Go modules · proxy.golang.org

github.com/Supabase/cli

Reverse Shell

Why PkgRadar flagged v1.47.2

Severity	Signal	Evidence
high	Reverse Shell	github.com/supabase/[email protected]/internal/start/start.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.4.3`	Review	5	2026-06-23
`v1.10.0`	Review	5	2026-06-23
`v1.47.2`	High risk	40	2026-06-23
`v1.7.6`	Review	5	2026-06-23
`v1.188.3`	Low risk	0	2026-06-23
`v1.115.4`	High risk	52	2026-06-23
`v1.42.5`	High risk	40	2026-06-23
`v1.145.3`	High risk	52	2026-06-23
`v1.8.4`	Review	5	2026-06-23
`v1.176.0`	Low risk	0	2026-06-23
`v1.52.3`	High risk	40	2026-06-23
`v1.68.0`	High risk	52	2026-06-23
`v1.8.5`	Review	5	2026-06-23
`v1.125.0`	High risk	52	2026-06-23
`v1.47.1`	High risk	40	2026-06-23
`v1.162.7`	High risk	52	2026-06-23
`v1.27.0`	Low risk	0	2026-06-23
`v1.226.0`	Low risk	0	2026-06-23
`v1.176.2`	Low risk	0	2026-06-23
`v1.105.0`	High risk	52	2026-06-23
`v1.176.6`	Low risk	0	2026-06-23
`v1.139.0`	High risk	52	2026-06-23
`v1.155.2`	High risk	52	2026-06-23
`v1.207.9`	Low risk	0	2026-06-23
`v1.224.1`	Low risk	0	2026-06-23
`v0.39.0`	Low risk	0	2026-06-23
`v1.24.0`	Low risk	0	2026-06-23
`v1.26.5`	Low risk	0	2026-06-23
`v0.12.3`	Low risk	0	2026-06-23
`v0.21.1`	Low risk	0	2026-06-23
`v1.54.1`	High risk	40	2026-06-23
`v0.38.0`	Low risk	0	2026-06-23
`v1.42.6`	High risk	40	2026-06-23
`v1.109.1`	High risk	52	2026-06-23
`v0.6.0`	Low risk	0	2026-06-23
`v1.198.3`	Low risk	0	2026-06-23
`v1.43.1`	High risk	40	2026-06-23
`v0.33.0`	Low risk	0	2026-06-23
`v1.138.4`	High risk	52	2026-06-23
`v1.26.8`	Low risk	0	2026-06-23
`v1.110.2`	High risk	52	2026-06-23
`v1.150.2`	High risk	52	2026-06-23
`v0.15.12`	Low risk	0	2026-06-23
`v1.220.1`	Low risk	0	2026-06-23
`v1.99.3`	High risk	52	2026-06-23
`v0.24.4`	Low risk	0	2026-06-23
`v1.192.6`	Low risk	0	2026-06-23
`v1.179.0`	Low risk	0	2026-06-23
`v1.8.6`	Review	5	2026-06-23
`v1.45.1`	High risk	40	2026-06-23
`v1.128.1`	High risk	52	2026-06-23
`v0.29.1`	Low risk	0	2026-06-23
`v1.80.0`	High risk	52	2026-06-23
`v1.90.0`	High risk	52	2026-06-23
`v1.100.0`	High risk	52	2026-06-23
`v1.110.0`	High risk	52	2026-06-23
`v2.107.0+incompatible`	Low risk	0	2026-06-23
`v1.149.0`	High risk	52	2026-06-23
`v1.148.0`	High risk	52	2026-06-23
`v1.145.0`	High risk	52	2026-06-23
`v1.38.6`	High risk	40	2026-06-23
`v1.130.0`	High risk	52	2026-06-23
`v1.200.0`	Low risk	0	2026-06-23
`v1.140.0`	High risk	52	2026-06-23
`v1.135.0`	High risk	52	2026-06-23
`v1.142.0`	High risk	52	2026-06-23
`v1.120.0`	High risk	52	2026-06-23
`v1.195.0`	Low risk	0	2026-06-23
`v1.190.0`	Low risk	0	2026-06-23
`v1.187.0`	Low risk	0	2026-06-23
`v1.185.0`	Low risk	0	2026-06-23
`v1.183.0`	Low risk	0	2026-06-23
`v1.175.0`	Review	12	2026-06-23
`v1.180.0`	Low risk	0	2026-06-23
`v1.170.0`	High risk	52	2026-06-23
`v1.172.0`	High risk	52	2026-06-23
`v1.167.0`	High risk	52	2026-06-23
`v1.160.0`	High risk	52	2026-06-23
`v1.163.0`	High risk	52	2026-06-23
`v1.165.0`	High risk	52	2026-06-23
`v1.150.0`	High risk	52	2026-06-23
`v1.226.5`	Low risk	0	2026-06-23

Block this in CI

PkgRadar gates github.com/Supabase/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/Supabase/[email protected]

Start free — 25 scans / mo View full evidence