Back to <til> Today I learned

Go Vuln the Golang Vulnerability Database

What is govuln?

govuln is a new vulnerability database for looking your code for vulnerable packages and prevent supply chain attacks

How to install the govulncheck cli

govulncheck is the command line inferface for interacting with the database and checking your code against it, install it with the following command:

go install[email protected]

Then run it in your project as follows:

govulncheck .

It will search in your dependencies for vulnerable packages. Here is an example of the output:

govulncheck is an experimental tool. Share feedback at

Scanning for dependencies with known vulnerabilities...
No vulnerabilities found.

=== Informational ===

The vulnerabilities below are in packages that you import, but your code
doesn't appear to call any vulnerable functions. You may not need to take any
action. See
for details.

Vulnerability #1: GO-2022-1095
  Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows.

  In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
  Found in: [email protected]
  Fixed in: [email protected]
  More info:

For more details check the official doc: and the talk given during the 2022 go day titled Writing your Applications Faster and More Securely with Go which also covers Fuzzy Testing but that is for another TIL

Back to <til> Today I learned

Posts by me

Los datos de los clientes de Panamericana estuvieron expuestos

El pasado 5 de abril fuí a Panamericana a comprar un libro, al momento de pagar, la cajera me hizo la invitación a actualizar mis datos para que me envien la factura electrónicamente.

A guy monitoring weather

Found this blog post in HN, pretty interesting, I’m doing something similar, but the level of sophictication in his project could be used as inspiration for mine. Monitoring My Weather At Home 🌩️

A GPT From Scratch

A nice post explaining how to build a GPT model from scratch GPT from scratch