Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/patrickhener/goshs/v2

View on go registry
6 Total advisories
6 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 6.5
Go

CVE-2026-42091

goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
HIGH 8.1
Go

CVE-2026-40883

goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation
CRITICAL 9.8
Go

CVE-2026-40884

goshs has an empty-username SFTP password authentication bypass
HIGH 8.8
Go

CVE-2026-40885

goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
HIGH 8.8
Go

CVE-2026-40876

SFTP root escape via prefix-based path validation in goshs
NONE 0.0
Go

GHSA-7qx6-f23w-3w7f

Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes