Fetching vulnerabilities from the database...

Checking the code against the vulnerabilities...

The package pattern matched the following 10 root packages:
  linux-auth/internal/db
  linux-auth/internal/utils
  linux-auth/cmd/add_user
  linux-auth/internal/auth
  linux-auth/internal/config
  linux-auth/internal/ui
  linux-auth/cmd/authapp
  linux-auth/cmd/init_users
  linux-auth/golang-fuzz
  linux-auth/myfuzz
Govulncheck scanned the following 5 modules and the go1.24.4 standard library:
  linux-auth
  github.com/mattn/go-sqlite3@v1.14.33
  github.com/pelletier/go-toml/v2@v2.2.4
  golang.org/x/sys@v0.39.0
  golang.org/x/term@v0.38.0

=== Symbol Results ===

Vulnerability #1: GO-2026-4341
    Memory exhaustion in query parameter parsing in net/url
  More info: https://pkg.go.dev/vuln/GO-2026-4341
  Standard library
    Found in: net/url@go1.24.4
    Fixed in: net/url@go1.24.12
    Example traces found:
      #1: internal/db/sqlite.go:32:26: db.Init calls sql.Open, which eventually calls url.ParseQuery

Vulnerability #2: GO-2025-3849
    Incorrect results returned from Rows.Scan in database/sql
  More info: https://pkg.go.dev/vuln/GO-2025-3849
  Standard library
    Found in: database/sql@go1.24.4
    Fixed in: database/sql@go1.24.6
    Example traces found:
      #1: internal/db/sqlite.go:89:17: db.GetUser calls sql.Row.Scan

=== Package Results ===

Vulnerability #1: GO-2026-4864
    TOCTOU permits root escape on Linux via Root.Chmod in os in
    internal/syscall/unix
  More info: https://pkg.go.dev/vuln/GO-2026-4864
  Standard library
    Found in: internal/syscall/unix@go1.24.4
    Fixed in: internal/syscall/unix@go1.25.9
    Platforms: linux

Vulnerability #2: GO-2026-4602
    FileInfo can escape from a Root in os
  More info: https://pkg.go.dev/vuln/GO-2026-4602
  Standard library
    Found in: os@go1.24.4
    Fixed in: os@go1.25.8

Vulnerability #3: GO-2026-4601
    Incorrect parsing of IPv6 host literals in net/url
  More info: https://pkg.go.dev/vuln/GO-2026-4601
  Standard library
    Found in: net/url@go1.24.4
    Fixed in: net/url@go1.25.8

Vulnerability #4: GO-2025-4010
    Insufficient validation of bracketed IPv6 hostnames in net/url
  More info: https://pkg.go.dev/vuln/GO-2025-4010
  Standard library
    Found in: net/url@go1.24.4
    Fixed in: net/url@go1.24.8

=== Module Results ===

Vulnerability #1: GO-2026-4986
    Quadratic string concatentation in consumeComment in net/mail
  More info: https://pkg.go.dev/vuln/GO-2026-4986
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #2: GO-2026-4982
    Bypass of meta content URL escaping causes XSS in html/template
  More info: https://pkg.go.dev/vuln/GO-2026-4982
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #3: GO-2026-4981
    Crash when handling long CNAME response in net
  More info: https://pkg.go.dev/vuln/GO-2026-4981
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #4: GO-2026-4980
    Escaper bypass leads to XSS in html/template
  More info: https://pkg.go.dev/vuln/GO-2026-4980
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #5: GO-2026-4977
    Quadratic string concatenation in consumePhrase in net/mail
  More info: https://pkg.go.dev/vuln/GO-2026-4977
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #6: GO-2026-4976
    ReverseProxy forwards queries with more than urlmaxqueryparams parameters in
    net/http/httputil
  More info: https://pkg.go.dev/vuln/GO-2026-4976
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #7: GO-2026-4971
    Panic in Dial and LookupPort when handling NUL byte on Windows in net
  More info: https://pkg.go.dev/vuln/GO-2026-4971
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #8: GO-2026-4947
    Unexpected work during chain building in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2026-4947
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.9

Vulnerability #9: GO-2026-4946
    Inefficient policy validation in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2026-4946
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.9

Vulnerability #10: GO-2026-4918
    Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in
    net/http/internal/http2 in golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2026-4918
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.10

Vulnerability #11: GO-2026-4870
    Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection
    retention and DoS in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4870
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.9

Vulnerability #12: GO-2026-4869
    Unbounded allocation for old GNU sparse in archive/tar
  More info: https://pkg.go.dev/vuln/GO-2026-4869
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.9

Vulnerability #13: GO-2026-4865
    JsBraceDepth Context Tracking Bugs (XSS) in html/template
  More info: https://pkg.go.dev/vuln/GO-2026-4865
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.9

Vulnerability #14: GO-2026-4603
    URLs in meta content attribute actions are not escaped in html/template
  More info: https://pkg.go.dev/vuln/GO-2026-4603
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.25.8

Vulnerability #15: GO-2026-4342
    Excessive CPU consumption when building archive index in archive/zip
  More info: https://pkg.go.dev/vuln/GO-2026-4342
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.12

Vulnerability #16: GO-2026-4340
    Handshake messages may be processed at the incorrect encryption level in
    crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4340
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.12

Vulnerability #17: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.13

Vulnerability #18: GO-2025-4175
    Improper application of excluded DNS name constraints when verifying
    wildcard names in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4175
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.11

Vulnerability #19: GO-2025-4155
    Excessive resource consumption when printing error string for host
    certificate validation in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4155
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.11

Vulnerability #20: GO-2025-4015
    Excessive CPU consumption in Reader.ReadResponse in net/textproto
  More info: https://pkg.go.dev/vuln/GO-2025-4015
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #21: GO-2025-4014
    Unbounded allocation when parsing GNU sparse map in archive/tar
  More info: https://pkg.go.dev/vuln/GO-2025-4014
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #22: GO-2025-4013
    Panic when validating certificates with DSA public keys in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4013
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #23: GO-2025-4012
    Lack of limit when parsing cookies can cause memory exhaustion in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-4012
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #24: GO-2025-4011
    Parsing DER payload can cause memory exhaustion in encoding/asn1
  More info: https://pkg.go.dev/vuln/GO-2025-4011
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #25: GO-2025-4009
    Quadratic complexity when parsing some invalid inputs in encoding/pem
  More info: https://pkg.go.dev/vuln/GO-2025-4009
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #26: GO-2025-4008
    ALPN negotiation error contains attacker controlled information in
    crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2025-4008
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #27: GO-2025-4007
    Quadratic complexity when checking name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4007
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.9

Vulnerability #28: GO-2025-4006
    Excessive CPU consumption in ParseAddress in net/mail
  More info: https://pkg.go.dev/vuln/GO-2025-4006
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.8

Vulnerability #29: GO-2025-3956
    Unexpected paths returned from LookPath in os/exec
  More info: https://pkg.go.dev/vuln/GO-2025-3956
  Standard library
    Found in: stdlib@go1.24.4
    Fixed in: stdlib@go1.24.6

Your code is affected by 2 vulnerabilities from the Go standard library.
This scan also found 4 vulnerabilities in packages you import and 29
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
