner", "fingerprint": "a5bb9044b589d95f70b9a1bcd659dcd00457e5fe45d6f02ed6abdeae67df7486", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4946"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3d5943dfa9ac934d0c513bec09fcd86150a93924fcd09ea6389241cb7fd3e046", "5c6dd80df3793c60857875a9b5fc7dd46bfda5d48d6da27f84567b4d5e60f6ce", "a5bb9044b589d95f70b9a1bcd659dcd00457e5fe45d6f02ed6abdeae67df7486", "dc8ee77dfe986ee82fb8870bf1943ec7104f815c4dbca47d52c0b9cb5e087ff0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116209, "scanner": "osv-scanner", "fingerprint": "976752659867f6cc4b483dc8b43cab677278b5defba6d7d99c9b8692cce85bcc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4918"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1ed27ff866ad3070bc925c6cb7eb7f6d856364e9ebb0da6e08da5e8f566b444f", "976752659867f6cc4b483dc8b43cab677278b5defba6d7d99c9b8692cce85bcc", "c43551690770d796089f088d07b330f1509b5b73acc280a3f2167ca109da8cdf", "d17ae12d46682109e96e93004cac13b59f278084270da5ffd6f217d8e0ec7b2a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116208, "scanner": "osv-scanner", "fingerprint": "998d911057745c75008f10970ab506f8362e2d81656e44a1b3a0141777cec4ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4870"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6f2ebf26f84b63633556396c521272d599db336e8d79344eaf1c15a14dc73ca8", "7d80bad3904cbe2ee4bce89a8de82e4b6b9a5f58bbdf1c13ef4e57748086f76e", "998d911057745c75008f10970ab506f8362e2d81656e44a1b3a0141777cec4ab", "ab0ce31b76dfa341bba98de5d67d14be198d61a772e7ad28a8238c335227258e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116207, "scanner": "osv-scanner", "fingerprint": "01d13fae4a4cdac252114400c111a410d400bb93a9712bcf1271c862de35e9df", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4869"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["01d13fae4a4cdac252114400c111a410d400bb93a9712bcf1271c862de35e9df", "8e3e381986d6684c7ab1ab1728f2ea2ed7dbb2bc2b76a9be7b269c713c1a66cf", "d51c89e57ab72f3bc1162e5e475118c8b7d6aabd5eb58fd7db053275b1a5e99c", "db04178beae3142cbda668abd1bbfa0fa3f189dbf723e7f090360b5826862d28"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116206, "scanner": "osv-scanner", "fingerprint": "6512594f113ef4e216971a3fb0bbc585d44d29364d45efe1c02b3676188ff988", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4865"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6512594f113ef4e216971a3fb0bbc585d44d29364d45efe1c02b3676188ff988", "7a00c535e36386755669f9aaecef7c185c78fd1ff40d610e587f907a01a59aa2", "7e65f9dedb412489caabab7f5e8702ec293b7438d03a2c0691cf9edca34788b8", "dfb14a1403e75680d46c63c610ddc7edac6ee21ea854ebce3a2dc9ad1a907a0a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116205, "scanner": "osv-scanner", "fingerprint": "7c6ae699d7471048d30303124851946bf790ece9d857e2ea410c60c36c14ec5c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4864"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["071e8ac75db55ff187c188fd1a23795bcc73c3f5eb6d15028810261d157b6344", "7c6ae699d7471048d30303124851946bf790ece9d857e2ea410c60c36c14ec5c", "ebc5134893c91442a0dd69c05a3165ebe18f7bcbd54968363245be1d137543f1", "ff54d060cf42b7d841ba5df3692a0e06036a6dd57ea7acdb7ebc0fe29e3186e8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116204, "scanner": "osv-scanner", "fingerprint": "018794610068d3bf6024a35b5b9ad845993dd9cfb20fba398011fabadae811ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4603"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["018794610068d3bf6024a35b5b9ad845993dd9cfb20fba398011fabadae811ce", "2500c1af394bdd2f665e4ce4553a0280b8009b383d0a1aa66e3ba62a8fd8d756", "4b4401c91b58f500c252433769330df224dea4da4b343791973a8a8402013e3c", "f1811d046a986cabb9d53b61e91d73a6f0b1253dbec5e2cc89e61685a1c411f9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116203, "scanner": "osv-scanner", "fingerprint": "ed468bb3b89d5a82f72c666a1f27f3d43766b4e1215f5f8aee4cd1789a66972f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4602"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2e08059519c87241a6650166843c04302f051ae871f1c0aabc30d2d254064c92", "7784cdc1143679c8afd1694c33ed5c15a02f5044b0ab3517904eb8c84675ceb2", "ed468bb3b89d5a82f72c666a1f27f3d43766b4e1215f5f8aee4cd1789a66972f", "f4c2b118114f1ab21341c1be0ebc02651fb9901572901d80efcd24b2b0c7b24f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116202, "scanner": "osv-scanner", "fingerprint": "41c6be007c530fced72c89cb5684b2ca19e3d12fbb90460e128cfae7484d4b36", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4601"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2b747bdd09421af8b1e50567392caa13515b3716804f2f392b75c74ed000e977", "41c6be007c530fced72c89cb5684b2ca19e3d12fbb90460e128cfae7484d4b36", "a93a59106b280234df5eaec5c48d7d74bdde7033f83d674bbae7bc74b089c40f", "e05aaa79550d7e0a79e2d857a57040b442bdc95d728e60a582698b72b2d2a0ff"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116201, "scanner": "osv-scanner", "fingerprint": "126d56572d60303bbeb9c70fcfb9d6059ab1e65e100617fee97d5a6f55338513", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4342"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["126d56572d60303bbeb9c70fcfb9d6059ab1e65e100617fee97d5a6f55338513", "4c4619bb2888e6269f088c73f582b967d22676728a3d911d81eeba4b4f57fae8", "a07f2a36944a10240cf9d63b6fd6d5f6adc9f402d648453fe2de14599f7fcc54", "b0e8db0789b3eb832ac842f276693e08db575fb2ed719f7544b8611429b3df29"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116200, "scanner": "osv-scanner", "fingerprint": "63c33b146e45b6df3ae0f61665079a517f0a19145ccff7542e8c6cdc1cbc0192", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4341"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1f9c3ee1b193086f0c88269e26bc0c0188d2c3aac3ae877f616b8dd82be87b6e", "30b278265e8da7c9d61d6f45f263c2dcfa41c09a53c9a7ab48c2af9ddcd79c3c", "3209b7bd0bf8cd6c051376e790edc438bc8af5a77ac6a60ead2b8287108c0367", "63c33b146e45b6df3ae0f61665079a517f0a19145ccff7542e8c6cdc1cbc0192"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116199, "scanner": "osv-scanner", "fingerprint": "b4f462abeff6985657021c8e5ab9e05e62c5911bfa2181b8fb2cbc6197f4fe13", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4340"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5949abe07052ce0de0e07ec0fdd44993525ed552b37185f569f5d68cf7454774", "77b2c47bdb40fd8ea911f7dd933bec1e7b673e0eb791abbb257b496bca641a03", "b4f462abeff6985657021c8e5ab9e05e62c5911bfa2181b8fb2cbc6197f4fe13", "f8b71f669e3a0a20d271f34d3c183512d4957ed946aeb61f185a986b37ecf167"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116198, "scanner": "osv-scanner", "fingerprint": "b2da74daa5fba3fa5819a7fb1bf56301625301cfd7a2b32424b06a9eacafb1a1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2026-4337"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["764134c57a92367bc57ab3c0fa5e676df6634290402d983fc1f3417fa97316b0", "93a22a791a54b89de11f906b826945840ca19045fa5db6dbbb992b249ecc357f", "ae28ed68f57e226ac1fa79fdf9dfd069f1904e123bb9ecc837cd087a060f4c24", "b2da74daa5fba3fa5819a7fb1bf56301625301cfd7a2b32424b06a9eacafb1a1"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116197, "scanner": "osv-scanner", "fingerprint": "bf5ab292f86e549a34c5435838d8e1fee307e4bc04cb05dc9f92f7634cacb9ff", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4175"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["098c16cea8978d46ac19b5e99d2dbe33bbc8240045e491da4505094bf2b2315c", "af1827f76f3805de87278f589c6f47e87db20dfa04815bf8edbc65879872f110", "bf5ab292f86e549a34c5435838d8e1fee307e4bc04cb05dc9f92f7634cacb9ff", "e3cf1669872b3baebf8d956d8a51871aa440e06244df7b97221914400d104db7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116196, "scanner": "osv-scanner", "fingerprint": "c2369a398630957dd626cc5c6d9e18782c01e6e763e3e8b95de0586175b910b9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4155"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4c45f438133ffbc252afb2ba3fac717f4129a18bfa40aa5dacb6f7c726ef61ac", "5391de6f57f9e7a975c45c23ad9a912c0e937a31d54117fff4c7658b0e7adfff", "c2369a398630957dd626cc5c6d9e18782c01e6e763e3e8b95de0586175b910b9", "f613b82dcfa00fbfa2a7286e94b08b9d010db5b2febea699c45880cfb740fb43"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116195, "scanner": "osv-scanner", "fingerprint": "0b6c71b923e3d2936563ff080aa2903a0e07cdb7dbcbe5540eda56e9fba63a29", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4015"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["04559d9b580c4aeb0c35218d1046954cfdd4a6558f4c84bf120fce1544a862a5", "0b6c71b923e3d2936563ff080aa2903a0e07cdb7dbcbe5540eda56e9fba63a29", "888edaa6cf77558bed395c61abc43d6ac8ae05ce3ae9a2d128e55143c7714c97", "ed7687752b56b50453930e33465213a9104b1e8dd70d1c0fcf5273cec89817c3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116194, "scanner": "osv-scanner", "fingerprint": "a551447a42c34144d779ba9ca3979f901e32414853fba63ef22f29effc1536f9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4014"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0ddd6c49c00e4eb0bcdcbb46249194bd2f35fdaa8ca7dc2f815c00b811a27cf5", "a551447a42c34144d779ba9ca3979f901e32414853fba63ef22f29effc1536f9", "a7bcfd1a78ba4b3042caebb67643a43a029d0a81f7480fac5bc01d88d024e074", "be01e2c8bcd34fcb940c572991c1b6c458dc5c247187a3dc812221b4cc0f7c6d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116193, "scanner": "osv-scanner", "fingerprint": "a35d35dd846f2983b8541d602962857fb2af53b61b0a9af3f2c63f708963e24b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4013"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0761bf3229e3fbc4a6ae634fe8a8c6fcd997908ddd54ae631d508000d959cfad", "6faad7c818e444100adda787f7a445b168cc2bbc8cac27234fa999b7949576c4", "97a99ef8407d58a18fb2666973fae07475eb6820d303bbef817f26d6358e8518", "a35d35dd846f2983b8541d602962857fb2af53b61b0a9af3f2c63f708963e24b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116192, "scanner": "osv-scanner", "fingerprint": "46f137efbe0d5235275c86e86fc1e2950d0423a9c699ae7d197e71152fe11ee4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4012"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["464231fd46528a0f96b957805498a03ec72e5989de313b6c640456f701b93fc7", "46f137efbe0d5235275c86e86fc1e2950d0423a9c699ae7d197e71152fe11ee4", "6894d5e22423a5eb7443b836b49f4634715cc8d2429219624478c4cb45e4d338", "e6febc540e6ed572414b09fc25c0e1e52913895d158e74733fb3d401346eeb37"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116191, "scanner": "osv-scanner", "fingerprint": "768201dd3e28fea67db5e7b65bd2c0017cd1c902f10cc32ca6f2122c0960bfdb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4011"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["13d4cc9355c80e742f1cdc7c7f194d7b981344a78037cbf957091101ef545033", "75f7bb306298b3acfe595cba7c44b8cc57764279923807317bd5f279e59ccd27", "768201dd3e28fea67db5e7b65bd2c0017cd1c902f10cc32ca6f2122c0960bfdb", "854084f864cee5a504449acd9ca808d0b8af1a506f05b5dc4a046dfc7e19b76a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116190, "scanner": "osv-scanner", "fingerprint": "922ef0284b552e7c25547ce9dfe702b2aaffc5043fbb6c47b0ecc9a26443ac70", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4010"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["922ef0284b552e7c25547ce9dfe702b2aaffc5043fbb6c47b0ecc9a26443ac70", "a47e7537910becdc860db9ece68932354163cdd8939eb34b2a18c5495cd42204", "cf6c4d35f401d483f1cd45769901d7e964e1adbe1424b98681f9e7a7bb5b9784", "ebb5e9f049caa1ab71617de6ba13168f5a351377dc0db780a9e67453c1db6b93"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116189, "scanner": "osv-scanner", "fingerprint": "3d5feecd917cecb057cf3e0ac05573bc6a40f308358bf6947bc98884806b610b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4009"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3d5feecd917cecb057cf3e0ac05573bc6a40f308358bf6947bc98884806b610b", "3e4b702fcc5cc0e5fad2a3b69300b27c335c34d147703df22e8a7b0df82d9207", "6331e363aa42beaa79d16d9c145bd4d345620e3e3808abd56ff2bb1b23cd9466", "ac0a40fc214b2c18b293c1a8d319e1aab70448bba02cfa78e7bd72a9dd028146"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116188, "scanner": "osv-scanner", "fingerprint": "938d2569f21bdf63f8b88cda82898f78b44c4a48c57914f9ba369b6f2c0825d4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4008"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2cae5172fa2777781b9241654e35a102a6c2a8b1eba78aeaa3927892b029ff42", "6a2b1effbd3fa41206fc498c4a776767e4896ab50126ce908853e6ebbe05fd32", "938d2569f21bdf63f8b88cda82898f78b44c4a48c57914f9ba369b6f2c0825d4", "aab3491d2c31bcf2ad18c1d5b904cad07bf9b282e70ef4b7c5d8404b6dab0802"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116187, "scanner": "osv-scanner", "fingerprint": "7667b4bd6911f87a74f864a433aa1b050e3e0de8ccb130b308dbb502198a826e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3a08915e46785f6b5088db4e458b945e480fa9d798606d1fb0de06ee40bebc3c", "7667b4bd6911f87a74f864a433aa1b050e3e0de8ccb130b308dbb502198a826e", "a86b54dfb29eaeb65ea2b5b93465aa0fb67acb929d9662c94d704a7c9835f2c1", "df5b70e2be8524d2c632f9923415addc2e160ceadf232812ab9976abe5845800"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116186, "scanner": "osv-scanner", "fingerprint": "64f1d60a2ae7dd70a1fb6416695df51bef00c48f89682ddc92f1a51f663fe132", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-4006"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["185eb7eee9380092d8c076007ec2057ef4f1e800bc24981afcd009ec796d1aa9", "64f1d60a2ae7dd70a1fb6416695df51bef00c48f89682ddc92f1a51f663fe132", "90e2007f8f7c1549f3349f0bc3647789e4027bba9f87675fe860bfb1ebc50414", "e7102e33d546956cd1a2962443f3be8f950955344805b6af1fa3b3c66ea8c264"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116185, "scanner": "osv-scanner", "fingerprint": "af090e7ca8b894826ce709aaf50736dec73e416e35ba090edea31f3fedbcf2fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|token", "duplicate_count": 3, "duplicate_rule_ids": ["GO-2025-3955"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["84777380eed5f04f6593464928fc76a592b72ed3054c65a32def95ec3d63e1db", "8ab4bc0eba19045f5f3dccbcdd44f9fcd373486ee414f60360de845726649cae", "af090e7ca8b894826ce709aaf50736dec73e416e35ba090edea31f3fedbcf2fe", "f22e73c9e71db81eaa22a77c1ea05ce87a6a4e3e55024b9235c30c02670af52c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 116184, "scanner": "osv-scanner", "fingerprint": "fc497515c04443ebb25b217a7c0f07a2a8047e987f5ddfe512428b7e3cf53def", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 116183, "scanner": "osv-scanner", "fingerprint": "0a72bf75789a8e3ad57ac9d08fd44ef59cf2f2334d9d864294d929120409cf59", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 116182, "scanner": "osv-scanner", "fingerprint": "5c774040ed8f5fea7e71a75530709be0e67d8649b89566515f8b70a35323befc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 116181, "scanner": "osv-scanner", "fingerprint": "ea4ba28cf9a5aad7b0b0b78b87dcf530e2139587f90c64d4cd953aa4c8caf077", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 116180, "scanner": "osv-scanner", "fingerprint": "e7d0fa054e5a8e25717f1ca06586fbfc49887cf51baceb208ae32fdd4644d918", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 116179, "scanner": "osv-scanner", "fingerprint": "48e405b42b59a8e489df7b19a40ba51cb093c82fec5189c31358eb20abdf98b6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 116178, "scanner": "osv-scanner", "fingerprint": "844507ad5bb349bb947e2b385cb9d594771dcb1555e2f9e9e66c716ca05a5e7e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 116177, "scanner": "osv-scanner", "fingerprint": "6dd1ce96749d03cfac02b7707b2d2ce1f405d60c74e2ff17b1bf191d6b820e2b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 116176, "scanner": "osv-scanner", "fingerprint": "7ff1a6a21c110484818a21ac238672c2e41cca88c91e630cff0284508e42f5e2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 116175, "scanner": "osv-scanner", "fingerprint": "841c0faee197d733a0294b420da235ae1f75ca6433798230e53ce4343920c9b1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 116174, "scanner": "osv-scanner", "fingerprint": "b0229727520be0b02f086eb86df1dfd5ce66491c4c114ed6be003587b818772a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 116173, "scanner": "osv-scanner", "fingerprint": "6efc5eefb04d285da18b450b4594b7eb78ac9d1a8134d94a6e693c8a0746bbc7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 116172, "scanner": "osv-scanner", "fingerprint": "8dc367f14419ab1a1b5413e64e680f278b926f8034cf107b1695883b099b879d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 116171, "scanner": "osv-scanner", "fingerprint": "b54ec7876289aa66851f506bab883044d64c10bfa68900840623e317a34e070c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 116170, "scanner": "osv-scanner", "fingerprint": "158304e261b70c1bc2a599faeded52de7f54df50dad4c0e0204ec7187a7ce293", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 116169, "scanner": "osv-scanner", "fingerprint": "b52395737676148b787c2b3110e1061462c2779e0e692936bb906e0e854b510a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 116168, "scanner": "osv-scanner", "fingerprint": "44bd7563419b58175c6667e828b4c371278f918c85cfccb9a3b069e22941ba83", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 116167, "scanner": "osv-scanner", "fingerprint": "400a0cda6b7e4dc8fefc4ff6cbde67dea698ad11a634958ec797bf1ef2879eb5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 116166, "scanner": "osv-scanner", "fingerprint": "9994b6239d3d3aa248736f4a4785a72c14a9dcfdc61e04a9234ce3e1b9ad6610", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 116165, "scanner": "osv-scanner", "fingerprint": "e3c96476ccd31f346df14449c2ab2d43b3a9a367348ac471cfbc07a67742ec31", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 116164, "scanner": "osv-scanner", "fingerprint": "7668462860d395eacaf1611baadbfa493091f9bd02444c6b1d72737edef47e36", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 116163, "scanner": "osv-scanner", "fingerprint": "42e7826e546c77ae8a618ab2df37873763f57eab5da23c93416068007adb6ae7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 116162, "scanner": "osv-scanner", "fingerprint": "65bdaab23b307eb6a196aaef048286c8c9e89defbe21e9080fbc7ee57e6150cd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 116161, "scanner": "osv-scanner", "fingerprint": "bb31c173da56a6eb22a80c51fdd3530ce39ceb158f8746221743755cb5d23a85", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 116160, "scanner": "osv-scanner", "fingerprint": "cfa150b86c6863f986f31e039f3285404ca223c6161a2a474625d8d9b8837a37", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 116159, "scanner": "osv-scanner", "fingerprint": "d3e3059fc6edada90ef675c8a439e74c5b78dc042e1f7e0573e874292ab0cff8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 116158, "scanner": "osv-scanner", "fingerprint": "6bfa2a9b4ed6da84b2a274dfdec97a45aa4c394f96a29be8493582bda96b9f04", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 116157, "scanner": "osv-scanner", "fingerprint": "ebcad6633a82aa224bf9f1401e6fdb085e5113dac4ef10c5cd4a10dd70ca9310", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 116156, "scanner": "osv-scanner", "fingerprint": "9fccfb8b36380830eedcb46524d616f4b2fd46dff84e2cbaa747390715e83455", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 116155, "scanner": "osv-scanner", "fingerprint": "24ab49e1f0330824ef80cff222c2b58385771cf2bb681e0b16c53a908c210f35", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 116154, "scanner": "osv-scanner", "fingerprint": "d0779b8b7252a6b50453f2945595453e893551127be44feb48caafb76385bdae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 116153, "scanner": "osv-scanner", "fingerprint": "606ed41a83c7975d8719f8d82333bb03ee6cb3dfb70d4bd4e2e7107f9a0f6521", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 116152, "scanner": "osv-scanner", "fingerprint": "19c11f9b7869fd5d9ac26aaa008ddb2d4f84d2df5ea60c001dd88c6f40607006", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 116151, "scanner": "osv-scanner", "fingerprint": "790170d9f483aac31426ed5ed217637ebabacadcfa23b21fe1c12f1e4ddf8b92", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 116150, "scanner": "osv-scanner", "fingerprint": "a7399140c8b8d9815979b3b8e748eb61454a9f3fdce6767ca9dfd540d938bb7e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 116149, "scanner": "osv-scanner", "fingerprint": "ff46f7e4594c1cafdb26509913f1acee4c6a64ce0f07cbcb64ad3b829b28f186", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 116148, "scanner": "osv-scanner", "fingerprint": "10abf792ece1700a7644648205e02c8e722e49e7a6663b6f5b406d5c7c37bc2d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|scripts/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 116137, "scanner": "repobility-docker", "fingerprint": "144f7cfddb28cb9876e5a589cd561973232b07ed26d74d14fd33cd8181eaa627", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|144f7cfddb28cb9876e5a589cd561973232b07ed26d74d14fd33cd8181eaa627"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/compose/testdata/app/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 116131, "scanner": "repobility-threat-engine", "fingerprint": "dcebe975143c0d7b875d89fc93573e85cdf5053eb2afb5e898580ed093e6f0ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dcebe975143c0d7b875d89fc93573e85cdf5053eb2afb5e898580ed093e6f0ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/main_windows.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 116130, "scanner": "repobility-threat-engine", "fingerprint": "b4d4710ec55611ab6938c5b5d464720884152933b2cb75764940d632f1f2e091", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b4d4710ec55611ab6938c5b5d464720884152933b2cb75764940d632f1f2e091"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/main_linux.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 116129, "scanner": "repobility-threat-engine", "fingerprint": "fd78693f29440da4cf0d5d1c36104162f3b4a8128480e8c153869453d222ad2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fd78693f29440da4cf0d5d1c36104162f3b4a8128480e8c153869453d222ad2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/nerdctl-stub/generate/main_linux.go"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 116121, "scanner": "repobility-threat-engine", "fingerprint": "f0fbceb45ebc0bdf313ad574e2f209d84333715d288819495e7ffc937866621e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f0fbceb45ebc0bdf313ad574e2f209d84333715d288819495e7ffc937866621e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/cmd/version.go"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 116120, "scanner": "repobility-threat-engine", "fingerprint": "151a7a1b1976841a1eeaf2c78d87abf803f2e75f72773b50a377cb122d81aa45", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|151a7a1b1976841a1eeaf2c78d87abf803f2e75f72773b50a377cb122d81aa45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/rdctl/cmd/start.go"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 116119, "scanner": "repobility-threat-engine", "fingerprint": "3ecaf6d7cb7f5d1e2f9b2b088c56d39f25c56ecc7c43be410feba1d3775c2cc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ecaf6d7cb7f5d1e2f9b2b088c56d39f25c56ecc7c43be410feba1d3775c2cc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/docker-credential-none/dcnone/dcnone.go"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 116118, "scanner": "repobility-threat-engine", "fingerprint": "6a1673f80058a0e4610b054f68e85f39d1f570edcff6fbd866ddd21e2e7cf6c0", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|58|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/populate-update-server.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 116109, "scanner": "repobility-threat-engine", "fingerprint": "f12dac8c36d1fb53870e56f4b448dd284155e87274509846666c8565ec16fe7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f12dac8c36d1fb53870e56f4b448dd284155e87274509846666c8565ec16fe7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/dev.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 116108, "scanner": "repobility-threat-engine", "fingerprint": "8c62d0750f57fcd0103a6406b4751ef5c7ccdcf08e3eee5bfcd64c99cad41a18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extract()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8c62d0750f57fcd0103a6406b4751ef5c7ccdcf08e3eee5bfcd64c99cad41a18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/dependencies/tar-archives.ts"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 116107, "scanner": "repobility-threat-engine", "fingerprint": "bb92b0b870a489784151374bb2a6009a4a9aba28b88ef8185b3189ffdaa0bfa2", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((s, i) => `${ s }\\x1B[1;33;40m${ args[i] ?? '' }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bb92b0b870a489784151374bb2a6009a4a9aba28b88ef8185b3189ffdaa0bfa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lint-go.ts"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 116106, "scanner": "repobility-threat-engine", "fingerprint": "9d711d3f187b56dc04aba7895e7b37c7416a6213db37ca66dd9d78eed09d2301", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([platform, arch]) => `${ platform }-${ arch }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9d711d3f187b56dc04aba7895e7b37c7416a6213db37ca66dd9d78eed09d2301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/dependencies/electron.ts"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 116105, "scanner": "repobility-threat-engine", "fingerprint": "f5ddf6bcf0fb667eb1c067f298d40789ef33fdc84830eb250eb7137a1d1dc588", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((subkey) => `\"${ key }\".${ subkey }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5ddf6bcf0fb667eb1c067f298d40789ef33fdc84830eb250eb7137a1d1dc588"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/utils/object.js"}, "region": {"startLine": 198}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 116104, "scanner": "repobility-threat-engine", "fingerprint": "e571a93af4159c9b0782f7040bd33d316439533ce9c77400fb86d1dd1eaa6465", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e571a93af4159c9b0782f7040bd33d316439533ce9c77400fb86d1dd1eaa6465"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/utils/string.js"}, "region": {"startLine": 259}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 116103, "scanner": "repobility-threat-engine", "fingerprint": "46e1ac8510f97095be835af473724f4c18621c9429b9f010ccdce9a23eba8d1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(uncommentedLines", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|46e1ac8510f97095be835af473724f4c18621c9429b9f010ccdce9a23eba8d1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/utils/dockerUtils.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 116083, "scanner": "repobility-threat-engine", "fingerprint": "426b9812f5d515e9eb63de23c9fe88c4687901fe367f20694c4763ec63d52a4b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|426b9812f5d515e9eb63de23c9fe88c4687901fe367f20694c4763ec63d52a4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/main/credentialServer/httpCredentialHelperServer.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 116082, "scanner": "repobility-threat-engine", "fingerprint": "9a914771a9359cb35bd1d086d040a9e0209474da5154eb27e64782881d3c1e54", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9a914771a9359cb35bd1d086d040a9e0209474da5154eb27e64782881d3c1e54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/containerClient/registry.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 116081, "scanner": "repobility-threat-engine", "fingerprint": "8501c6a81401ca52db8a2b3ea4673c97b30723e54bfdc9fa6faef88dfa3e8806", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8501c6a81401ca52db8a2b3ea4673c97b30723e54bfdc9fa6faef88dfa3e8806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/containerClient/auth.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 116071, "scanner": "repobility-threat-engine", "fingerprint": "0064c2d759a6693078b6fb28a363bbad5c6b4dbd7de3ababeed20ac48293ab85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "TransientSettings.update({ noModalDialogs: true });", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0064c2d759a6693078b6fb28a363bbad5c6b4dbd7de3ababeed20ac48293ab85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/config/commandLineOptions.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 116070, "scanner": "repobility-threat-engine", "fingerprint": "5278d37d45414b2c57b5197af6057428e72da066ba0d09249d14829b8c270a77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5278d37d45414b2c57b5197af6057428e72da066ba0d09249d14829b8c270a77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/backend/progressTracker.ts"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 116069, "scanner": "repobility-threat-engine", "fingerprint": "f2398a17a91ea3b2106fcdc5a7cff9891ba08380771ee822254ad8468bd7977d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "knownDependencies.delete(workspace.anchoredDescriptor.descriptorHash);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2398a17a91ea3b2106fcdc5a7cff9891ba08380771ee822254ad8468bd7977d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".yarn/plugins/plugin-rancher-desktop-license-checker.cjs"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 116062, "scanner": "repobility-threat-engine", "fingerprint": "fa7256c299f1dc94b0785fb12ef577c7cd47542d5836704700b2305cc1bc04b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(packageJson", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fa7256c299f1dc94b0785fb12ef577c7cd47542d5836704700b2305cc1bc04b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "babel.config.cjs"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 116061, "scanner": "repobility-threat-engine", "fingerprint": "c14b7273936111e30ccf46b4ebafda23eda17b9e8d7bf9bd4c2b8f6cda7df547", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c14b7273936111e30ccf46b4ebafda23eda17b9e8d7bf9bd4c2b8f6cda7df547"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".yarn/plugins/plugin-rancher-desktop-license-checker.cjs"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 116060, "scanner": "repobility-threat-engine", "fingerprint": "bbf1d2b3afd93f63105c8b89e48e8fdaace56d2dd532940a2442bf16dd44b7f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(job", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bbf1d2b3afd93f63105c8b89e48e8fdaace56d2dd532940a2442bf16dd44b7f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bats/summarize.mjs"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116030, "scanner": "repobility-supply-chain", "fingerprint": "7abe421f9dcf6fb9af7d066943bb926884d1771e83e8030c0d01fd454360c953", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7abe421f9dcf6fb9af7d066943bb926884d1771e83e8030c0d01fd454360c953"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116029, "scanner": "repobility-supply-chain", "fingerprint": "a89538208fd5deb04e72426676fec32c693ac9ccb9be83f9b31cd37f2e564f9e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a89538208fd5deb04e72426676fec32c693ac9ccb9be83f9b31cd37f2e564f9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116028, "scanner": "repobility-supply-chain", "fingerprint": "92494f17c756e1cf7a75fe135fa270bbf2c75688b89885b4afb7077bec35b2c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92494f17c756e1cf7a75fe135fa270bbf2c75688b89885b4afb7077bec35b2c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116027, "scanner": "repobility-supply-chain", "fingerprint": "e280ff6cbe785014f279283a8381a522e7187565357eed142b71648b4fc672d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e280ff6cbe785014f279283a8381a522e7187565357eed142b71648b4fc672d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116026, "scanner": "repobility-supply-chain", "fingerprint": "7c3d97c036c882fadadcde2a3725f219410b15839068ed056dc22010fb21ada4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c3d97c036c882fadadcde2a3725f219410b15839068ed056dc22010fb21ada4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116025, "scanner": "repobility-supply-chain", "fingerprint": "fd2575fbc9ec8eaea4562931f3a791423dc8d67bc41f8e942f54cf92e4c0eefb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd2575fbc9ec8eaea4562931f3a791423dc8d67bc41f8e942f54cf92e4c0eefb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/release.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `golangci/golangci-lint-action` pinned to mutable ref `@v3.1.0`"}, "properties": {"repobilityId": 116024, "scanner": "repobility-supply-chain", "fingerprint": "7f88e694674045a9fcbe3c270d7eca94597358fef02d4a6cdc74b6e151b260d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f88e694674045a9fcbe3c270d7eca94597358fef02d4a6cdc74b6e151b260d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `golangci/golangci-lint-action` pinned to mutable ref `@v3.1.0`"}, "properties": {"repobilityId": 116023, "scanner": "repobility-supply-chain", "fingerprint": "10c727ccc6829200310fb4ccc35c0f93d77e15841fe288dd2a62543827ed47d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10c727ccc6829200310fb4ccc35c0f93d77e15841fe288dd2a62543827ed47d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116022, "scanner": "repobility-supply-chain", "fingerprint": "4958e618255f1c789386592d1b47f7b0240445e302b64a994e24cf599acbf017", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4958e618255f1c789386592d1b47f7b0240445e302b64a994e24cf599acbf017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 116021, "scanner": "repobility-supply-chain", "fingerprint": "d9ee9088ab30a0c5dfbe8cc2f8076672c867368579e5985f99fa51aec2562955", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d9ee9088ab30a0c5dfbe8cc2f8076672c867368579e5985f99fa51aec2562955"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/networking/.github/workflows/go.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `github.com/lima-vm/lima` \u2014 redirects to fork `github.com/rancher-sandbox/lima`"}, "properties": {"repobilityId": 116020, "scanner": "repobility-supply-chain", "fingerprint": "0af12617bab33c3e5f737beadd49cb503b33841f927aa7708f877fb2c5ac24e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0af12617bab33c3e5f737beadd49cb503b33841f927aa7708f877fb2c5ac24e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/guestagent/go.mod"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `registry.suse.com/bci/bci-minimal:16.0` not pinned by digest"}, "properties": {"repobilityId": 116016, "scanner": "repobility-supply-chain", "fingerprint": "7d99f9725cc711d09a2d5d71f6d0acc344b3d0ad0315b909d7adc79d39544d76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d99f9725cc711d09a2d5d71f6d0acc344b3d0ad0315b909d7adc79d39544d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `registry.suse.com/bci/golang:latest` not pinned by digest"}, "properties": {"repobilityId": 116015, "scanner": "repobility-supply-chain", "fingerprint": "d871c76a2a3e8a4a06110d97515fb0989273fa8f3a6446a1f0c6f3d8e76d35ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d871c76a2a3e8a4a06110d97515fb0989273fa8f3a6446a1f0c6f3d8e76d35ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `registry.suse.com/bci/golang:latest` not pinned by digest"}, "properties": {"repobilityId": 116014, "scanner": "repobility-supply-chain", "fingerprint": "3d40b5ec48e105cb186a63581074c034be57bca12164cd335c60d3117faff1fb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d40b5ec48e105cb186a63581074c034be57bca12164cd335c60d3117faff1fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bats/tests/extensions/testdata/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 116147, "scanner": "gitleaks", "fingerprint": "c7c5dac7238fe273908a91e68709d414a72bc2b35cd5a6da7537337a84b59365", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|69|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/assets/translations/en-us.yaml"}, "region": {"startLine": 694}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 116093, "scanner": "repobility-threat-engine", "fingerprint": "0f484651dfc7be9af6cb01724a21bc939ab0a43f12d0eaa623ece2531f48100d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f484651dfc7be9af6cb01724a21bc939ab0a43f12d0eaa623ece2531f48100d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/rancher-desktop/integrations/manageLinesInFile.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OBS_WEBHOOK_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 116019, "scanner": "repobility-supply-chain", "fingerprint": "b3dd3e3abb0ffda7af8f4966aad7a6702bd54dc2087cfc46f0c8a41be84762be", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3dd3e3abb0ffda7af8f4966aad7a6702bd54dc2087cfc46f0c8a41be84762be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yaml"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.AWS_SECRET_ACCESS_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 116018, "scanner": "repobility-supply-chain", "fingerprint": "f0973298d640771dd158dde666cee599f5dc22c3bcbbf040ec447532c2a20767", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0973298d640771dd158dde666cee599f5dc22c3bcbbf040ec447532c2a20767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yaml"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.AWS_ACCESS_KEY_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 116017, "scanner": "repobility-supply-chain", "fingerprint": "7e8ff025758f7ea8c641b1f2909a232dccc1c733a98226eab2eb73e7cec71fb5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e8ff025758f7ea8c641b1f2909a232dccc1c733a98226eab2eb73e7cec71fb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yaml"}, "region": {"startLine": 128}}}]}]}]}