pkg:Go/github.com/patrickhener/goshs/v2

5 total CVEsCRITICAL1HIGH3MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-40884goshs has an empty-username SFTP password authentication bypass
    from 0, < 2.0.0
  • HIGH8.8CVE-2026-40885goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
    >= 2.0.0-beta.4, < 2.0.0-beta.6
  • HIGH8.8CVE-2026-40876SFTP root escape via prefix-based path validation in goshs
    from 0, < 2.0.0
  • HIGH8.1CVE-2026-40883goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation
    >= 2.0.0-beta.4, < 2.0.0-beta.6
  • MEDIUM6.5CVE-2026-42091goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
    from 0, < 2.0.2