chore: update impact metrics 2026-03-08

README.md

@@ -14,13 +14,13 @@
 
 | CWE | Vulnerability | Instances | Severity |
 |-----|--------------|-----------|----------|
-| ![CWE-502](https://img.shields.io/badge/CWE--502-183760-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
-| ![CWE-79](https://img.shields.io/badge/CWE--79-49224-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
-| ![CWE-89](https://img.shields.io/badge/CWE--89-51840-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
-| ![CWE-22](https://img.shields.io/badge/CWE--22-11328-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
-| ![CWE-78](https://img.shields.io/badge/CWE--78-74008-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
+| ![CWE-502](https://img.shields.io/badge/CWE--502-174436-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
+| ![CWE-79](https://img.shields.io/badge/CWE--79-48360-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
+| ![CWE-89](https://img.shields.io/badge/CWE--89-52592-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
+| ![CWE-22](https://img.shields.io/badge/CWE--22-10584-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
+| ![CWE-78](https://img.shields.io/badge/CWE--78-70884-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
 
-**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-370160-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-242146-blue?style=for-the-badge)
+**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-356856-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-154645-blue?style=for-the-badge)
 
 ---
 

metrics/REPORT.md

@@ -1,61 +1,61 @@
 # Go Ecosystem Vulnerability Impact Report
 
-**Generated:** 2026-02-15 00:36 UTC
+**Generated:** 2026-03-08 00:34 UTC
 **Scanner:** [go-safeinput](https://github.com/ravisastryk/go-safeinput)
 **Coverage:** MITRE CWE Top 25 vulnerabilities
 
 ## Executive Summary
 
 | Metric | Value |
 |--------|-------|
-| **Total Vulnerable Instances** | **370160** |
-| Total Stars Affected | 242146 |
-| Total Forks Affected | 24472 |
+| **Total Vulnerable Instances** | **356856** |
+| Total Stars Affected | 154645 |
+| Total Forks Affected | 16431 |
 | CWEs Analyzed | 5 |
 
 ## Vulnerability Breakdown by CWE
 
 | CWE | Vulnerability Type | Instances | Severity |
 |-----|-------------------|-----------|----------|
-| **CWE-502** | Deserialization of Untrusted Data | **183760** | CRITICAL |
-| **CWE-79** | Cross-site Scripting (XSS) | **49224** | HIGH |
-| **CWE-89** | SQL Injection | **51840** | CRITICAL |
-| **CWE-22** | Path Traversal | **11328** | HIGH |
-| **CWE-78** | OS Command Injection | **74008** | CRITICAL |
+| **CWE-502** | Deserialization of Untrusted Data | **174436** | CRITICAL |
+| **CWE-79** | Cross-site Scripting (XSS) | **48360** | HIGH |
+| **CWE-89** | SQL Injection | **52592** | CRITICAL |
+| **CWE-22** | Path Traversal | **10584** | HIGH |
+| **CWE-78** | OS Command Injection | **70884** | CRITICAL |
 
 ## Detailed Pattern Analysis
 
 ### CWE-502: Deserialization of Untrusted Data
 
-- **CWE-502: JSON deserialization into interface{}**: 111616 instances
-- **CWE-502: YAML deserialization into interface{}**: 6880 instances
-- **CWE-502: JSON decoder into interface{}**: 50816 instances
-- **CWE-502: XML deserialization into interface{}**: 3904 instances
-- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 10544 instances
+- **CWE-502: JSON deserialization into interface{}**: 102400 instances
+- **CWE-502: YAML deserialization into interface{}**: 7748 instances
+- **CWE-502: JSON decoder into interface{}**: 52352 instances
+- **CWE-502: XML deserialization into interface{}**: 3760 instances
+- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 8176 instances
 
 ### CWE-79: Cross-site Scripting (XSS)
 
-- **CWE-79: Potential XSS via HTML template rendering**: 12976 instances
-- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 33664 instances
-- **CWE-79: Using template.JS (bypasses escaping)**: 2584 instances
+- **CWE-79: Potential XSS via HTML template rendering**: 13368 instances
+- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 32448 instances
+- **CWE-79: Using template.JS (bypasses escaping)**: 2544 instances
 
 ### CWE-89: SQL Injection
 
-- **CWE-89: SQL query with string concatenation**: 8512 instances
-- **CWE-89: SQL exec with string concatenation**: 23552 instances
-- **CWE-89: Raw SQL with string interpolation**: 19776 instances
+- **CWE-89: SQL query with string concatenation**: 8160 instances
+- **CWE-89: SQL exec with string concatenation**: 24128 instances
+- **CWE-89: Raw SQL with string interpolation**: 20304 instances
 
 ### CWE-22: Path Traversal
 
-- **CWE-22: filepath.Join with user input**: 3152 instances
-- **CWE-22: os.Open with user-controlled path**: 1080 instances
-- **CWE-22: File read with constructed path**: 7096 instances
+- **CWE-22: filepath.Join with user input**: 3688 instances
+- **CWE-22: os.Open with user-controlled path**: 968 instances
+- **CWE-22: File read with constructed path**: 5928 instances
 
 ### CWE-78: OS Command Injection
 
-- **CWE-78: exec.Command with user input**: 920 instances
-- **CWE-78: exec.Command with string formatting**: 40128 instances
-- **CWE-78: Shell command execution**: 32960 instances
+- **CWE-78: exec.Command with user input**: 932 instances
+- **CWE-78: exec.Command with string formatting**: 36672 instances
+- **CWE-78: Shell command execution**: 33280 instances
 
 ## Fix with go-safeinput