Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/patrickhener/goshs

View on go registry
13 Total advisories
13 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 7.7
Go

CVE-2026-40188

goshs is Missing Write Protection for Parametric Data Values
UNKNOWN
Go

CVE-2026-40188

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs
MEDIUM 6.5
Go

CVE-2026-42091

goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
CRITICAL 9.8
Go

CVE-2026-40884

goshs has an empty-username SFTP password authentication bypass
HIGH 8.8
Go

CVE-2026-40876

SFTP root escape via prefix-based path validation in goshs
CRITICAL 9.8
Go

CVE-2026-40189

goshs has a file-based ACL authorization bypass in goshs state-changing routes
NONE 0.0
Go

GHSA-7qx6-f23w-3w7f

Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint
CRITICAL 9.8
Go

CVE-2026-35471

goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
CRITICAL 9.8
Go

CVE-2026-35393

goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload
CRITICAL 9.8
Go

CVE-2026-35392

goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload
HIGH 8.1
Go

CVE-2026-34581

goshs has Auth Bypass via Share Token
UNKNOWN
Go

CVE-2025-46816

goshs route not protected, allows command execution in github.com/patrickhener/goshs
CRITICAL 9.4
Go

CVE-2025-46816

goshs route not protected, allows command execution

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes