Every CVE whose affected-product data names Sftpgo Project Sftpgo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-36071 — CVSS 8.3 (high): SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP…
CVE-2026-30914 — CVSS 8.1 (high): SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between…
CVE-2022-39220 — CVSS 6.1 (medium): SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2026-30915 — CVSS 4.3 (medium): SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the…