Go modules · proxy.golang.org

github.com/mongodb/mongocli

Shell Credential File Read, Tls Verification Disabled

Why PkgRadar flagged v1.20.5-0.20221109090907-39507b21e197

Severity	Signal	Evidence
high	Shell Credential File Read	github.com/mongodb/[email protected]/internal/decryption/encrypted_audit_log.go
high	Shell Credential File Read	github.com/mongodb/[email protected]/internal/decryption/keyproviders/key_provider.go
medium	Tls Verification Disabled	github.com/mongodb/[email protected]/internal/store/store.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.1.1-0.20200415163854-35748e45f12d`	Review	3	2026-06-25
`v1.20.5-0.20221109090907-39507b21e197`	High risk	102	2026-06-25
`v1.22.1-0.20260623173014-ba2ba244eedf`	High risk	90	2026-06-25
`v0.0.0-20200102085655-24cd3efd867a`	Low risk	0	2026-06-12
`v0.0.0-20200102085813-ff1824d8979b`	Low risk	0	2026-06-12
`v0.0.0-20200102102426-dbbbabe6a141`	Low risk	0	2026-06-12
`v1.22.1-0.20260529123459-57b37d6a4611`	Low risk	0	2026-06-01

Block this in CI

PkgRadar gates github.com/mongodb/mongocli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/mongodb/[email protected]