PkgRadar

Go modules · proxy.golang.org

github.com/pantheon-security/medusa

DNS / OAST exfiltration: matched "burpcollaborator.net"

Why PkgRadar flagged v2026.6.0+incompatible

SeveritySignalEvidence
highDNS / OAST exfiltrationmatched "burpcollaborator.net" · github.com/pantheon-security/[email protected]+incompatible/medusa/rules/agent_security/exfiltration_agents_2026.yaml

Scanned versions

VersionVerdictScoreScanned (UTC)
v2026.6.0+incompatibleHigh risk812026-06-11
v2026.5.11+incompatibleHigh risk752026-05-30

Block this in CI

PkgRadar gates github.com/pantheon-security/medusa (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/pantheon-security/[email protected]+incompatible
Start free — 25 scans / moView full evidence
github.com/pantheon-security/medusa — Go modules security scan | PkgRadar