buf.advisories.yaml

schema-version: 2.0.2

package:
  name: buf

advisories:
  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:23:43Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:23:45Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45288
    aliases:
      - GHSA-4v7x-pqxf-cx7m
    events:
      - timestamp: 2024-04-20T10:29:42Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buf
            componentID: a6e88c3360b1d78c
            componentName: golang.org/x/net
            componentVersion: v0.22.0
            componentType: go-module
            componentLocation: /usr/bin/buf
            scanner: grype
      - timestamp: 2024-04-24T02:16:06Z
        type: fixed
        data:
          fixed-version: 1.31.0-r0

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2024-02-14T10:48:41Z
        type: fixed
        data:
          fixed-version: 1.29.0-r0

  - id: CVE-2024-24786
    aliases:
      - GHSA-8r3f-844c-mc37
    events:
      - timestamp: 2024-03-14T07:20:53Z
        type: fixed
        data:
          fixed-version: 1.30.0-r0

  - id: CVE-2024-29018
    aliases:
      - GHSA-mq39-4gv4-mvpx
    events:
      - timestamp: 2024-03-22T07:06:18Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buf
            componentID: 092d335917925f4e
            componentName: github.com/docker/docker
            componentVersion: v25.0.4+incompatible
            componentType: go-module
            componentLocation: /usr/bin/buf
            scanner: grype
      - timestamp: 2024-04-13T07:09:04Z
        type: fixed
        data:
          fixed-version: 1.30.1-r0

  - id: CVE-2024-32473
    aliases:
      - GHSA-x84c-p2g9-rqv9
    events:
      - timestamp: 2024-04-19T10:21:57Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buf
            componentID: 6464d3f73ff3d87d
            componentName: github.com/docker/docker
            componentVersion: v26.0.0+incompatible
            componentType: go-module
            componentLocation: /usr/bin/buf
            scanner: grype
      - timestamp: 2024-04-24T02:16:07Z
        type: fixed
        data:
          fixed-version: 1.31.0-r0