Go modules · proxy.golang.org
github.com/TruffleSecurity/trufflehog/v3
Webhook Exfil Endpoint: matched "canarytokens.org"
Why PkgRadar flagged v3.90.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "canarytokens.org" · github.com/trufflesecurity/trufflehog/[email protected]/pkg/detectors/aws/access_keys/canary.go |
| medium | Remote Payload | matched "cURL " · github.com/trufflesecurity/trufflehog/[email protected]/pkg/analyzer/analyzers/ngrok/models.go |
| medium | Remote Payload | matched "curl " · github.com/trufflesecurity/trufflehog/[email protected]/pkg/analyzer/analyzers/slack/permissions.go |
| medium | Remote Payload | matched "api.github.com/graphql" · github.com/trufflesecurity/trufflehog/[email protected]/pkg/sources/github_experimental/object_discovery.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v3.54.1 | Review | 10 | 2026-06-04 |
v3.90.1 | High risk | 116 | 2026-06-04 |
v3.63.1 | Review | 15 | 2026-06-04 |
v3.80.2 | High risk | 55 | 2026-06-04 |
v3.83.6 | High risk | 79 | 2026-06-04 |
v3.88.8 | High risk | 89 | 2026-06-04 |
v3.90.8 | High risk | 140 | 2026-06-04 |
v3.89.2 | High risk | 116 | 2026-06-04 |
v3.88.4 | High risk | 89 | 2026-06-04 |
v3.90.10 | High risk | 140 | 2026-06-04 |
v3.88.23 | High risk | 89 | 2026-06-04 |
v3.88.32 | High risk | 116 | 2026-06-04 |
v3.85.0 | High risk | 89 | 2026-06-04 |
v3.83.3 | High risk | 79 | 2026-06-04 |
v3.88.20 | High risk | 89 | 2026-06-04 |
v3.95.0 | High risk | 145 | 2026-06-04 |
v3.88.5 | High risk | 89 | 2026-06-04 |
v3.93.2 | High risk | 140 | 2026-06-04 |
v3.88.28 | High risk | 99 | 2026-06-04 |
v3.87.1 | High risk | 89 | 2026-06-04 |
v3.83.2 | High risk | 79 | 2026-06-04 |
v3.83.0 | High risk | 79 | 2026-06-04 |
v3.94.2 | High risk | 140 | 2026-06-04 |
v3.86.0 | High risk | 89 | 2026-06-04 |
v3.95.5 | High risk | 145 | 2026-06-04 |
Block this in CI
pkgradar gate --ecosystem go github.com/TruffleSecurity/trufflehog/[email protected]