Filtered by vendor Gogs
Subscribe
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8110 | 1 Gogs | 1 Gogs | 2026-01-13 | N/A | 8.8 HIGH |
| Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. | |||||
| CVE-2024-56731 | 1 Gogs | 1 Gogs | 2025-08-21 | N/A | 10.0 CRITICAL |
| Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3. | |||||
| CVE-2022-32174 | 1 Gogs | 1 Gogs | 2025-05-27 | N/A | 9.0 CRITICAL |
| In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | |||||
| CVE-2024-39930 | 1 Gogs | 1 Gogs | 2025-04-11 | N/A | 9.9 CRITICAL |
| The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected. | |||||
| CVE-2024-54148 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 9.8 CRITICAL |
| Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | |||||
| CVE-2024-55947 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 8.8 HIGH |
| Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | |||||
| CVE-2024-39933 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 7.7 HIGH |
| Gogs through 0.13.0 allows argument injection during the tagging of a new release. | |||||
| CVE-2024-39932 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 9.9 CRITICAL |
| Gogs through 0.13.0 allows argument injection during the previewing of changes. | |||||
| CVE-2024-39931 | 1 Gogs | 1 Gogs | 2025-04-10 | N/A | 9.9 CRITICAL |
| Gogs through 0.13.0 allows deletion of internal files. | |||||
| CVE-2024-44625 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A | 8.8 HIGH |
| Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. | |||||
| CVE-2022-31038 | 1 Gogs | 1 Gogs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. | |||||
| CVE-2022-2024 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A | 9.8 CRITICAL |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | |||||
| CVE-2022-1993 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2022-1986 | 1 Gogs | 1 Gogs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2022-1464 | 1 Gogs | 1 Gogs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . | |||||
| CVE-2022-1285 | 1 Gogs | 1 Gogs | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | |||||
| CVE-2022-0871 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0870 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | |||||