Go modules · proxy.golang.org

golang.org/x/vulndb

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged v0.0.0-20260611195111-b92f1398a23f

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · golang.org/x/[email protected]/internal/cveutils/list.go
medium	Remote Payload	matched "raw.githubusercontent.com" · golang.org/x/[email protected]/internal/genericosv/fetch.go
medium	Remote Payload	matched "raw.githubusercontent.com" · golang.org/x/[email protected]/internal/ghsarepo/client.go
medium	Remote Payload	matched "raw.githubusercontent.com" · golang.org/x/[email protected]/internal/worker/false_positive_records.gen.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260611195111-b92f1398a23f`	High risk	48	2026-06-13
`v0.0.0-20260602213947-fe9f323e1610`	High risk	48	2026-06-03
`v0.0.0-20260529191756-a07a698257c6`	Review	48	2026-05-30

Block this in CI

PkgRadar gates golang.org/x/vulndb (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go golang.org/x/[email protected]