CRITICAL9.8CVE-2026-40884goshs has an empty-username SFTP password authentication bypass from 0, <= 1.1.4
CRITICAL9.8CVE-2026-40189goshs has a file-based ACL authorization bypass in goshs state-changing routes from 0, <= 1.1.4
CRITICAL9.8CVE-2026-35471goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) from 0, < 1.1.5-0.20260401172448-237f3af891a9
CRITICAL9.8goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload
from 0, < 1.1.5-0.20260401172448-237f3af891a9
CRITICAL9.8goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload
from 0, < 1.1.5-0.20260401172448-237f3af891a9
CRITICAL9.4goshs route not protected, allows command execution in github.com/patrickhener/goshs
>= 0.3.4, < 1.0.5
CRITICAL9.4goshs route not protected, allows command execution in github.com/patrickhener/goshs
>= 0.3.4, < 1.0.5
HIGH8.8SFTP root escape via prefix-based path validation in goshs
from 0, <= 1.1.4
HIGH8.1goshs has Auth Bypass via Share Token
>= 1.1.0
HIGH7.7goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs
>= 1.0.7, <= 1.1.4
HIGH7.7goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs
>= 1.0.7
MEDIUM6.5goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
from 0, <= 1.1.4