chore: update impact metrics 2026-04-05 (#28)

- Updated vulnerability scan results
  - Refreshed CWE instance counts
  - Updated README badges

Author: ravisastryk

README.md

@@ -14,13 +14,13 @@
 
 | CWE | Vulnerability | Instances | Severity |
 |-----|--------------|-----------|----------|
-| ![CWE-502](https://img.shields.io/badge/CWE--502-187304-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
-| ![CWE-79](https://img.shields.io/badge/CWE--79-52776-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
-| ![CWE-89](https://img.shields.io/badge/CWE--89-65736-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
-| ![CWE-22](https://img.shields.io/badge/CWE--22-13348-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
-| ![CWE-78](https://img.shields.io/badge/CWE--78-82764-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
+| ![CWE-502](https://img.shields.io/badge/CWE--502-192940-critical?style=flat-square) | Deserialization of Untrusted Data | **166240** | 🔴 CRITICAL |
+| ![CWE-79](https://img.shields.io/badge/CWE--79-51840-red?style=flat-square) | Cross-site Scripting (XSS) | **46156** | 🟠 HIGH |
+| ![CWE-89](https://img.shields.io/badge/CWE--89-108144-critical?style=flat-square) | SQL Injection | **54904** | 🔴 CRITICAL |
+| ![CWE-22](https://img.shields.io/badge/CWE--22-14316-red?style=flat-square) | Path Traversal | **46156** | 🟠 HIGH |
+| ![CWE-78](https://img.shields.io/badge/CWE--78-81460-critical?style=flat-square) | OS Command Injection | **69164** | 🔴 CRITICAL |
 
-**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-401928-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-260537-blue?style=for-the-badge)
+**Total Impact:** ![Total Vulnerable](https://img.shields.io/badge/total_vulnerable-448700-critical?style=for-the-badge) ![Stars Affected](https://img.shields.io/badge/stars_affected-236095-blue?style=for-the-badge)
 
 ---
 

metrics/REPORT.md

@@ -1,61 +1,61 @@
 # Go Ecosystem Vulnerability Impact Report
 
-**Generated:** 2026-03-29 00:39 UTC
+**Generated:** 2026-04-05 00:39 UTC
 **Scanner:** [go-safeinput](https://github.com/ravisastryk/go-safeinput)
 **Coverage:** MITRE CWE Top 25 vulnerabilities
 
 ## Executive Summary
 
 | Metric | Value |
 |--------|-------|
-| **Total Vulnerable Instances** | **401928** |
-| Total Stars Affected | 260537 |
-| Total Forks Affected | 23978 |
+| **Total Vulnerable Instances** | **448700** |
+| Total Stars Affected | 236095 |
+| Total Forks Affected | 21475 |
 | CWEs Analyzed | 5 |
 
 ## Vulnerability Breakdown by CWE
 
 | CWE | Vulnerability Type | Instances | Severity |
 |-----|-------------------|-----------|----------|
-| **CWE-502** | Deserialization of Untrusted Data | **187304** | CRITICAL |
-| **CWE-79** | Cross-site Scripting (XSS) | **52776** | HIGH |
-| **CWE-89** | SQL Injection | **65736** | CRITICAL |
-| **CWE-22** | Path Traversal | **13348** | HIGH |
-| **CWE-78** | OS Command Injection | **82764** | CRITICAL |
+| **CWE-502** | Deserialization of Untrusted Data | **192940** | CRITICAL |
+| **CWE-79** | Cross-site Scripting (XSS) | **51840** | HIGH |
+| **CWE-89** | SQL Injection | **108144** | CRITICAL |
+| **CWE-22** | Path Traversal | **14316** | HIGH |
+| **CWE-78** | OS Command Injection | **81460** | CRITICAL |
 
 ## Detailed Pattern Analysis
 
 ### CWE-502: Deserialization of Untrusted Data
 
-- **CWE-502: JSON deserialization into interface{}**: 113152 instances
-- **CWE-502: YAML deserialization into interface{}**: 7908 instances
-- **CWE-502: JSON decoder into interface{}**: 55168 instances
-- **CWE-502: XML deserialization into interface{}**: 3808 instances
-- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 7268 instances
+- **CWE-502: JSON deserialization into interface{}**: 116480 instances
+- **CWE-502: YAML deserialization into interface{}**: 7524 instances
+- **CWE-502: JSON decoder into interface{}**: 55936 instances
+- **CWE-502: XML deserialization into interface{}**: 3600 instances
+- **CWE-502: Using yaml.v2 (vulnerable to custom tags)**: 9400 instances
 
 ### CWE-79: Cross-site Scripting (XSS)
 
-- **CWE-79: Potential XSS via HTML template rendering**: 13024 instances
-- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 36992 instances
-- **CWE-79: Using template.JS (bypasses escaping)**: 2760 instances
+- **CWE-79: Potential XSS via HTML template rendering**: 12960 instances
+- **CWE-79: Direct write to ResponseWriter (potential XSS)**: 35712 instances
+- **CWE-79: Using template.JS (bypasses escaping)**: 3168 instances
 
 ### CWE-89: SQL Injection
 
-- **CWE-89: SQL query with string concatenation**: 13128 instances
-- **CWE-89: SQL exec with string concatenation**: 29312 instances
-- **CWE-89: Raw SQL with string interpolation**: 23296 instances
+- **CWE-89: SQL query with string concatenation**: 10992 instances
+- **CWE-89: SQL exec with string concatenation**: 30208 instances
+- **CWE-89: Raw SQL with string interpolation**: 66944 instances
 
 ### CWE-22: Path Traversal
 
-- **CWE-22: filepath.Join with user input**: 4272 instances
-- **CWE-22: os.Open with user-controlled path**: 996 instances
-- **CWE-22: File read with constructed path**: 8080 instances
+- **CWE-22: filepath.Join with user input**: 4192 instances
+- **CWE-22: os.Open with user-controlled path**: 1052 instances
+- **CWE-22: File read with constructed path**: 9072 instances
 
 ### CWE-78: OS Command Injection
 
-- **CWE-78: exec.Command with user input**: 1036 instances
-- **CWE-78: exec.Command with string formatting**: 46144 instances
-- **CWE-78: Shell command execution**: 35584 instances
+- **CWE-78: exec.Command with user input**: 1012 instances
+- **CWE-78: exec.Command with string formatting**: 44992 instances
+- **CWE-78: Shell command execution**: 35456 instances
 
 ## Fix with go-safeinput