chore: update impact metrics 2026-04-12

README.md

@@ -14,13 +14,13 @@
 
 | CWE | Vulnerability | Instances | Severity |
 |-----|--------------|-----------|----------|
-| ![CWE-502](https://img.shields.io/badge/CWE--502-192940-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
-| ![CWE-79](https://img.shields.io/badge/CWE--79-51840-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
-| ![CWE-89](https://img.shields.io/badge/CWE--89-108144-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
-| ![CWE-22](https://img.shields.io/badge/CWE--22-14316-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
-| ![CWE-78](https://img.shields.io/badge/CWE--78-81460-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
+| ![CWE-502](https://img.shields.io/badge/CWE--502-195116-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
+| ![CWE-79](https://img.shields.io/badge/CWE--79-48176-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
+| ![CWE-89](https://img.shields.io/badge/CWE--89-68872-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
+| ![CWE-22](https://img.shields.io/badge/CWE--22-15128-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
+| ![CWE-78](https://img.shields.io/badge/CWE--78-84360-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
 
-**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-448700-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-236095-blue?style=for-the-badge)
+**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-411652-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-172529-blue?style=for-the-badge)
 
 ---
 

metrics/REPORT.md

@@ -1,61 +1,61 @@
 # Go Ecosystem Vulnerability Impact Report
 
-**Generated:** 2026-04-05 00:39 UTC
+**Generated:** 2026-04-12 00:41 UTC
 **Scanner:** [go-safeinput](https://github.com/ravisastryk/go-safeinput)
 **Coverage:** MITRE CWE Top 25 vulnerabilities
 
 ## Executive Summary
 
 | Metric | Value |
 |--------|-------|
-| **Total Vulnerable Instances** | **448700** |
-| Total Stars Affected | 236095 |
-| Total Forks Affected | 21475 |
+| **Total Vulnerable Instances** | **411652** |
+| Total Stars Affected | 172529 |
+| Total Forks Affected | 16671 |
 | CWEs Analyzed | 5 |
 
 ## Vulnerability Breakdown by CWE
 
 | CWE | Vulnerability Type | Instances | Severity |
 |-----|-------------------|-----------|----------|
-| **CWE-502** | Deserialization of Untrusted Data | **192940** | CRITICAL |
-| **CWE-79** | Cross-site Scripting (XSS) | **51840** | HIGH |
-| **CWE-89** | SQL Injection | **108144** | CRITICAL |
-| **CWE-22** | Path Traversal | **14316** | HIGH |
-| **CWE-78** | OS Command Injection | **81460** | CRITICAL |
+| **CWE-502** | Deserialization of Untrusted Data | **195116** | CRITICAL |
+| **CWE-79** | Cross-site Scripting (XSS) | **48176** | HIGH |
+| **CWE-89** | SQL Injection | **68872** | CRITICAL |
+| **CWE-22** | Path Traversal | **15128** | HIGH |
+| **CWE-78** | OS Command Injection | **84360** | CRITICAL |
 
 ## Detailed Pattern Analysis
 
 ### CWE-502: Deserialization of Untrusted Data
 
-- **CWE-502: JSON deserialization into interface{}**: 116480 instances
-- **CWE-502: YAML deserialization into interface{}**: 7524 instances
-- **CWE-502: JSON decoder into interface{}**: 55936 instances
-- **CWE-502: XML deserialization into interface{}**: 3600 instances
-- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 9400 instances
+- **CWE-502: JSON deserialization into interface{}**: 121600 instances
+- **CWE-502: YAML deserialization into interface{}**: 6428 instances
+- **CWE-502: JSON decoder into interface{}**: 55296 instances
+- **CWE-502: XML deserialization into interface{}**: 3520 instances
+- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 8272 instances
 
 ### CWE-79: Cross-site Scripting (XSS)
 
-- **CWE-79: Potential XSS via HTML template rendering**: 12960 instances
-- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 35712 instances
-- **CWE-79: Using template.JS (bypasses escaping)**: 3168 instances
+- **CWE-79: Potential XSS via HTML template rendering**: 9968 instances
+- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 35200 instances
+- **CWE-79: Using template.JS (bypasses escaping)**: 3008 instances
 
 ### CWE-89: SQL Injection
 
-- **CWE-89: SQL query with string concatenation**: 10992 instances
-- **CWE-89: SQL exec with string concatenation**: 30208 instances
-- **CWE-89: Raw SQL with string interpolation**: 66944 instances
+- **CWE-89: SQL query with string concatenation**: 11688 instances
+- **CWE-89: SQL exec with string concatenation**: 32160 instances
+- **CWE-89: Raw SQL with string interpolation**: 25024 instances
 
 ### CWE-22: Path Traversal
 
-- **CWE-22: filepath.Join with user input**: 4192 instances
-- **CWE-22: os.Open with user-controlled path**: 1052 instances
-- **CWE-22: File read with constructed path**: 9072 instances
+- **CWE-22: filepath.Join with user input**: 4624 instances
+- **CWE-22: os.Open with user-controlled path**: 1144 instances
+- **CWE-22: File read with constructed path**: 9360 instances
 
 ### CWE-78: OS Command Injection
 
-- **CWE-78: exec.Command with user input**: 1012 instances
-- **CWE-78: exec.Command with string formatting**: 44992 instances
-- **CWE-78: Shell command execution**: 35456 instances
+- **CWE-78: exec.Command with user input**: 968 instances
+- **CWE-78: exec.Command with string formatting**: 46272 instances
+- **CWE-78: Shell command execution**: 37120 instances
 
 ## Fix with go-safeinput