Go Vulnerability Database

Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.

Search

Recent Reports

GO-2026-4699

  • CVE-2026-30914, GHSA-x8qh-7475-c5mp
  • Affects: github.com/drakkan/sftpgo, github.com/drakkan/sftpgo/v2
  • Published: Mar 16, 2026

SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo

GO-2026-4698

  • CVE-2026-30955, GHSA-qwc6-vc2v-2ggj
  • Affects: github.com/forceu/gokapi
  • Published: Mar 16, 2026

Gokapi vulnerable to DoS in E2E Metadata Parser in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/forceu/gokapi before v2.2.4.

GO-2026-4697

  • CVE-2026-30915, GHSA-m83q-5wr4-4gfp
  • Affects: github.com/drakkan/sftpgo, github.com/drakkan/sftpgo/v2
  • Published: Mar 16, 2026

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo

GO-2026-4696

  • CVE-2026-30943, GHSA-j6jp-78w8-34x6
  • Affects: github.com/forceu/gokapi
  • Published: Mar 16, 2026

Gokapi vulnerable to Privilege Escalation in File Replace in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/forceu/gokapi before v2.2.4.

GO-2026-4695

  • CVE-2026-30961, GHSA-45vh-rpc8-hxpp
  • Affects: github.com/forceu/gokapi
  • Published: Mar 16, 2026

Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/forceu/gokapi before v2.2.4.

View all reports

If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.