CVE-2025-22868 is not reported for golang.org/x/oauth2@v0.22.0 #225
Description
In VDB5, it only works with the CPE search.
vdb --search go:jws:v0.22.0
___ _____ _ _
/ _ \ |_ _| | | |
/ /_\ \_ __ _ __ | | | |__ _ __ ___ __ _| |_
| _ | '_ \| '_ \| | | '_ \| '__/ _ \/ _` | __|
| | | | |_) | |_) | | | | | | | | __/ (_| | |_
\_| |_/ .__/| .__/\_/ |_| |_|_| \___|\__,_|\__|
| | | |
|_| |_|
INFO [2025-07-14 15:39:06,874] Vulnerability database loaded from /Users/prabhu/work/vdb/data.vdb5
+----------------+---------------+--------------------+---------------+----------+------------+---------+----------------------------------------------------------------------------------------------------------------+
| Id | Package | Affected Version | Fix Version | CWE | Severity | Score | Description |
+================+===============+====================+===============+==========+============+=========+================================================================================================================+
| CVE-2025-22868 | golang:go:jws | <0.27.0 | 0.27.0 | CWE-1286 | HIGH | 7.5 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. |
+----------------+---------------+--------------------+---------------+----------+------------+---------+----------------------------------------------------------------------------------------------------------------+
VDB6 doesn't even have it.
CVE-2025-22868 golang go jws vers:golang/<0.27.0 pkg:golang/go/jws
CVE-2025-22868 golang github.com/traefik/traefik/v3 vers:golang/>=0.0.0|<3.3.6|!=3.3.6 pkg:golang/github.com/traefik/traefik/v3
CVE-2025-22868 golang github.com/traefik/traefik/v2 vers:golang/>=0.0.0|<2.11.24|!=2.11.24 pkg:golang/github.com/traefik/traefik/v2
CVE-2025-22868 golang github.com/traefik/traefik/v3 vers:golang/>=3.4.0-rc1|<3.4.0-rc2|!=3.4.0-rc2 pkg:golang/github.com/traefik/traefik/v3