HIGH8.3CVE-2022-36071SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo from 0
HIGH7.5CVE-2025-24366SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo from 0, <= 1.2.2
HIGH7.5CVE-2025-24366SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo from 0
MEDIUM6.5SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
from 0
MEDIUM6.1SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo
from 0, < 2.3.5
MEDIUM6.1SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo
from 0
—SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
from 0
—SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
from 0, <= 1.2.2
—SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
from 0
—sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo
from 0
—SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo
from 0