chore: update impact metrics 2026-05-03

README.md

@@ -14,13 +14,13 @@
 
 | CWE | Vulnerability | Instances | Severity |
 |-----|--------------|-----------|----------|
-| ![CWE-502](https://img.shields.io/badge/CWE--502-195116-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
-| ![CWE-79](https://img.shields.io/badge/CWE--79-48176-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
-| ![CWE-89](https://img.shields.io/badge/CWE--89-68872-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
-| ![CWE-22](https://img.shields.io/badge/CWE--22-15128-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
-| ![CWE-78](https://img.shields.io/badge/CWE--78-84360-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
+| ![CWE-502](https://img.shields.io/badge/CWE--502-198436-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
+| ![CWE-79](https://img.shields.io/badge/CWE--79-50008-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
+| ![CWE-89](https://img.shields.io/badge/CWE--89-59176-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
+| ![CWE-22](https://img.shields.io/badge/CWE--22-14664-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
+| ![CWE-78](https://img.shields.io/badge/CWE--78-84784-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
 
-**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-411652-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-172529-blue?style=for-the-badge)
+**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-407068-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-164163-blue?style=for-the-badge)
 
 ---
 

metrics/REPORT.md

@@ -1,61 +1,61 @@
 # Go Ecosystem Vulnerability Impact Report
 
-**Generated:** 2026-04-12 00:41 UTC
+**Generated:** 2026-05-03 00:49 UTC
 **Scanner:** [go-safeinput](https://github.com/ravisastryk/go-safeinput)
 **Coverage:** MITRE CWE Top 25 vulnerabilities
 
 ## Executive Summary
 
 | Metric | Value |
 |--------|-------|
-| **Total Vulnerable Instances** | **411652** |
-| Total Stars Affected | 172529 |
-| Total Forks Affected | 16671 |
+| **Total Vulnerable Instances** | **407068** |
+| Total Stars Affected | 164163 |
+| Total Forks Affected | 15584 |
 | CWEs Analyzed | 5 |
 
 ## Vulnerability Breakdown by CWE
 
 | CWE | Vulnerability Type | Instances | Severity |
 |-----|-------------------|-----------|----------|
-| **CWE-502** | Deserialization of Untrusted Data | **195116** | CRITICAL |
-| **CWE-79** | Cross-site Scripting (XSS) | **48176** | HIGH |
-| **CWE-89** | SQL Injection | **68872** | CRITICAL |
-| **CWE-22** | Path Traversal | **15128** | HIGH |
-| **CWE-78** | OS Command Injection | **84360** | CRITICAL |
+| **CWE-502** | Deserialization of Untrusted Data | **198436** | CRITICAL |
+| **CWE-79** | Cross-site Scripting (XSS) | **50008** | HIGH |
+| **CWE-89** | SQL Injection | **59176** | CRITICAL |
+| **CWE-22** | Path Traversal | **14664** | HIGH |
+| **CWE-78** | OS Command Injection | **84784** | CRITICAL |
 
 ## Detailed Pattern Analysis
 
 ### CWE-502: Deserialization of Untrusted Data
 
-- **CWE-502: JSON deserialization into interface{}**: 121600 instances
-- **CWE-502: YAML deserialization into interface{}**: 6428 instances
-- **CWE-502: JSON decoder into interface{}**: 55296 instances
-- **CWE-502: XML deserialization into interface{}**: 3520 instances
-- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 8272 instances
+- **CWE-502: JSON deserialization into interface{}**: 120576 instances
+- **CWE-502: YAML deserialization into interface{}**: 6300 instances
+- **CWE-502: JSON decoder into interface{}**: 58368 instances
+- **CWE-502: XML deserialization into interface{}**: 2864 instances
+- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 10328 instances
 
 ### CWE-79: Cross-site Scripting (XSS)
 
-- **CWE-79: Potential XSS via HTML template rendering**: 9968 instances
-- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 35200 instances
-- **CWE-79: Using template.JS (bypasses escaping)**: 3008 instances
+- **CWE-79: Potential XSS via HTML template rendering**: 10152 instances
+- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 36800 instances
+- **CWE-79: Using template.JS (bypasses escaping)**: 3056 instances
 
 ### CWE-89: SQL Injection
 
-- **CWE-89: SQL query with string concatenation**: 11688 instances
-- **CWE-89: SQL exec with string concatenation**: 32160 instances
-- **CWE-89: Raw SQL with string interpolation**: 25024 instances
+- **CWE-89: SQL query with string concatenation**: 10856 instances
+- **CWE-89: SQL exec with string concatenation**: 26688 instances
+- **CWE-89: Raw SQL with string interpolation**: 21632 instances
 
 ### CWE-22: Path Traversal
 
-- **CWE-22: filepath.Join with user input**: 4624 instances
-- **CWE-22: os.Open with user-controlled path**: 1144 instances
-- **CWE-22: File read with constructed path**: 9360 instances
+- **CWE-22: filepath.Join with user input**: 5872 instances
+- **CWE-22: os.Open with user-controlled path**: 1184 instances
+- **CWE-22: File read with constructed path**: 7608 instances
 
 ### CWE-78: OS Command Injection
 
-- **CWE-78: exec.Command with user input**: 968 instances
-- **CWE-78: exec.Command with string formatting**: 46272 instances
-- **CWE-78: Shell command execution**: 37120 instances
+- **CWE-78: exec.Command with user input**: 1072 instances
+- **CWE-78: exec.Command with string formatting**: 45568 instances
+- **CWE-78: Shell command execution**: 38144 instances
 
 ## Fix with go-safeinput