pkg:Go/github.com/drakkan/sftpgo/v2

All known vulnerabilities

• HIGH8.3CVE-2022-36071SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo
  >= 2.2.0, < 2.3.4
• HIGH8.3CVE-2022-36071SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo
  >= 2.2.0, < 2.3.4
• HIGH7.5CVE-2025-24366SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo
  from 0, < 2.6.5
• HIGH7.5CVE-2025-24366SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo
  >= 0.9.5, < 2.6.5
• MEDIUM6.5CVE-2024-37897SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
  >= 2.2.0, < 2.6.1
• MEDIUM6.5CVE-2024-37897SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
  >= 2.2.0, < 2.6.1
• MEDIUM6.1CVE-2022-39220SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo
  from 0, < 2.3.5
• —CVE-2026-30915SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
  >= 2.3.0, < 2.7.1
• —CVE-2026-30915SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
  >= 2.3.0, < 2.7.1
• —CVE-2026-30914SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy
  from 0, < 2.7.1
• —CVE-2026-30914SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy
  from 0, < 2.7.1
• —CVE-2024-52801sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo
  >= 2.3.0, < 2.6.4
• —CVE-2024-52801sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo
  >= 2.3.0, < 2.6.4
• —CVE-2024-52309SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo
  >= 2.4.0, < 2.6.3
• —CVE-2024-52309SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo
  >= 2.4.0, < 2.6.3