VYPR

Go modules package

github.com/google/osv-scalibr

pkg:golang/github.com/google/osv-scalibr

Vulnerabilities (2)

  • CVE-2025-13425LowNov 20, 2025
    affected < 0.3.4fixed 0.3.4

    A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.

  • CVE-2025-5981Jun 18, 2025
    affected >= 0.1.3, < 0.2.1fixed 0.2.1

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.