Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Only the current release of the software is actively supported. Contact us if you need early security patches and enterprise-grade security.

Reporting a Vulnerability

To report (possible) security issues in SFTPGo, please either send a mail to the SFTPGo Team or use Github's private reporting feature.

Insufficient access control for password reset
GHSA-hw5f-6wvv-xcrh published Jun 20, 2024 by drakkan

Moderate
XSS Vulnerabilities in WebClient
GHSA-cf7g-cm7q-rq7f published Sep 17, 2022 by drakkan

Moderate
Recovery codes abuse
GHSA-54qx-8p8w-xhg8 published Sep 1, 2022 by drakkan

Moderate

Learn more about advisories related to drakkan/sftpgo in the GitHub Advisory Database