Package impact
Go / github.com/patrickhener/goshs/v2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42091 | medium | 6.5 | 6.5 | 24d ago | goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS | |
| CVE-2026-40885 | unknown | — | — | 1mo ago | goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access | |
| CVE-2026-40883 | unknown | — | — | 1mo ago | goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation | |
| CVE-2026-40884 | unknown | — | — | 1mo ago | goshs has an empty-username SFTP password authentication bypass | |
| CVE-2026-40876 | unknown | — | — | 1mo ago | SFTP root escape via prefix-based path validation in goshs |