diff --git a/data/osv/GO-2024-2606.json b/data/osv/GO-2024-2606.json
index 8a3ffe1f..bbd544d9 100644
--- a/data/osv/GO-2024-2606.json
+++ b/data/osv/GO-2024-2606.json
@@ -99,6 +99,33 @@
         ]
       }
     },
+    {
+      "package": {
+        "name": "github.com/jackc/pgx",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/jackc/pgx/internal/sanitize",
+            "symbols": [
+              "Query.Sanitize",
+              "SanitizeSQL"
+            ]
+          }
+        ]
+      }
+    },
     {
       "package": {
         "name": "github.com/jackc/pgx/v4",
diff --git a/data/reports/GO-2024-2606.yaml b/data/reports/GO-2024-2606.yaml
index fc5c61d5..e77c3d03 100644
--- a/data/reports/GO-2024-2606.yaml
+++ b/data/reports/GO-2024-2606.yaml
@@ -67,6 +67,14 @@ modules:
             - main
       fix_links:
         - https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
+    - module: github.com/jackc/pgx
+      vulnerable_at: 3.6.2+incompatible
+      packages:
+        - package: github.com/jackc/pgx/internal/sanitize
+          symbols:
+            - Query.Sanitize
+          derived_symbols:
+            - SanitizeSQL
     - module: github.com/jackc/pgx/v4
       versions:
         - fixed: 4.18.2