chore: update impact metrics 2026-03-29

README.md

@@ -14,13 +14,13 @@
 
 | CWE | Vulnerability | Instances | Severity |
 |-----|--------------|-----------|----------|
-| ![CWE-502](https://img.shields.io/badge/CWE--502-174436-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
-| ![CWE-79](https://img.shields.io/badge/CWE--79-48360-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
-| ![CWE-89](https://img.shields.io/badge/CWE--89-52592-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
-| ![CWE-22](https://img.shields.io/badge/CWE--22-10584-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
-| ![CWE-78](https://img.shields.io/badge/CWE--78-70884-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
+| ![CWE-502](https://img.shields.io/badge/CWE--502-187304-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
+| ![CWE-79](https://img.shields.io/badge/CWE--79-52776-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
+| ![CWE-89](https://img.shields.io/badge/CWE--89-65736-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
+| ![CWE-22](https://img.shields.io/badge/CWE--22-13348-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
+| ![CWE-78](https://img.shields.io/badge/CWE--78-82764-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
 
-**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-356856-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-154645-blue?style=for-the-badge)
+**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-401928-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-260537-blue?style=for-the-badge)
 
 ---
 

metrics/REPORT.md

@@ -1,61 +1,61 @@
 # Go Ecosystem Vulnerability Impact Report
 
-**Generated:** 2026-03-08 00:34 UTC
+**Generated:** 2026-03-29 00:39 UTC
 **Scanner:** [go-safeinput](https://github.com/ravisastryk/go-safeinput)
 **Coverage:** MITRE CWE Top 25 vulnerabilities
 
 ## Executive Summary
 
 | Metric | Value |
 |--------|-------|
-| **Total Vulnerable Instances** | **356856** |
-| Total Stars Affected | 154645 |
-| Total Forks Affected | 16431 |
+| **Total Vulnerable Instances** | **401928** |
+| Total Stars Affected | 260537 |
+| Total Forks Affected | 23978 |
 | CWEs Analyzed | 5 |
 
 ## Vulnerability Breakdown by CWE
 
 | CWE | Vulnerability Type | Instances | Severity |
 |-----|-------------------|-----------|----------|
-| **CWE-502** | Deserialization of Untrusted Data | **174436** | CRITICAL |
-| **CWE-79** | Cross-site Scripting (XSS) | **48360** | HIGH |
-| **CWE-89** | SQL Injection | **52592** | CRITICAL |
-| **CWE-22** | Path Traversal | **10584** | HIGH |
-| **CWE-78** | OS Command Injection | **70884** | CRITICAL |
+| **CWE-502** | Deserialization of Untrusted Data | **187304** | CRITICAL |
+| **CWE-79** | Cross-site Scripting (XSS) | **52776** | HIGH |
+| **CWE-89** | SQL Injection | **65736** | CRITICAL |
+| **CWE-22** | Path Traversal | **13348** | HIGH |
+| **CWE-78** | OS Command Injection | **82764** | CRITICAL |
 
 ## Detailed Pattern Analysis
 
 ### CWE-502: Deserialization of Untrusted Data
 
-- **CWE-502: JSON deserialization into interface{}**: 102400 instances
-- **CWE-502: YAML deserialization into interface{}**: 7748 instances
-- **CWE-502: JSON decoder into interface{}**: 52352 instances
-- **CWE-502: XML deserialization into interface{}**: 3760 instances
-- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 8176 instances
+- **CWE-502: JSON deserialization into interface{}**: 113152 instances
+- **CWE-502: YAML deserialization into interface{}**: 7908 instances
+- **CWE-502: JSON decoder into interface{}**: 55168 instances
+- **CWE-502: XML deserialization into interface{}**: 3808 instances
+- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 7268 instances
 
 ### CWE-79: Cross-site Scripting (XSS)
 
-- **CWE-79: Potential XSS via HTML template rendering**: 13368 instances
-- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 32448 instances
-- **CWE-79: Using template.JS (bypasses escaping)**: 2544 instances
+- **CWE-79: Potential XSS via HTML template rendering**: 13024 instances
+- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 36992 instances
+- **CWE-79: Using template.JS (bypasses escaping)**: 2760 instances
 
 ### CWE-89: SQL Injection
 
-- **CWE-89: SQL query with string concatenation**: 8160 instances
-- **CWE-89: SQL exec with string concatenation**: 24128 instances
-- **CWE-89: Raw SQL with string interpolation**: 20304 instances
+- **CWE-89: SQL query with string concatenation**: 13128 instances
+- **CWE-89: SQL exec with string concatenation**: 29312 instances
+- **CWE-89: Raw SQL with string interpolation**: 23296 instances
 
 ### CWE-22: Path Traversal
 
-- **CWE-22: filepath.Join with user input**: 3688 instances
-- **CWE-22: os.Open with user-controlled path**: 968 instances
-- **CWE-22: File read with constructed path**: 5928 instances
+- **CWE-22: filepath.Join with user input**: 4272 instances
+- **CWE-22: os.Open with user-controlled path**: 996 instances
+- **CWE-22: File read with constructed path**: 8080 instances
 
 ### CWE-78: OS Command Injection
 
-- **CWE-78: exec.Command with user input**: 932 instances
-- **CWE-78: exec.Command with string formatting**: 36672 instances
-- **CWE-78: Shell command execution**: 33280 instances
+- **CWE-78: exec.Command with user input**: 1036 instances
+- **CWE-78: exec.Command with string formatting**: 46144 instances
+- **CWE-78: Shell command execution**: 35584 instances
 
 ## Fix with go-safeinput