The toolkit for the Go programming language implements the ability to track vulnerabilities in libraries. To check your projects for the presence of modules with unpatched vulnerabilities in their dependencies, the govulncheck utility is proposed, which analyzes the project's code base and displays a report on access to vulnerable functions. Additionally, the vulncheck package has been prepared, which provides an API for embedding checks in various projects and utilities.
The check is carried out according to a specially created database of vulnerabilities, which is supervised by the Go Security Team. The database contains information about known vulnerabilities in publicly distributed modules in the Go language. Data is collected from various sources, including CVE and GHSA (GitHub Advisory Database) reports, as well as information submitted by package maintainers. To request data from the database, a library, Web API and web interface are offered.
Source: opennet.ru