For example: go1.20.12 X:strictfipsruntime

Claircore attempts to parse "1.20.12 X:strictfipsruntime" but fails, so it cannot determine any related vulnerabilities. The extra part seems like a build setting, and not part of the version. It is (probably) possible some vulnerabilities only exist with or without these kinds of special parameters, but Claircore is not in the business of making that decision (unless it may do so using data in a machine readable format).

For this example, Claircore should detect the version is go1.20.12 and find any vulnerabilities related to that Go version.