golang
diff --git a/‎data/osv/GO-2024-3109.json
+84 b/‎data/osv/GO-2024-3109.json
+84
diff --git a/‎data/osv/GO-2024-3342.json
+88 b/‎data/osv/GO-2024-3342.json
+88
diff --git a/‎data/osv/GO-2024-3343.json
+68 b/‎data/osv/GO-2024-3343.json
+68
diff --git a/‎data/osv/GO-2024-3349.json
+75 b/‎data/osv/GO-2024-3349.json
+75
diff --git a/‎data/osv/GO-2024-3350.json
+44 b/‎data/osv/GO-2024-3350.json
+44
@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3109",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-43803",
+    "GHSA-pqfh-xh7w-7h3p"
+  ],
+  "summary": "The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator",
+  "details": "The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/metal3-io/baremetal-operator",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.5.2"
+            },
+            {
+              "introduced": "0.6.0"
+            },
+            {
+              "fixed": "0.6.2"
+            },
+            {
+              "introduced": "0.7.0-rc.0"
+            },
+            {
+              "fixed": "0.8.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43803"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/metal3-io/baremetal-operator/pull/1929"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/metal3-io/baremetal-operator/pull/1930"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/metal3-io/baremetal-operator/pull/1931"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3109",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,88 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3342",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-hxr6-2p24-hf98"
+  ],
+  "summary": "Traefik affected by CVE-2024-53259 in github.com/traefik/traefik",
+  "details": "Traefik affected by CVE-2024-53259 in github.com/traefik/traefik",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/traefik/traefik",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/traefik/traefik/v2",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.11.15"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    },
+    {
+      "package": {
+        "name": "github.com/traefik/traefik/v3",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.2.2"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-hxr6-2p24-hf98"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.15"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/traefik/traefik/releases/tag/v3.2.2"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3342",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3343",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-9779",
+    "GHSA-jhh6-6fhp-q2xp"
+  ],
+  "summary": "Open Cluster Management vulnerable to Trust Boundary Violation in open-cluster-management.io/ocm",
+  "details": "Open Cluster Management vulnerable to Trust Boundary Violation in open-cluster-management.io/ocm",
+  "affected": [
+    {
+      "package": {
+        "name": "open-cluster-management.io/ocm",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.13.0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-jhh6-6fhp-q2xp"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9779"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2024-9779"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317916"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-cluster-management-io/ocm/pull/325"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-cluster-management-io/ocm/releases/tag/v0.13.0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-cluster-management-io/registration-operator/issues/361"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3343",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,75 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3349",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-25131",
+    "GHSA-77c2-c35q-254w"
+  ],
+  "summary": "OpenShift Must Gather Operator Improper Input Validation vulnerability in github.com/openshift/must-gather",
+  "details": "OpenShift Must Gather Operator Improper Input Validation vulnerability in github.com/openshift/must-gather.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/openshift/must-gather before v0.0.0-20240604173837-d1557bc283dd.",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/openshift/must-gather",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "0"
+              },
+              {
+                "fixed": "0.0.0-20240604173837-d1557bc283dd"
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-77c2-c35q-254w"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2024-25131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258856"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openshift/must-gather-operator/pull/135"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openshift/must-gather-operator/pull/138"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3349",
+    "review_status": "UNREVIEWED"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-3350",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-5pf6-cq2v-23ww"
+  ],
+  "summary": "WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service in github.com/clidey/whodb/core",
+  "details": "WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service in github.com/clidey/whodb/core",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/clidey/whodb/core",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/clidey/whodb/security/advisories/GHSA-5pf6-cq2v-23ww"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/clidey/whodb/commit/e8b608d35422e1a2bfffe8ed26f0211ea80cb439"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-3350",
+    "review_status": "UNREVIEWED"
+  }
+}