goshs security advisories
3 threat alerts tracking vulnerabilities and security advisories that affect goshs products.
Vulnios monitors goshs CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent goshs security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-40903 — goshs — goshs
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the
criticalCVE-2026-40903Critical Vulnerability: CVE-2026-40884 — goshs — goshs
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started wi
criticalCVE-2026-40884Critical Vulnerability: CVE-2026-40189 — goshs — goshs
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforc
criticalCVE-2026-40189
Track goshs exposure across your environment
Vulnios automatically cross-references your asset inventory against new goshs CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan