Go modules · proxy.golang.org
github.com/bufbuild/buf
Remote Payload: matched "curl\n\n"
Why PkgRadar flagged v1.70.1-0.20260604210648-e1fe7e1dca63
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/cmd/buf/internal/command/curl/curl.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/bufcurl.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/headers.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/invoker.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/io.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/reflection_resolver.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/resolver.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/tls.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/usage.gen.go |
| medium | Remote Payload | matched "curl\n\n" · github.com/bufbuild/[email protected]/private/buf/bufcurl/verbose_transport.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.70.1-0.20260604210648-e1fe7e1dca63 | High risk | 50 | 2026-06-06 |
v0.0.0-20200921202700-b3287df89548 | Low risk | 0 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/bufbuild/[email protected]