HIGH8.3CVE-2022-36071SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo >= 2.2.0, < 2.3.4
HIGH8.3CVE-2022-36071SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo >= 2.2.0, < 2.3.4
HIGH7.5CVE-2025-24366SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo from 0, < 2.6.5
HIGH7.5SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo
>= 0.9.5, < 2.6.5
MEDIUM6.5SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
>= 2.2.0, < 2.6.1
MEDIUM6.5SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
>= 2.2.0, < 2.6.1
MEDIUM6.1SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo
from 0, < 2.3.5
—SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
>= 2.3.0, < 2.7.1
—SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo
>= 2.3.0, < 2.7.1
—SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
from 0, < 2.7.1
—SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
from 0, < 2.7.1
—sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo
>= 2.3.0, < 2.6.4
—sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo
>= 2.3.0, < 2.6.4
—SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo
>= 2.4.0, < 2.6.3
—SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo
>= 2.4.0, < 2.6.3