| CVE-2018-20303 |
high |
— |
8.0 |
4y ago |
Gogs Directory Traversal |
|
| CVE-2014-8682 |
high |
— |
7.5 |
12y ago |
SQL Injection in Gogs in gogs.io/gogs |
|
| CVE-2014-8681 |
high |
— |
7.5 |
12y ago |
SQL Injection in github.com/gogits/gogs |
|
| CVE-2014-8683 |
medium |
— |
4.3 |
12y ago |
Cross-site Scripting in Gogs in gogs.io/gogs |
|
| CVE-2025-8110 |
unknown |
— |
1.5 |
6mo ago |
Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution. |
|
| CVE-2026-26276 |
unknown |
— |
— |
3mo ago |
Gogs: DOM-based XSS via milestone selection in gogs.io/gogs |
|
| CVE-2026-26196 |
unknown |
— |
— |
3mo ago |
Gogs: Access tokens get exposed through URL params in API requests in gogs.io/gogs |
|
| CVE-2026-26195 |
unknown |
— |
— |
3mo ago |
Gogs: Stored XSS in branch and wiki views through author and committer names in gogs.io/gogs |
|
| CVE-2026-26194 |
unknown |
— |
— |
3mo ago |
Gogs: Release tag option injection in release deletion in gogs.io/gogs |
|
| CVE-2026-26022 |
unknown |
— |
— |
3mo ago |
Gogs: Stored XSS via data URI in issue comments in gogs.io/gogs |
|
| CVE-2026-25921 |
unknown |
— |
— |
3mo ago |
Gogs: Cross-repository LFS object overwrite via missing content hash verification in gogs.io/gogs |
|
| CVE-2026-25242 |
unknown |
— |
— |
3mo ago |
Unauthenticated File Upload in Gogs in gogs.io/gogs |
|
| CVE-2026-25232 |
unknown |
— |
— |
3mo ago |
Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs |
|
| CVE-2026-25229 |
unknown |
— |
— |
3mo ago |
Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs |
|
| CVE-2026-25120 |
unknown |
— |
— |
3mo ago |
Gogs Allows Cross-Repository Comment Deletion via DeleteComment in gogs.io/gogs |
|
| CVE-2025-65852 |
unknown |
— |
— |
4mo ago |
Gogs has authorization bypass in repository deletion API in gogs.io/gogs |
|
| CVE-2026-24135 |
unknown |
— |
— |
4mo ago |
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs |
|
| CVE-2026-23633 |
unknown |
— |
— |
4mo ago |
Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs |
|
| CVE-2026-23632 |
unknown |
— |
— |
4mo ago |
Gogs user can update repository content with read-only permission in gogs.io/gogs |
|
| CVE-2026-22592 |
unknown |
— |
— |
4mo ago |
Gogs has a Denial of Service issue in gogs.io/gogs |
|
| CVE-2025-64175 |
unknown |
— |
— |
4mo ago |
Gogs Vulnerable to 2FA Bypass via Recovery Code in gogs.io/gogs |
|
| CVE-2025-64111 |
unknown |
— |
— |
4mo ago |
Gogs's update .git/config file allows remote command execution in gogs.io/gogs |
|
| CVE-2025-47943 |
unknown |
— |
— |
11mo ago |
Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs |
|
| CVE-2024-56731 |
unknown |
— |
— |
11mo ago |
Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs |
|
| CVE-2024-39932 |
unknown |
— |
— |
1y ago |
Gogs allows argument injection during the previewing of changes in github.com/gogs/gogs |
|
| CVE-2024-55947 |
unknown |
— |
— |
1y ago |
Path Traversal in file update API in gogs in gogs.io/gogs |
|
| CVE-2024-54148 |
unknown |
— |
— |
1y ago |
Remote Command Execution in file editing in gogs in gogs.io/gogs |
|
| CVE-2024-44625 |
unknown |
— |
— |
2y ago |
Unpatched Remote Code Execution in Gogs in gogs.io/gogs |
|
| CVE-2024-39933 |
unknown |
— |
— |
2y ago |
Gogs allows argument injection during the tagging of a new release in github.com/gogs/gogs |
|
| CVE-2024-39930 |
unknown |
— |
— |
2y ago |
github.com/gogs/gogs affected by CVE-2024-39930 |
|
| CVE-2024-39931 |
unknown |
— |
— |
2y ago |
Gogs allows deletion of internal files in github.com/gogs/gogs |
|
| CVE-2022-2024 |
unknown |
— |
— |
3y ago |
Gogs OS Command Injection vulnerability in gogs.io/gogs |
|
| CVE-2022-32174 |
unknown |
— |
— |
4y ago |
Gogs vulnerable to Cross-site Scripting in gogs.io/gogs |
|
| CVE-2022-1993 |
unknown |
— |
— |
4y ago |
Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs |
|
| CVE-2022-1986 |
unknown |
— |
— |
4y ago |
OS Command Injection in file editor in Gogs in gogs.io/gogs |
|
| CVE-2022-31038 |
unknown |
— |
— |
4y ago |
Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs |
|
| CVE-2022-1992 |
unknown |
— |
— |
4y ago |
Path Traversal in file editor on Windows in Gogs in gogs.io/gogs |
|
| CVE-2022-1285 |
unknown |
— |
— |
4y ago |
Server-Side Request Forgery in gogs webhook in gogs.io/gogs |
|
| CVE-2021-32546 |
unknown |
— |
— |
4y ago |
OS Command Injection in gogs in gogs.io/gogs |
|
| CVE-2022-1884 |
unknown |
— |
— |
4y ago |
OS Command Injection in gogs in gogs.io/gogs |
|
| CVE-2022-1464 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Gogs in gogs.io/gogs |
|
| CVE-2018-15192 |
unknown |
— |
— |
4y ago |
Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea |
|
| CVE-2018-17031 |
unknown |
— |
— |
4y ago |
Gogs XSS Vulnerability in gogs.io/gogs |
|
| CVE-2022-0415 |
unknown |
— |
— |
4y ago |
Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs |
|
| CVE-2022-0871 |
unknown |
— |
— |
4y ago |
Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs |
|
| CVE-2022-0870 |
unknown |
— |
— |
4y ago |
SSRF in repository migration in gogs.io/gogs |
|
| CVE-2018-15178 |
unknown |
— |
— |
5y ago |
Open Redirect in gogs.io/gogs |
|
| CVE-2020-14958 |
unknown |
— |
— |
5y ago |
Insecure Permissions in Gogs in gogs.io/gogs |
|
| CVE-2019-14544 |
unknown |
— |
— |
5y ago |
Insecure Permissions in Gogs in gogs.io/gogs |
|