diff --git a/data/osv/GO-2024-2605.json b/data/osv/GO-2024-2605.json
index e3e6632a..0b17dee9 100644
--- a/data/osv/GO-2024-2605.json
+++ b/data/osv/GO-2024-2605.json
@@ -10,6 +10,33 @@
   "summary": "SQL injection in github.com/jackc/pgx/v4",
   "details": "SQL injection is possible when the database uses the non-default simple protocol, a minus sign directly precedes a numeric placeholder followed by a string placeholder on the same line, and both parameter values are user-controlled.",
   "affected": [
+    {
+      "package": {
+        "name": "github.com/jackc/pgx",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/jackc/pgx/internal/sanitize",
+            "symbols": [
+              "Query.Sanitize",
+              "SanitizeSQL"
+            ]
+          }
+        ]
+      }
+    },
     {
       "package": {
         "name": "github.com/jackc/pgx/v4",
diff --git a/data/reports/GO-2024-2605.yaml b/data/reports/GO-2024-2605.yaml
index 375dec6d..97dca78f 100644
--- a/data/reports/GO-2024-2605.yaml
+++ b/data/reports/GO-2024-2605.yaml
@@ -1,5 +1,13 @@
 id: GO-2024-2605
 modules:
+    - module: github.com/jackc/pgx
+      vulnerable_at: 3.6.2+incompatible
+      packages:
+        - package: github.com/jackc/pgx/internal/sanitize
+          symbols:
+            - Query.Sanitize
+          derived_symbols:
+            - SanitizeSQL
     - module: github.com/jackc/pgx/v4
       versions:
         - fixed: 4.18.2