PkgRadar

Go modules · proxy.golang.org

gitlab.com/gitlab-org/packhorse

Remote Payload: matched "curl "

Why PkgRadar flagged v1.18.4

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · gitlab.com/gitlab-org/[email protected]/cronjob/run-cron.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.23.0Low risk02026-06-09
v1.22.0Low risk02026-06-06
v1.20.0Low risk02026-06-04
v1.19.0Low risk02026-06-03
v1.18.5Low risk02026-06-02
v1.5.1Low risk02026-05-29
v1.15.0Low risk02026-05-29
v1.5.0Low risk02026-05-29
v1.18.1Low risk02026-05-29
v1.17.6Low risk02026-05-29
v1.7.1Low risk02026-05-29
v1.17.5Low risk02026-05-29
v1.11.1Low risk02026-05-29
v1.10.0Low risk02026-05-29
v1.17.3Low risk02026-05-29
v1.6.1Low risk02026-05-29
v1.18.0Low risk02026-05-29
v1.17.2Low risk02026-05-29
v1.13.0Low risk02026-05-29
v1.16.0Low risk02026-05-29
v1.1.0Low risk02026-05-29
v1.17.10Low risk02026-05-29
v1.18.2Low risk02026-05-29
v1.17.4Low risk02026-05-29
v1.18.3Low risk02026-05-29
v1.3.0Low risk02026-05-29
v1.12.0Low risk02026-05-29
v1.9.0Low risk02026-05-29
v1.17.9Low risk02026-05-29
v1.0.0Low risk02026-05-29
v1.6.0Low risk02026-05-29
v1.17.1Low risk02026-05-29
v1.7.0Low risk02026-05-29
v1.17.8Low risk02026-05-29
v1.2.1Low risk02026-05-29
v1.8.0Low risk02026-05-29
v1.17.7Low risk02026-05-29
v1.14.0Low risk02026-05-29
v1.5.2Low risk02026-05-29
v1.4.0Low risk02026-05-29
v1.6.2Low risk02026-05-29
v1.11.0Low risk02026-05-29
v1.2.0Low risk02026-05-29
v1.17.0Low risk02026-05-29
v1.2.2Low risk02026-05-29
v1.18.4Review122026-05-29

Block this in CI

PkgRadar gates gitlab.com/gitlab-org/packhorse (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go gitlab.com/gitlab-org/[email protected]
Start free — 25 scans / moView full evidence