Go modules · proxy.golang.org

github.com/grafana/Grafana/pkg/plugins

Shell Credential File Read, Go Mod Replace Local

Why PkgRadar flagged v0.0.0-20260623110645-7bbd326bfa0c

Severity	Signal	Evidence
high	Shell Credential File Read	github.com/grafana/grafana/pkg/[email protected]/ifaces.go
medium	Go Mod Replace Local	github.com/grafana/grafana/pkg/[email protected]/go.mod

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260623110645-7bbd326bfa0c`	High risk	55	2026-06-24
`v0.0.0-20260623105416-e0827f5ddfe0`	High risk	55	2026-06-24
`v0.0.0-20260623102236-172b21abe2e3`	High risk	55	2026-06-24
`v0.0.0-20260604043637-56e9f86164e5`	Low risk	0	2026-06-05
`v0.0.0-20260601190356-a54b2e1e9aaf`	Low risk	0	2026-06-03

Block this in CI

PkgRadar gates github.com/grafana/Grafana/pkg/plugins (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/grafana/Grafana/pkg/[email protected]