github.com/drakkan/sftpgo/v2

Go6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/drakkan/sftpgo/v2page 1 of 1

CVE-2022-36071HIGHCVSS 8.3EG 8.3✓ Fixed in 2.3.4
2022-09-02
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configu…
CVE-2022-39220MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.3.5
2022-09-20
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. …
CVE-2024-37897MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.6.1
2024-06-20
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In…
CVE-2024-52309MEDIUMCVSS 5.1EG 0.0✓ Fixed in 2.6.3
2024-11-21
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in r…
CVE-2024-52801MEDIUMCVSS 5.3EG 0.0✓ Fixed in 2.6.4
2024-11-29
sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby g…
CVE-2025-24366HIGHCVSS 7.5EG 7.5✓ Fixed in 2.6.5
2025-02-07
SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disa…

Check whether github.com/drakkan/sftpgo/v2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/drakkan/sftpgo/v2 CVEs against the assets you own.

Start Free Scan →