PkgRadar

Go modules · proxy.golang.org

github.com/thales-transfer/gose

Shell Credential File Read

Why PkgRadar flagged v0.12.1-0.20260521152536-9aee29d4a396

SeveritySignalEvidence
highShell Credential File Read
highShell Credential File Read
highShell Credential File Read

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.12.1-0.20260521152536-9aee29d4a396High risk952026-06-29
v0.13.0-rc1High risk952026-06-29
v0.11.0-rcHigh risk952026-06-29
v0.8.2High risk952026-06-29
v0.9.0High risk952026-06-29
v0.7.8High risk452026-06-29
v0.7.3High risk452026-06-29
v0.8.6High risk952026-06-29
v0.8.4High risk952026-06-29
v0.10.1-rcHigh risk952026-06-29
v0.12.1-rc1High risk952026-06-29
v0.8.0High risk952026-06-29
v0.9.1High risk952026-06-29
v0.9.1-alphaHigh risk952026-06-29
v0.7.6High risk452026-06-29
v0.7.7High risk452026-06-29
v0.8.1High risk952026-06-29
v0.8.7High risk952026-06-29
v0.10.0High risk952026-06-29
v0.7.5High risk452026-06-29
v0.8.5High risk952026-06-29
v0.7.4High risk452026-06-29
v0.12.0High risk952026-06-29
v0.12.1High risk952026-06-29
v0.8.3High risk952026-06-29

Block this in CI

PkgRadar gates github.com/thales-transfer/gose (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/thales-transfer/[email protected]
github.com/thales-transfer/gose — Go modules security scan | PkgRadar