Package impact
Go / github.com/patrickhener/goshs/v2
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42091 | medium | 6.5 | 6.5 | 1mo ago | goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS | |||
| CVE-2026-40885 | unknown | — | — | 2mo ago | goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access | |||
| CVE-2026-40883 | unknown | — | — | 2mo ago | goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation | |||
| CVE-2026-40884 | unknown | — | — | 2mo ago | goshs has an empty-username SFTP password authentication bypass | |||
| CVE-2026-40876 | unknown | — | — | 2mo ago | SFTP root escape via prefix-based path validation in goshs |