CVE-2025-59937 vulnerabilities

Vulnerabilities for packages: gitea, gitea-fips, sftpgo...

GHSA-WPWJ-69CM-Q9C5 vulnerabilities

Vulnerabilities for packages: gitea, gitea-fips, sftpgo...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: bank-vaults, ctop, modelmesh-runtime-adapter, blobfuse2, cloud-provider-aws, newrelic-nri-statsd, mongodb-kubernetes-operator, shfmt, kserve-rest-proxy, confluent-common-docker, vexctl, checksec, kube-vip, terraform-provider-time, sftpgo-plugin-pubsub, nats,...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: bank-vaults, ctop, modelmesh-runtime-adapter, blobfuse2, cloud-provider-aws, newrelic-nri-statsd, mongodb-kubernetes-operator, shfmt, kserve-rest-proxy, confluent-common-docker, vexctl, checksec, kube-vip, terraform-provider-time, sftpgo-plugin-pubsub, nats,...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: grafana-operator, nemo, docker-credential-ecr-login, karma-fips, memcached-exporter-fips, karpenter-fips, kube-logging-operator-custom-runner-fips, knative-eventing-fips, custom-pod-autoscaler-operator, dagdotdev, octo-sts, cluster-autoscaler-fips,...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: grafana-operator, nemo, docker-credential-ecr-login, karma-fips, memcached-exporter-fips, karpenter-fips, kube-logging-operator-custom-runner-fips, knative-eventing-fips, custom-pod-autoscaler-operator, dagdotdev, octo-sts, cluster-autoscaler-fips,...

CVE-2025-54799 vulnerabilities

Vulnerabilities for packages: traefik, sftpgo, terraform-provider-acme...

GHSA-Q82R-2J7M-9RV4 vulnerabilities

Vulnerabilities for packages: traefik, sftpgo, terraform-provider-acme...

CVE-2025-54799 vulnerabilities

Vulnerabilities for packages: traefik-fips, traefik, terraform-provider-acme-fips, terraform-provider-acme, sftpgo...

GHSA-Q82R-2J7M-9RV4 vulnerabilities

Vulnerabilities for packages: traefik-fips, traefik, terraform-provider-acme-fips, terraform-provider-acme, sftpgo...

GHSA-VRW8-FXC6-2R93 vulnerabilities

Vulnerabilities for packages: gitness, kyverno-policy-reporter-ui, caddy, rclone, step, karma, telegraf, buf, gogatekeeper, sftpgo, step-issuer, tkn, dapr, step-ca, cloudflared...

GHSA-VRW8-FXC6-2R93 vulnerabilities

Vulnerabilities for packages: gitness, fleet-server-fips, step-issuer, telegraf, dapr, rclone, karma, step-ca, tkn-fips, caddy-fips, fleet-server, caddy, step-fips, kyverno-policy-reporter-ui, cloudflared, kyverno-policy-reporter-ui-fips, step-issuer-fips, step-ca-fips, dapr-fips, buf,...

CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

CVE-2024-52801

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

CVE-2024-37897

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is enable...

CVE-2022-39220

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting XSS vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist...

CVE-2025-30204 vulnerabilities

Vulnerabilities for packages: spire-server, terragrunt, secrets-store-csi-driver-provider-azure, step-kms-plugin, cert-manager, buildkitd, cosign, falcosidekick, policy-controller, aws-eks-pod-identity-agent, thanos, sops, rancher, gomplate, loki, timestamp-authority, zot, harbor-registry, mc,...

SUSE CVE-2025-24366

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

Improper Input Validation

github.com/drakkan/sftpgo is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of the client-provided rsync command, allowing an authenticated remote user to read or write files with the permissions of the SFTPGo server process...

CVE-2025-24366

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...