| CVE-2021-28378 |
high |
— |
8.0 |
5y ago |
Cross-site Scripting in Gitea in code.gitea.io/gitea |
|
| CVE-2021-3382 |
medium |
— |
5.5 |
2y ago |
Buffer Overflow in gitea in code.gitea.io/gitea |
|
| CVE-2026-20904 |
unknown |
— |
— |
4mo ago |
Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea |
|
| CVE-2026-20912 |
unknown |
— |
— |
4mo ago |
Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea |
|
| CVE-2026-20800 |
unknown |
— |
— |
4mo ago |
Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea |
|
| CVE-2026-20750 |
unknown |
— |
— |
4mo ago |
Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea |
|
| CVE-2026-20736 |
unknown |
— |
— |
4mo ago |
Gitea has improper access control for uploaded attachments in code.gitea.io/gitea |
|
| CVE-2026-20897 |
unknown |
— |
— |
4mo ago |
Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea |
|
| CVE-2026-20888 |
unknown |
— |
— |
4mo ago |
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea |
|
| CVE-2026-20883 |
unknown |
— |
— |
4mo ago |
Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea |
|
| CVE-2026-0798 |
unknown |
— |
— |
4mo ago |
Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea |
|
| CVE-2025-69413 |
unknown |
— |
— |
5mo ago |
Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea |
|
| CVE-2025-68944 |
unknown |
— |
— |
5mo ago |
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea |
|
| CVE-2025-68943 |
unknown |
— |
— |
5mo ago |
Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea |
|
| CVE-2025-68946 |
unknown |
— |
— |
5mo ago |
Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea |
|
| CVE-2025-68945 |
unknown |
— |
— |
5mo ago |
Gitea: anonymous user can visit private user's project in code.gitea.io/gitea |
|
| CVE-2025-68942 |
unknown |
— |
— |
5mo ago |
Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea |
|
| CVE-2025-68938 |
unknown |
— |
— |
5mo ago |
Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea |
|
| CVE-2025-68941 |
unknown |
— |
— |
5mo ago |
Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea |
|
| CVE-2025-68940 |
unknown |
— |
— |
5mo ago |
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea |
|
| CVE-2025-68939 |
unknown |
— |
— |
5mo ago |
Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea |
|
| CVE-2024-6886 |
unknown |
— |
— |
2y ago |
Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea |
|
| CVE-2020-14144 |
unknown |
— |
— |
2y ago |
Arbitrary Code Execution in Gitea |
|
| CVE-2022-38795 |
unknown |
— |
— |
3y ago |
Gitea erroneous repo clones in code.gitea.io/gitea |
|
| CVE-2023-3515 |
unknown |
— |
— |
3y ago |
code.gitea.io/gitea Open Redirect vulnerability |
|
| CVE-2022-42968 |
unknown |
— |
— |
4y ago |
Gitea vulnerable to Argument Injection in code.gitea.io/gitea |
|
| CVE-2022-38183 |
unknown |
— |
— |
4y ago |
Gitea allowed assignment of private issues in code.gitea.io/gitea |
|
| CVE-2022-1928 |
unknown |
— |
— |
4y ago |
Stored Cross-site Scripting in gitea in code.gitea.io/gitea |
|
| CVE-2019-1010261 |
unknown |
— |
— |
4y ago |
Gitea XSS Vulnerability in code.gitea.io/gitea |
|
| CVE-2019-1010314 |
unknown |
— |
— |
4y ago |
Gitea XSS Vulnerability in Repository Description |
|
| CVE-2019-11576 |
unknown |
— |
— |
4y ago |
Gitea Allows 1FA Even for 2FA-Enrolled Accounts |
|
| CVE-2022-30781 |
unknown |
— |
— |
4y ago |
Shell command injection in gitea in code.gitea.io/gitea |
|
| CVE-2018-15192 |
unknown |
— |
— |
4y ago |
Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea |
|
| CVE-2019-1000002 |
unknown |
— |
— |
4y ago |
Gitea Arbitrary File Delete Vulnerability |
|
| CVE-2022-27313 |
unknown |
— |
— |
4y ago |
Arbitrary file deletion in gitea in code.gitea.io/gitea |
|
| CVE-2022-1058 |
unknown |
— |
— |
4y ago |
Gitea Open Redirect in code.gitea.io/gitea |
|
| CVE-2021-29134 |
unknown |
— |
— |
4y ago |
Path Traversal in Gitea in code.gitea.io/gitea |
|
| CVE-2022-0905 |
unknown |
— |
— |
4y ago |
Gitea Missing Authorization vulnerability in code.gitea.io/gitea |
|
| CVE-2018-18926 |
unknown |
— |
— |
4y ago |
Gitea Remote Code Execution (RCE) in code.gitea.io/gitea |
|
| CVE-2020-13246 |
unknown |
— |
— |
4y ago |
Denial of Service in Gitea in code.gitea.io/gitea |
|
| CVE-2021-45331 |
unknown |
— |
— |
4y ago |
Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea |
|
| CVE-2021-45330 |
unknown |
— |
— |
4y ago |
Improper Privilege Management in Gitea in code.gitea.io/gitea |
|
| CVE-2021-45327 |
unknown |
— |
— |
4y ago |
Capture-replay in Gitea in code.gitea.io/gitea |
|