Is github.com/drakkan/sftpgo safe to use?

github.com/drakkan/sftpgo has 6 known vulnerabilities on the latest version (v1.2.2). DepScope rates its health at 37/100 (critical risk).

What is the latest version of github.com/drakkan/sftpgo?

The latest version of github.com/drakkan/sftpgo is v1.2.2, released 2020-11-18.

Does github.com/drakkan/sftpgo have known vulnerabilities?

Yes. github.com/drakkan/sftpgo has 6 known vulnerabilities. See depscope.dev/pkg/go/github.com/drakkan/sftpgo for details.

Is github.com/drakkan/sftpgo deprecated?

No, github.com/drakkan/sftpgo is actively maintained. Latest release: v1.2.2 (2020-11-18).

What are alternatives to github.com/drakkan/sftpgo?

DepScope has no curated alternatives for github.com/drakkan/sftpgo at this time.

What license does github.com/drakkan/sftpgo use?

github.com/drakkan/sftpgo is licensed under GPL-3.0.

github.com/drakkan/sftpgo

govv1.2.2

Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob

License GPL-3.0strong copyleft6 versions75 maintainers0 deps11,967 weekly dl

drakkan/sftpgo

/ 100

Health

update required

github.com/drakkan/[email protected] has vulnerabilities — update to latest

Update to >= 2.7.1 to fix known vulnerabilities

Low health score (37/100)
1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

16/25

security

6/15

maturity

5/15

community

Vulnerabilities

1 high2 medium3 low

Advisories (6)

Severity	ID	Summary	Fixed in
medium	CVE-2022-39220	SFTPGo WebClient vulnerable to Cross-site Scripting	2.3.5
high	CVE-2025-24366	SFTPGo has insufficient sanitization of user provided rsync command	2.6.5
medium	CVE-2026-30914	SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy	2.7.1
unknown	CVE-2022-39220	SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo	2.3.5
unknown	CVE-2025-24366	SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo	2.6.5
unknown	CVE-2026-30914	SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo	2.7.1

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/drakkan/sftpgo

Last updated · 2020-11-18T18:24:19Z