Filtered by vendor Gogs
Subscriptions
Filtered by product Gogs
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56731 | 1 Gogs | 1 Gogs | 2025-06-26 | 10 Critical |
| Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3. | ||||
| CVE-2025-47943 | 1 Gogs | 1 Gogs | 2025-06-26 | 6.3 Medium |
| Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3. | ||||
| CVE-2022-32174 | 1 Gogs | 1 Gogs | 2025-05-27 | 9 Critical |
| In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | ||||
| CVE-2022-31038 | 1 Gogs | 1 Gogs | 2025-04-23 | 5.4 Medium |
| Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. | ||||
| CVE-2024-39930 | 1 Gogs | 1 Gogs | 2025-04-11 | 9.9 Critical |
| The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected. | ||||
| CVE-2024-54148 | 1 Gogs | 1 Gogs | 2025-04-10 | 9.8 Critical |
| Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | ||||
| CVE-2024-55947 | 1 Gogs | 1 Gogs | 2025-04-10 | 8.8 High |
| Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | ||||
| CVE-2024-39933 | 1 Gogs | 1 Gogs | 2025-04-10 | 7.7 High |
| Gogs through 0.13.0 allows argument injection during the tagging of a new release. | ||||
| CVE-2024-39932 | 1 Gogs | 1 Gogs | 2025-04-10 | 9.9 Critical |
| Gogs through 0.13.0 allows argument injection during the previewing of changes. | ||||
| CVE-2024-39931 | 1 Gogs | 1 Gogs | 2025-04-10 | 9.9 Critical |
| Gogs through 0.13.0 allows deletion of internal files. | ||||
| CVE-2022-2024 | 1 Gogs | 1 Gogs | 2025-03-11 | 9.8 Critical |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | ||||
| CVE-2024-44625 | 1 Gogs | 1 Gogs | 2024-11-21 | 8.8 High |
| Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. | ||||
| CVE-2022-1993 | 1 Gogs | 1 Gogs | 2024-11-21 | 8.1 High |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-11-21 | 9.1 Critical |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-1986 | 1 Gogs | 1 Gogs | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-1464 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.4 Medium |
| Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . | ||||
| CVE-2022-1285 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | ||||
| CVE-2022-0871 | 1 Gogs | 1 Gogs | 2024-11-21 | 9.1 Critical |
| Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | ||||
| CVE-2022-0870 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | ||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2024-11-21 | 8.8 High |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | ||||