pkg:Go/github.com/forceu/gokapi

All known vulnerabilities

• HIGH8.7CVE-2026-28683Gokapi has Stored XSS in SVG Hotlinks
  from 0
• HIGH8.7CVE-2026-28683Gokapi has Stored XSS in SVG Hotlinks
  from 0, < 2.2.3
• MEDIUM6.5CVE-2026-30955Gokapi vulnerable to DoS in E2E Metadata Parser
  from 0, < 2.2.4
• MEDIUM6.5CVE-2026-30955Gokapi vulnerable to DoS in E2E Metadata Parser
  from 0
• MEDIUM6.4CVE-2026-28682Gokapi has Data Leak in Upload Status Stream
  from 0
• MEDIUM6.4CVE-2026-28682Gokapi has Data Leak in Upload Status Stream
  from 0, < 2.2.3
• MEDIUM5.4CVE-2026-29061Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion
  from 0
• MEDIUM5.4CVE-2026-29061Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion
  from 0, < 2.2.3
• MEDIUM5.4CVE-2025-48495Gokapi has stored XSS vulnerability in friendly name for API keys
  from 0
• MEDIUM5.4CVE-2025-48495Gokapi has stored XSS vulnerability in friendly name for API keys
  >= 1.0.1, <= 1.9.6
• MEDIUM5.0CVE-2026-29060Gokapi has privilege escalation with auth token
  from 0, < 2.2.3
• MEDIUM5.0CVE-2026-29060Gokapi has privilege escalation with auth token
  from 0
• MEDIUM4.6CVE-2026-29084Gokapi has CSRF in Login Endpoint
  from 0, < 2.2.3
• MEDIUM4.6CVE-2026-29084Gokapi has CSRF in Login Endpoint
  from 0
• MEDIUM4.3CVE-2026-30961Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload
  from 0, < 2.2.4
• MEDIUM4.3CVE-2026-30961Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload
  from 0
• MEDIUM4.1CVE-2026-30943Gokapi vulnerable to Privilege Escalation in File Replace
  from 0
• MEDIUM4.1CVE-2026-30943Gokapi vulnerable to Privilege Escalation in File Replace
  from 0, < 2.2.4
• —CVE-2025-48494Gokapi vulnerable to stored XSS via uploading file with malicious file name
  >= 1.0.1, <= 1.9.6
• —CVE-2025-48494Gokapi vulnerable to stored XSS via uploading file with malicious file name
  from 0