{"package":"github.com/drakkan/sftpgo","ecosystem":"go","latest_version":"v1.2.2","description":"Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob","license":"GPL-3.0","license_risk":"strong_copyleft","commercial_use_notes":"GPL-3.0: derivative works must release source under GPL; includes explicit patent grant.","homepage":"https://pkg.go.dev/github.com/drakkan/sftpgo","repository":"https://github.com/drakkan/sftpgo","downloads_weekly":11967,"health":{"score":37,"risk":"critical","breakdown":{"maintenance":0,"popularity":10,"security":16,"maturity":6,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":0,"high":1,"medium":2,"low":3,"details":[{"vuln_id":"CVE-2022-39220","severity":"medium","summary":"SFTPGo WebClient vulnerable to Cross-site Scripting","affected_versions":"<2.3.5","fixed_version":"2.3.5","source":"osv","published_at":"2022-09-20T21:22:55Z","in_kev":false,"epss_prob":0.00176,"epss_percentile":0.38746,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-24366","severity":"high","summary":"SFTPGo has insufficient sanitization of user provided rsync command","affected_versions":">=0.9.5,<2.6.5|<=1.2.2","fixed_version":"2.6.5","source":"osv","published_at":"2025-02-07T20:31:22Z","in_kev":false,"epss_prob":0.01312,"epss_percentile":0.79904,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-30914","severity":"medium","summary":"SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy","affected_versions":"<2.7.1|<=1.2.2","fixed_version":"2.7.1","source":"osv","published_at":"2026-03-13T18:55:52Z","in_kev":false,"epss_prob":0.00023,"epss_percentile":0.06248,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-39220","severity":"unknown","summary":"SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo","affected_versions":"<2.3.5","fixed_version":"2.3.5","source":"osv","published_at":"2024-08-21T16:03:24Z","in_kev":false,"epss_prob":0.00176,"epss_percentile":0.38746,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-24366","severity":"unknown","summary":"SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo","affected_versions":"<2.6.5","fixed_version":"2.6.5","source":"osv","published_at":"2025-02-07T22:47:45Z","in_kev":false,"epss_prob":0.01312,"epss_percentile":0.79904,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-30914","severity":"unknown","summary":"SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo","affected_versions":"<2.7.1","fixed_version":"2.7.1","source":"osv","published_at":"2026-03-16T20:27:27Z","in_kev":false,"epss_prob":0.00023,"epss_percentile":0.06248,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.2.2","total_count":6,"recent":["v1.0.0","v1.1.1","v1.2.1","v1.2.0","v1.2.2","v1.1.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":75,"first_published":null,"last_published":"2020-11-18T18:24:19Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (37/100)","1 high severity vulnerabilities"],"use_version":"v1.2.2","version_hint":"Update to >= 2.7.1 to fix known vulnerabilities","summary":"github.com/drakkan/sftpgo@v1.2.2 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":2017,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":6,"first_release_age_days":2124,"last_release_days_ago":1989,"avg_days_between_releases":425,"release_velocity":"stale"}}