pkg:Go/github.com/patrickhener/goshs

12 total CVEsCRITICAL7HIGH4MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-40884goshs has an empty-username SFTP password authentication bypass
    from 0, <= 1.1.4
  • CRITICAL9.8CVE-2026-40189goshs has a file-based ACL authorization bypass in goshs state-changing routes
    from 0, <= 1.1.4
  • CRITICAL9.8CVE-2026-35471goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
    from 0, < 1.1.5-0.20260401172448-237f3af891a9
  • CRITICAL9.8CVE-2026-35393goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload
    from 0, < 1.1.5-0.20260401172448-237f3af891a9
  • CRITICAL9.8CVE-2026-35392goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload
    from 0, < 1.1.5-0.20260401172448-237f3af891a9
  • CRITICAL9.4CVE-2025-46816goshs route not protected, allows command execution in github.com/patrickhener/goshs
    >= 0.3.4, < 1.0.5
  • CRITICAL9.4CVE-2025-46816goshs route not protected, allows command execution in github.com/patrickhener/goshs
    >= 0.3.4, < 1.0.5
  • HIGH8.8CVE-2026-40876SFTP root escape via prefix-based path validation in goshs
    from 0, <= 1.1.4
  • HIGH8.1CVE-2026-34581goshs has Auth Bypass via Share Token
    >= 1.1.0
  • HIGH7.7CVE-2026-40188goshs is Missing Write Protection for Parametric Data Values
    >= 1.0.7, <= 1.1.4
  • HIGH7.7CVE-2026-40188goshs is Missing Write Protection for Parametric Data Values
    >= 1.0.7
  • MEDIUM6.5CVE-2026-42091goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
    from 0, <= 1.1.4