PkgRadar

Go modules · proxy.golang.org

github.com/BUFBUILD/buf

Remote Payload: matched "curl\n\n"

Why PkgRadar flagged v1.14.0

SeveritySignalEvidence
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/bufcurl.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/headers.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/invoker.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/io.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/reflection_resolver.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/resolver.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/tls.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/usage.gen.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/verbose_transport.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/cmd/buf/command/curl/curl.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/cmd/buf/command/curl/usage.gen.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/bufbuild/[email protected]/private/pkg/spdx/spdx.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.0Review122026-06-14
v1.14.0High risk622026-06-14
v0.52.0Review122026-06-14
v0.8.0Review102026-06-14
v0.51.0Review122026-06-14
v1.13.0High risk622026-06-14
v1.18.0High risk622026-06-14
v1.23.0High risk622026-06-14
v0.43.0Review122026-06-14
v1.0.0-rc3Review122026-06-14
v1.28.0High risk622026-06-14
v0.46.0Review122026-06-14
v0.20.1Low risk02026-06-14
v0.29.0Low risk02026-06-14
v0.34.0Low risk02026-06-14
v1.12.0High risk622026-06-14
v0.30.0Low risk02026-06-14
v0.49.0Review122026-06-14
v0.6.0Review102026-06-14
v1.16.0High risk622026-06-14
v0.48.2Review122026-06-14
v1.0.0-rc10Review122026-06-14
v0.18.0Low risk02026-06-14
v1.0.0-rc1Review122026-06-14
v1.15.0High risk622026-06-14
v1.37.0High risk622026-06-14
v1.31.0High risk622026-06-14
v1.2.1Review122026-06-14
v1.33.0High risk622026-06-14
v0.33.0Low risk02026-06-14
v1.32.2High risk622026-06-14
v0.21.0Low risk02026-06-14
v0.44.0Review122026-06-14
v1.25.0High risk622026-06-14
v0.35.1Low risk02026-06-14
v1.0.0-rc2Review122026-06-14
v1.40.0High risk622026-06-14
v1.41.0High risk622026-06-14
v1.40.1High risk622026-06-14
v1.43.0High risk502026-06-14
v1.42.0High risk622026-06-14
v1.48.0High risk502026-06-14
v1.44.0High risk502026-06-14
v1.45.0High risk502026-06-14
v1.46.0High risk502026-06-14
v1.47.0High risk502026-06-14
v1.47.1High risk502026-06-14
v1.47.2High risk502026-06-14
v1.5.0Review122026-06-14
v1.55.0High risk502026-06-14
v1.55.1High risk502026-06-14
v1.56.0High risk502026-06-14
v1.62.1High risk502026-06-14
v1.62.0High risk502026-06-14
v1.68.0High risk502026-06-14
v1.68.1High risk502026-06-14
v1.9.0Review122026-06-14
v1.57.0High risk502026-06-14
v0.39.0Low risk02026-06-13
v0.38.0Low risk02026-06-13
v0.2.0Low risk02026-06-13
v0.16.0Low risk02026-06-13
v0.30.1Low risk02026-06-13
v1.49.0High risk502026-06-13
v1.68.3High risk502026-06-13
v1.60.0High risk502026-06-13
v1.54.0High risk502026-06-13
v1.0.0-rc11Review122026-06-13
v1.68.4High risk502026-06-13
v1.0.0-rc12Review122026-06-13
v1.70.0High risk502026-06-13
v1.70.1-0.20260612183240-5e30bd80dc22High risk502026-06-13
v1.6.0Review122026-06-13
v0.12.1Review102026-06-13

Block this in CI

PkgRadar gates github.com/BUFBUILD/buf (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/BUFBUILD/[email protected]
Start free — 25 scans / moView full evidence