PkgRadar

Go modules · proxy.golang.org

github.com/BufBuild/Buf

Remote Payload: matched "curl\n\n"

Why PkgRadar flagged v1.13.0

SeveritySignalEvidence
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/bufcurl.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/headers.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/invoker.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/io.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/reflection_resolver.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/resolver.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/tls.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/usage.gen.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/verbose_transport.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/cmd/buf/command/curl/curl.go
mediumRemote Payloadmatched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/cmd/buf/command/curl/usage.gen.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/bufbuild/[email protected]/private/pkg/spdx/spdx.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.13.0High risk622026-06-18
v1.23.0High risk622026-06-18
v1.0.0-rc3Review122026-06-18
v0.46.0Review122026-06-18
v0.30.0Low risk02026-06-18
v0.9.0Review102026-06-18
v1.0.0-rc7Review122026-06-18
v1.15.0High risk622026-06-18
v0.4.0Low risk02026-06-18
v1.24.0High risk622026-06-18
v1.22.0High risk622026-06-18
v1.15.1High risk622026-06-18
v0.53.0Review122026-06-18
v0.19.0Low risk02026-06-18
v1.1.0Review122026-06-18
v1.20.0High risk622026-06-18
v0.4.1Low risk02026-06-18
v0.51.1Review122026-06-18
v0.31.0Low risk02026-06-18
v0.20.2Low risk02026-06-18
v1.35.0High risk622026-06-18
v1.0.0-rc2Review122026-06-18
v1.35.1High risk622026-06-18
v0.39.1Low risk02026-06-18
v0.43.1Review122026-06-18
v0.25.0Low risk02026-06-18
v1.40.1High risk622026-06-18
v1.41.0High risk622026-06-18
v1.43.0High risk502026-06-18
v1.42.0High risk622026-06-18
v1.44.0High risk502026-06-18
v1.46.0High risk502026-06-18
v1.47.0High risk502026-06-18
v1.47.1High risk502026-06-18
v1.48.0High risk502026-06-18
v1.49.0High risk502026-06-18
v1.50.0High risk502026-06-18
v1.50.1High risk502026-06-18
v1.5.0Review122026-06-18
v1.55.0High risk502026-06-18
v1.55.1High risk502026-06-18
v1.56.0High risk502026-06-18
v1.57.1High risk502026-06-18
v1.57.0High risk502026-06-18
v1.58.0High risk502026-06-18
v1.57.2High risk502026-06-18
v1.64.0High risk502026-06-18
v1.63.0High risk502026-06-18
v1.68.2High risk502026-06-18
v1.68.3High risk502026-06-18
v1.68.4High risk502026-06-18
v1.69.0High risk502026-06-18
v1.70.0High risk502026-06-18
v1.8.0Review122026-06-18
v1.9.0Review122026-06-18
v1.0.0-rc6Review122026-06-18
v0.26.0Low risk02026-06-17
v1.26.1High risk622026-06-17
v1.3.0Review122026-06-17
v1.68.1High risk502026-06-17
v1.47.2High risk502026-06-17
v1.52.1High risk502026-06-17
v0.15.0Low risk02026-06-17
v1.0.0-rc8Review122026-06-17
v0.45.0Review122026-06-17
v0.55.0Review122026-06-17
v0.12.1Review102026-06-17
v1.71.1-0.20260616171424-ce80ea77f40bHigh risk502026-06-17
v1.71.0High risk502026-06-17
v1.28.1High risk622026-06-17

Block this in CI

PkgRadar gates github.com/BufBuild/Buf (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/BufBuild/[email protected]
Start free — 25 scans / moView full evidence